High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows

Jan 16, 2018 10:53 am EST | Medium Severity

Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows have addressed the following vulnerabilities in libxml2. CVE(s): CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-8872 Affected product(s) and affected version(s): The following products used with Intel Xeon Phi PCI-Express cards (Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A, and Intel Xeon Phi ...read more


IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin

Jan 16, 2018 10:00 am EST | High Severity

There are multiple vulnerabilities related to IBM® Runtime Environment Java™ Technology Edition which is used and shipped by different versions of IBM Rational License Key Server Administration and Reporting Tool Admin (ART). CVE(s): CVE-2017-10281, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349 Affected product(s) and affected version(s): These vulnerabilities impact the following components and their releases: RLKS ...read more


IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257)

Jan 16, 2018 10:00 am EST | Medium Severity

Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. CVE(s): CVE-2017-1000257 Affected product(s) and affected version(s): IBM PureApplication System V2.1.0.0 IBM PureApplication System V2.1.0.1 IBM PureApplication System V2.1.0.2 IBM PureApplication System V2.1.0.0 IBM PureApplication System V2.1.1.0 IBM PureApplication System V2.1.2.0 IBM PureApplication System V2.1.2.1 IBM PureApplication System V2.1.2.2 IBM PureApplication System V2.1.2.3 IBM PureApplication System ...read more


IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities

Jan 16, 2018 10:00 am EST | High Severity

IBM Kenexa LCMS Premier on Cloud has addressed a vulnerability that could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. CVE(s): ...read more


IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability

Jan 16, 2018 10:00 am EST | High Severity

IBM FileNet Content Manager, IBM Content Foundation and IBM Case Foundation has addressed the following security vulnerability. Ability to execute remote attacker’s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of Apache Commons FileUpload library. The affected “Apache Commons FileUpload” has been upgraded to the fixed version v1.3.3. For more ...read more


IBM Storage — Meltdown/Spectre

Jan 15, 2018 9:13 pm EST

Three security vulnerabilities that allow unauthorized users to bypass the hardware barrier between applications and kernel memory have been made public. These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks. The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data ...read more


Potential CPU Security Issue

Jan 15, 2018 8:52 pm EST | High Severity

On Wednesday, January 3, researchers announced a security vulnerability impacting microprocessors.  IBM is working with our clients and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It’s important to note there are no known cases where this vulnerability has been used maliciously. Patches will be ...read more


Potential Impact on Processors in the POWER family

Jan 15, 2018 8:48 pm EST

Three security vulnerabilities that allow unauthorized users to bypass the hardware barrier between applications and kernel memory have been made public. These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks. The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data ...read more


IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196)

Jan 15, 2018 2:28 pm EST | High Severity

IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. CVE(s): CVE-2017-10196, CVE-2017-10141 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0.5 Rational DOORS Next Generation 6.0.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012619X-Force Database: ...read more