High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: OpenSSL command line utility in IBM Workload Scheduler can run with elevated priviliges (CVE-2017-1716)

Nov 24, 2017 9:00 am EST | Medium Severity

OpenSSL command line utility in IBM Workload Scheduler has SUID permissions and can run with elevated priviliges CVE(s): CVE-2017-1716 Affected product(s) and affected version(s): Tivoli Workload Scheduler Distributed 8.6.0 FP04 and earlier Tivoli Workload Scheduler Distributed 9.1.0 FP02 and earlier Tivoli Workload Scheduler Distributed 9.2.0 FP02 and earlier Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1583, CVE-2011-4343)

Nov 23, 2017 9:01 am EST | Medium Severity

The IBM Emptoris Contract Management ,IBM Emptoris Program Management, IBM Emptoris Sourcing, IBM Emptoris Spend Analysis and IBM Emptoris Services Procurement products are affected by a vulnerability that exists in the IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM WebSphere Application Server updates. CVE(s): CVE-2017-1583, CVE-2011-4343 Affected product(s) ...read more


IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH

Nov 22, 2017 2:32 pm EST | Medium Severity

IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. CVE(s): CVE-2016-10009, CVE-2016-10012 Affected product(s) and affected version(s): IBM Flex System FC5022 16Gb SAN Scalable Switch Version 7.0-8.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099674 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119828 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119831 ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in sudo.

Nov 22, 2017 2:29 pm EST | Medium Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in sudo. CVE(s): CVE-2016-7032, CVE-2016-7076 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099647 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119500 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119502 ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in openssh (CVE-2015-8325)

Nov 22, 2017 2:26 pm EST | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerability in openssh. CVE(s): CVE-2015-8325 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099646 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114628 ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl

Nov 22, 2017 2:23 pm EST | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in curl. CVE(s): CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8621, CVE-2016-8623, CVE-2016-8624 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099663 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116938 X-Force ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in libxml2 (CVE-2016-4658)

Nov 22, 2017 2:10 pm EST | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerability in libxml2. CVE(s): CVE-2016-46588 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099662 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117175 ...read more



IBM Product Security Incident Response

Acknowledgement



Nov 22, 2017 11:00 am EST

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2017 Adeel Imtiaz (LinkedIn) Alberto Garcia Illera (SalesForce) Angelis Pseftis (Cyber Innovations Center, Jacobs) Bosko Stankovic (DefenseCode) Christopher Haney (LinkedIn) Dominique Righetto (Excellium) Eddie ...read more


IBM Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)

Nov 22, 2017 9:01 am EST | High Severity

There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. CVE(s): CVE-2017-9798, CVE-2017-12618 Affected product(s) and affected version(s): These vulnerabilities affect the following versions and releases of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and ...read more