Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System

Mar 30, 2017 12:34 pm EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Security Network Protection Manager component of IBM Security SiteProtection System. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017 and Jan 2017. CVE(s): CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): The ...read more


IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Mar 30, 2017 12:33 pm EDT | Medium Severity

This bulletin addresses two security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.5.0. The fixes are for cross-site scripting vulnerabilities. CVE(s): CVE-2016-3015, CVE-2016-3031 Affected product(s) and affected version(s): IBM Cognos Analytics Version 11.0.0.0 to 11.0.4.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21998887X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114278X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114515 ...read more


IBM Security Bulletin: IBM TRIRIGA Document Manager Privilege Escalation (CVE-2017-1180)

Mar 30, 2017 10:00 am EDT | Medium Severity

IBM TRIRIGA Document Manager is vulnerable to a privilege escalation attack. CVE(s): CVE-2017-1180 Affected product(s) and affected version(s): The following IBM TRIRIGA Platform versions are affected. · IBM TRIRIGA Application Platform 3.5.0 – 3.5.2.0. · IBM TRIRIGA Application Platform 3.4.0 – 3.4.2.5. · IBM TRIRIGA Application Platform 3.3.0 – 3.3.2.5. Refer to the following reference ...read more


IBM Security Bulletin: Security vulnerabilities have been identified in data server connection and product integration shipped with InfoSphere Optim Query Workload Tuner [for LUW, z/OS] (CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)

Mar 30, 2017 10:00 am EDT | High Severity

Data server connection and product integration are shipped as a component of InfoSphere Optim Query Workload Tuner [for LUW, z/OS]. Information about security vulnerabilities affecting data server connection and product integration have been published in a security bulletin. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): IBM InfoSphere Optim Query Workload Tuner ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition

Mar 30, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2016-5552, CVE-2016-2183 Affected product(s) and affected version(s): Content Manager Enterprise Edition v8.5.0 – v8.5.0.6 Content Manager Enterprise Edition v8.4.3 Refer ...read more


IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM WebSphere MQ and IBM MQ Appliance (CVE-2016-5597)

Mar 30, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM WebSphere MQ and the IBM MQ Appliance. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5597 Affected product(s) and affected version(s): IBM MQ 9.0.x Continuous Delivery Release (CDR) Continuous delivery update ...read more


IBM Security Bulletin: IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management vulnerable to cross-site request forgery (CSRF)

Mar 30, 2017 10:00 am EDT | Medium Severity

The “notice confirmation” functionality in IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite, is impacted by a vulnerability that allows cross-site request forgery. Both products have addressed this vulnerability. CVE(s): CVE-2016-6100 Affected product(s) and affected version(s): IBM Disposal and Governance Management for ...read more


IBM Security Bulletin: IBM Algo One – Algo Risk Application (ARA) could allow retrieval of restricted files

Mar 29, 2017 5:46 pm EDT | Medium Severity

IBM Algo One – Algo Risk Application could allow a user to gain access to files in the local environment which should not be viewed by application users. CVE(s): CVE-2017-1154 Affected product(s) and affected version(s): 5.1, 5.0, 4.9.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21999892X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/122368 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale packaged the Elastic Storage Server and the GPFS Storage Server

Mar 29, 2017 5:46 pm EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by the Elastic Storage Server and the GPFS Storage Server. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-2183 Affected product(s) and affected version(s): The Elastic Storage Server 5.0 The Elastic ...read more