High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection Manager component of IBM Security SiteProtector System

Jun 28, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Security Network Protection Manager component of IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in Apr 2017. CVE(s): CVE-2017-3539, CVE-2017-1289 Affected product(s) and affected version(s): The component “IBM Security Network Protection Manager v1.0.0” ...read more


IBM Security Bulletin: IBM Informix Dynamic Server is affected by a buffer overflow in Informix function FORMAT_UNITS

Jun 28, 2017 10:00 am EDT | Medium Severity

IBM Informix Dynamic Server has addressed the following vulnerability. CVE(s): CVE-2017-1310 Affected product(s) and affected version(s): Affected IBM Informix Dynamic Server Affected Versions Informix Dynamic Server 12.10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22004930X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125569 ...read more


IBM Security Bulletin: Multiple NTP vulnerabilities affect the Network Protection Manager component of the IBM Security SiteProtector System (CVE-2016-7433, CVE-2016-7429)

Jun 28, 2017 10:00 am EDT | Low Severity

There are multiple vulnerabilities in NTP service used by IBM Security Network Protection Manager component of IBM Security SiteProtection System. CVE(s): CVE-2016-7433, CVE-2016-7429 Affected product(s) and affected version(s): The component “IBM Security Network Protection Manager v1.0.0” of IBM Security SiteProtector System v3.1.1. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Jun 28, 2017 10:00 am EDT | High Severity

There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products . These issues were disclosed as part of the IBM Java SDK updates in February 2017. The applicable CVEs are CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547 and CVE-2016-2183. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, ...read more


IBM Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.2 in IBM FileNet Content Manager, and IBM Content Foundation

Jun 28, 2017 10:00 am EDT | High Severity

Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.2 in IBM FileNet Content Manager, and IBM Content Foundation. Oracle OIT issues disclosed in the Oracle January 2017 Critical Patch Update. CVE(s): CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295 Affected product(s) and affected version(s): FileNet Content Manager 5.2.1 IBM Content ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System

Jun 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2017. IBM PureApplication System has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with IBM PureApplication System. CVE(s): CVE-2017-3511, ...read more


IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation

Jun 27, 2017 10:00 am EDT | Low Severity

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation. Java SE issues disclosed in the Oracle April 2017 Critical Patch Update. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Vulnerability in OpenSSL affects IBM PureApplication System (CVE-2017-3731)

Jun 27, 2017 10:00 am EDT | Medium Severity

A potential denial of service vulnerability was reported by the OpenSSL project. IBM PureApplication System addressed the applicable CVE. CVE(s): CVE-2017-3731 Affected product(s) and affected version(s): IBM PureApplication System V2.2 IBM PureApplication System V2.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22005135X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121312 ...read more


IBM Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement

Jun 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Optim Data Growth, Test Data Management and Application Retirement. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): IBM InfoSphere Optim solutions and editions versions ...read more