High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 – January 2017

May 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 6, 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183 Affected product(s) and affected version(s): All versions of microcode for ...read more


IBM Security Bulletin: Vulnerabilities in libxml2 and zlib affect IBM Virtual Fabric 10Gb Switch Module

May 27, 2017 10:00 am EDT | High Severity

IBM Virtual Fabric 10Gb Switch Module has addressed the following vulnerabilities in libxml2 and zlib. Vulnerability Details: CVE(s): CVE-2016-4658, CVE-2016-9318, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): Product Affected Version IBM Virtual Fabric 10Gb Switch Module 7.8 Remediation/Fixes: Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/. Product Fix Version IBM Virtual Fabric ...read more


IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

May 27, 2017 10:00 am EDT | Medium Severity

IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the applicable CVEs in NTP. Vulnerability Details CVE(s): CVE-2016-7429, CVE-2016-7431, CVE-2016-7433 Affected product(s) and affected version(s): Product Affected Version IBM Flex System FC3171 ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

May 27, 2017 10:00 am EDT | High Severity

IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVE(s): CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308 Affected product(s) ...read more


IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-5648, CVE-2017-5647)

May 26, 2017 10:00 am EDT | Medium Severity

Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager CVE(s): CVE-2017-5648, CVE-2017-5647 Affected product(s) and affected version(s): TADDM 7.2.2.0 – 7.2.2.5 TADDM 7.3.0.0 (TADDM 7.3.0.1-3 – not affected – using WebSphere Liberty Profile) Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

May 26, 2017 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. CVE(s): CVE-2017-3731, CVE-2017-3732, CVE-2016-7055 Affected product(s) and affected version(s): The following products, running on all supported platforms, are affected: IBM InfoSphere Information Server: versions 9.1, 11.3 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates January 2017

May 26, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR9-FP60 used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2017 CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183 Affected product(s) and ...read more


IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware (CVE-2016-5597)

May 26, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5597 Affected product(s) and affected version(s): The following levels of FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware are affected: ...read more


IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect (Tivoli Storage Manager) Windows and Macintosh Client (CVE-2016-5542, CVE-2017-3260, CVE-2016-5552)

May 26, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ packaged with the IBM Spectrum Protect (formerly Tivoli Storage Manager) Windows and Macintosh Client. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. CVE(s): CVE-2016-5542, CVE-2017-3260, CVE-2016-5552 Affected product(s) and affected version(s): The following versions of ...read more