IBM Security Bulletin:Vulnerabilities in OpenSSL affect IBM SONAS

Medium Severity

OpenSSL is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs. CVE(s): CVE-2016-6304, CVE-2016-6303, CVE-2016-2178, CVE-2016-6306, CVE-2016-2183 Affected product(s) and affected version(s): IBM SONAS The product is affected when running a code releases 1.5.0.0 to 1.5.2.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1009648X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117110X-Force Database: ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Rational ClearCase (CVE-2016-2177, CVE-2016-2178, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306)

High Severity

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. CVE(s): CVE-2016-2177, CVE-2016-2178, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306 Affected product(s) and affected version(s): IBM Rational ClearCase versions: Version Status 9.0 through 9.0.0.2 Affected 8.0.1 through 8.0.1.12 ...read more


IBM Security Bulletin: Tivoli Storage Manager (IBM Spectrum Protect) AIX Client Buffer Overflow (CVE-2016-5985)

High Severity

The Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled allowing a local attacker to execute arbitrary code on the system or cause a system crash. CVE(s): CVE-2016-5985 Affected product(s) and affected version(s): The following levels of IBM Tivoli Storage Manager (IBM Spectrum Protect) Client ...read more


IBM Security Bulletin: A vulnerability in IBM Websphere affects IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5983)

High Severity

There is a potential security vulnerability in IBM WebSphere Application Server, that is used by IBM Tivoli Netcool Configuration Manager (ITNCM). This involves the use of the custom authentication that sets the cookies: WASPostParam and WASReqURL, when the LtpaToken2 session cookie is invalid. The data contained in these cookies is used when the user will ...read more


IBM Security Bulletin: Multiple security vulnerabilities affect the Report Builder and Data Collection Component that are shipped with Jazz Reporting Service (CVE-2016-5898, CVE-2016-5899, CVE-2016-6054, CVE-2016-6047)

Medium Severity

There are multiple security vulnerabilities in the Report Builder and Data Collection Component (DCC) shipped with Jazz Reporting Service. CVE(s): CVE-2016-5898, CVE-2016-5899, CVE-2016-6054, CVE-2016-6047 Affected product(s) and affected version(s): Jazz Reporting Service 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, and 6.0.2. Note: CVE-2016-6047 only affects 6.0.2. Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Multiple security vulnerabilities affect the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2016-5897, CVE-2016-6039)

Medium Severity

There are multiple security vulnerabilities in the Lifecycle Query Engine (LQE) shipped with Jazz Reporting Service. CVE(s): CVE-2016-5897, CVE-2016-6039 Affected product(s) and affected version(s): Jazz Reporting Service 6.0, 6.0.1, and 6.0.2. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21991153X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115340X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117065 ...read more


IBM Security Bulletin:Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2119)

Medium Severity

IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerabilities. CVE(s): CVE-2016-2119 Affected product(s) and affected version(s): IBM Storwize V7000 Unified The product is affected when running code releases 1.5.0.0 to 1.6.1.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1009567X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114797 ...read more


IBM Security Bulletin:Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-3092)

Medium Severity

Apache Tomcat Commons FileUpload Vulnerability CVE(s): CVE-2016-3092 Affected product(s) and affected version(s): IBM Storwize V7000 Unified The product is affected when running code releases 1.5.0.0 to 1.5.2.4 and 1.6.0.0 to 1.6.1.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1009566X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114336 ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware

High Severity

IBM Security Virtual Server Protection for VMware is affected by multiple vulnerabilities found in OpenSSL, OpenVPN and GNU glibc. OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Virtual Server Protection for VMware. IBM Security Virtual Server Protection for VMware has addressed the applicable ...read more