High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Composite Application Manager for Transactions(CVE-2017-3241, CVE-2017-3253, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183)

Apr 24, 2017 10:28 am EDT | High Severity

There are multiple vulnerabilities in IBM Java Runtime, Version 6.0, 7.0 and 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2017-3241, CVE-2017-3253, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183 Affected product(s) and affected version(s): IBM Tivoli ...read more


IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Apr 24, 2017 10:00 am EDT | High Severity

There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796) could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop, or bypass a configured SecurityManager, CVE(s): CVE-2016-6816, CVE-2016-6817, CVE-2016-6796 Affected product(s) and ...read more


IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

Apr 24, 2017 10:00 am EDT | High Severity

There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities (CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796) could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop, or bypass a configured SecurityManager CVE(s): CVE-2016-6816, CVE-2016-6817, CVE-2016-6796 Affected product(s) and affected version(s): Affected ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM Security Identity Governance and Intelligence

Apr 24, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version1.7 that is used by Identity Governance and Intelligence. CVE(s): CVE-2016-5597 Affected product(s) and affected version(s): IBM Security Identity Governance and Intelligence 5.2.1 Virtual Appliance Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21998330X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)

Apr 21, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by InfoSphere Optim Performance Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): InfoSphere Optim Performance Manager 5.3.1 and earlier Refer to the following ...read more


IBM Security Bulletin: Plugin Uploads in IBM UrbanCode Deploy Vulnerable to XML Injection (CVE-2016-9007)

Apr 20, 2017 4:59 pm EDT | High Severity

Specially crafted malicious plugin uploads to UrbanCode Deploy can reveal sensitive data and consume system resources. CVE(s): CVE-2017-1149 Affected product(s) and affected version(s): All fixpacks of IBM UrbanCode Deploy 6.1 – 6.1.3.5 and IBM UrbanCode Deploy 6.2 – 6.2.3.1 are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg2C1000289X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM® Java Runtime affect IBM BigFix Remote Control.

Apr 20, 2017 4:58 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 3 Fixpack 10 and IBM® Runtime Environment Java™ Version 8 Service Refresh 3 Fixpack 10 used by IBM BigFix Remote Control. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-5556, CVE-2016-5597 and CVE-2016-5542)

Apr 20, 2017 4:58 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0, 7.0 and 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5556, CVE-2016-5597, CVE-2016-5542 Affected product(s) and affected version(s): IBM Tivoli Composite Application Manager ...read more


IBM Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)

Apr 20, 2017 4:58 pm EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.7 used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. CVE(s): CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): IBM Security SiteProtector System 3.0 and 3.1.1 Refer ...read more