High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerability CVE-2017-1000381 and CVE-2017-11499 in Node.js affects IBM i

Aug 21, 2017 10:00 am EDT | High Severity

Node.js is supported by IBM i. IBM i has addressed the applicable CVE. CVE(s): CVE-2017-1000381, CVE-2017-11499 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=nas8N1022230X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128625X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129465 ...read more


IBM Security Bulletin: January 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products

Aug 21, 2017 10:00 am EDT | High Severity

Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition (Java SE) software libraries. Java SE (JDK and JRE) versions below 6u111, 7u95, and 8u72 and OpenJDK versions below 1.7.0.95 and 1.8.0.71 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover, a partial denial of service (DOS), an unauthorized read, ...read more


IBM Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix

Aug 19, 2017 10:00 am EDT | High Severity

Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege. Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. CVE(s): CVE-2017-0256, CVE-2017-0249, CVE-2017-0247, CVE-2017-1000381, CVE-2017-11499 Affected product(s) and affected version(s): These vulnerabilities affect ASP.NET Core in IBM ...read more


IBM Security Bulletin: No verification of user rights for certain applications on MaaS360 Windows installations. (CVE-2017-1422).

Aug 19, 2017 10:00 am EDT | Medium Severity

EMSAgentCmd.exe executes commands without verifying the source of the request. Additionally, commands are not restricted to operating within the boundaries of the application’s self. CVE(s): CVE-2017-1422 Affected product(s) and affected version(s): Product/Version MaaS360 DTM all versions up to 3.81 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22006985X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127412 ...read more


IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Aug 19, 2017 10:00 am EDT | High Severity

Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3526, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, Not Applicable Affected product(s) and affected version(s): IBM Monitoring 8.1.3 IBM Application Diagnostics 8.1.3 IBM Application Performance Management 8.1.3 IBM Application Performance ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance

Aug 19, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and 7 that affect the WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2016-5548, CVE-2016-5547, CVE-2016-5552 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance Version 2.1 WebSphere DataPower XC10 Appliance Version ...read more


IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct FTP+ (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

Aug 19, 2017 10:00 am EDT | Low Severity

Vulnerabilities were reported in zlib. zlib is used by IBM Sterling Connect:Direct FTP+. IBM Sterling Connect:Direct FTP+ has addressed the applicable CVEs. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): IBM Sterling Connect:Direct FTP+ 1.3.0 IBM Sterling Connect:Direct FTP+ 1.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 affect IBM Flex System Manager(FSM) Storage Manager Install Anywhere (SMIA) configuration tool

Aug 19, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 that is used by IBM Flex System Manager (FSM) Storage Management Install Anywhere (SMIA) configuration tool. These issues were disclosed as part of the Java updates from July 2016, and January 2017. CVE(s): CVE-2016-3508, CVE-2016-3500, CVE-2016-5546, CVE-2017-3253, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183 Affected product(s) and ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Aug 18, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Monitoring. These issues were disclosed as part of the IBM Java SDK updates in April 2017. CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): IBM Tivoli Monitoring version ...read more