High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Functional Tester (CVE-2017-10388, CVE-2017-10356)

Dec 15, 2017 10:00 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Functional Tester. These issues were disclosed as part of the IBM Java SDK updates in October 2017. CVE(s): CVE-2017-10388, CVE-2017-10356 Affected product(s) and affected version(s): All versions of Rational Functional Tester from 8.3.0.0 through 9.1.1 Refer ...read more


IBM Security Bulletin: IBM Integration Bus is affected by a Node.js zlib DOS security Vulnerability(CVE-2017-14919)

Dec 15, 2017 10:00 am EST | High Severity

IBM Integration Bus has addressed the following vulnerability CVE(s): CVE-2017-14919 Affected product(s) and affected version(s): IBM Integration Bus V10.0.0.0 – V10.0.0.10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22011533X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134286 ...read more


IBM Security Bulletin: IBM Integration Bus is affected by Web UI security vulnerability (CVE-2017-1694)

Dec 15, 2017 10:00 am EST | Medium Severity

IBM Integration Bus has addressed the following vulnerability CVE(s): CVE-2017-1694 Affected product(s) and affected version(s): IBM Integration Bus V10.0.0.0 – V10.0.0.9 IBM Integration Bus V9.0.0.0 – V9.0.0.9 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22011695X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134165 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager

Dec 14, 2017 10:00 am EST | Medium Severity

There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 10 and earlier releases and IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 Fix Pack 10 and earlier releases used by IBM Algo Credit Manager. These issues were disclosed as part of the IBM Java SDK ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack

Dec 14, 2017 10:00 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.10 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in October 2017. CVE(s): CVE-2017-10346, CVE-2017-10285, CVE-2017-10388, CVE-2017-10309, CVE-2016-10165, CVE-2017-10356, CVE-2017-10355, CVE-2017-10357, CVE-2017-10348, CVE-2017-10349, CVE-2017-10347, CVE-2017-10350, CVE-2017-10281, CVE-2017-10295, CVE-2017-10345, CVE-2017-10293 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Multiple security vulnerabilities in dnsmasq affect IBM Cloud Manager with OpenStack

Dec 14, 2017 10:00 am EST | High Severity

Multiple security vulenrability have been identified in dnsmasq that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs. CVE(s): CVE-2017-14495, CVE-2017-14494, CVE-2017-14496, CVE-2017-14493, CVE-2017-14492, CVE-2017-14491, CVE-2017-13704 Affected product(s) and affected version(s): IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.8 Interim Fix 1 Refer to the following ...read more


IBM Security Bulletin: Security vulnerability in Open vSwitch affects IBM Cloud Manager with OpenStack (CVE-2016-2074)

Dec 14, 2017 10:00 am EST | High Severity

A security vulenrability has been identified in Open vSwitch that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVE. CVE(s): CVE-2016-2074 Affected product(s) and affected version(s): IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.8 Interim Fix 1 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerabilities CVE-2016-9318, CVE-2017-5969, CVE-2017-7375 and CVE-2017-8872

Dec 14, 2017 10:00 am EST | Medium Severity

A new Libxml2 vulnerability was disclosed by the Libxml2 Project. Libxml2 is used by Rational Systems Tester. Rational Systems Tester has addressed the applicable CVE. CVE(s): CVE-2016-9318, CVE-2017-7375, CVE-2017-5969, CVE-2017-8872 Affected product(s) and affected version(s): Rational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7, 3.3.0.7 Interim Fix 1, 3.3.0.7 Interim Fix 2, 3.3.0.7 ...read more



IBM Product Security Incident Response

Acknowledgement



Dec 13, 2017 10:10 am EST

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2017 Adeel Imtiaz (LinkedIn) Alberto Garcia Illera (SalesForce) Angelis Pseftis (Cyber Innovations Center, Jacobs) Bosko Stankovic (DefenseCode) Christopher Haney (LinkedIn) Dominique Righetto (Excellium) Eddie ...read more