High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Cross-site request forgery in Liberty for Java for IBM Bluemix (CVE-2017-1194)

Apr 30, 2017 10:00 am EDT | Medium Severity

There is a potential cross-site request forgery in WebSphere Application Server OAuth service provider. CVE(s): CVE-2017-1194 Affected product(s) and affected version(s): This vulnerability affects all versions of Liberty for Java in IBM Bluemix up to and including v3.8. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22002811X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123669 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect WebSphere DataPower XC10 Appliance

Apr 29, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in Network Time Protocol (NTP) implementation that is used by WebSphere DataPower XC10 Appliance. These vulnerabilities addressed include the ability to crash application and disable ntp service. CVE(s): CVE-2016-7426, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311, CVE-2016-7429 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance Version 2.1 WebSphere DataPower XC10 Appliance Version 2.5 Refer ...read more


IBM Security Bulletin: IBM Maximo Asset Management could allow a remote attacker to include arbitrary files (CVE-2016-9976)

Apr 29, 2017 10:00 am EDT | Medium Severity

IBM Maximo Asset Management could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. CVE(s): CVE-2016-9976 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance (CVE-2016-5597)

Apr 29, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 used by affect WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5597 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance Version 2.1 WebSphere DataPower XC10 Appliance Version 2.5 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.

Apr 29, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. CVE(s): CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542, CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183 Affected product(s) and affected version(s): Releases 6.1, 7.1, 7.2 and 7.3 of IBM i are affected. ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy

Apr 29, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5597, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183, CVE-2016-5542 Affected product(s) and affected version(s): IBM Sterling Secure Proxy 3.4.3 through ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server

Apr 29, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5597, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183, CVE-2016-5542 Affected product(s) and affected version(s): IBM Sterling External Authentication Server ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale (CVE-2016-5597)

Apr 29, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 used by WebSphere Extreme Scale. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5597 Affected product(s) and affected version(s): WebSphere Extreme Scale: 7.1.0.3 WebSphere Extreme Scale: 7.1.1.1 WebSphere Extreme Scale: 8.5.0.3 WebSphere Extreme ...read more


IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect (Tivoli Storage Manager) Operations Center and IBM Spectrum Protect (Tivoli Storage Manager) Client Management Service

Apr 29, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Service. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. CVE(s): CVE-2016-5597, CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, ...read more