IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager.

Written by IBM PSIRT | December 6, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that affect IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVE(s): CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Affected product(s) and affected version(s): Product Affected Version IBM Fabric Manager 4.1 Refer to ...read more


IBM Security Bulletin: Lotus Protector for Mail Security Affected By Open Source Linux Kernel Vulnerabilities (CVE-2016-5195)

Written by IBM PSIRT | December 6, 2016 | High Severity

 Elevated privileges vulnerabilities reported in Opne Source Linux Kernel CVE(s): CVE-2016-5195 Affected product(s) and affected version(s): Lotus Protector for Mail Security v2.8.0.1 – 2.8.0.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21994535X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118170 ...read more


IBM Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607)

Written by IBM PSIRT | December 6, 2016 | High Severity

A buffer overflow vulnerability affects IBM DataPower Gateways. IBM DataPower Gateways has addressed the applicable CVE CVE(s): CVE-2014-4607 Affected product(s) and affected version(s): IBM DataPower Gateway Docker virtual appliances version 7.5.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21993006X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/94014 ...read more


IBM Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to various CVEs.

Written by IBM PSIRT | December 6, 2016 | Medium Severity

Vulnerabilities affecting Apache Poi as used in IBM QRadar SIEM CVE(s): CVE-2012-0213, CVE-2014-3529, CVE-2014-3574, CVE-2014-9527, CVE-2016-5000 Affected product(s) and affected version(s): · IBM QRadar 7.2.n · IBM QRadar 7.1.n Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21994719X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/75558X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/95770X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/95768X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/99799X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115530 ...read more


IBM Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics

Written by IBM PSIRT | December 6, 2016 | High Severity

Expat vulnerabilities were disclosed August and September 2016. Expat is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. CVE(s): CVE-2012-6702, CVE-2016-5300, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2016-4472, CVE-2016-0718 Affected product(s) and affected version(s): IBM Netezza Analytics 3.2.2 and earlier Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)

Written by IBM PSIRT | December 6, 2016 | High Severity

Vulnerabilities affecting web servers that run code in a CGI or CGI-like context CVE(s): CVE-2016-5387, CVE-2016-5388, CVE-2016-5385 Affected product(s) and affected version(s): · IBM QRadar SIEM 7.2.n · IBM QRadar Incident Forensics 7.2.n · IBM QRadar SIEM 7.1.n Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21994725X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115090X-Force Database: ...read more


IBM Security Bulletin: Open Source Apache Xerces-C XML parser vulnerabilities affect IBM Integration Bus and WebSphere Message Broker (CVE-2016-4463, CVE-2016-0729)

Written by IBM PSIRT | December 6, 2016 | High Severity

IBM Integration Bus and WebSphere Message Broker are affected by Open Source Apache Xerces-C XML parser vulnerabilities. CVE(s): CVE-2016-0729, CVE-2016-4463 Affected product(s) and affected version(s): IBM Integration Bus V10 WebSphere Message Broker V8 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21985691X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111028X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114596 ...read more


IBM Security Bulletin: Vulnerability in libxml2 affects IBM Streams (CVE-2016-3705)

Written by IBM PSIRT | December 6, 2016 | Medium Severity

There is a vulnerability in libxml2 that is used by IBM Streams. IBM Streams has addressed this vulnerability. CVE(s): CVE-2016-3705 Affected product(s) and affected version(s): IBM Streams Version 4.1.1.1 and earlier IBM InfoSphere Streams Version 4.0.1.2 and earlier IBM InfoSphere Streams Version 3.2.1.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere Streams ...read more


IBM Security Bulletin: Multiple Vulnerabilities in NTP and OpenSSL affect IBM Netezza Firmware Diagnostics Tools

Written by IBM PSIRT | December 6, 2016 | High Severity

NTP and OpenSSL is used by IBM Netezza Firmware Diagnostics Tools. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. IBM Netezza Firmware Diagnostics Tools has addressed the applicable CVEs. CVE(s): CVE-2015-8138, CVE-2016-2108, CVE-2016-2177, CVE-2016-2178 Affected product(s) and affected version(s): IBM Netezza Firmware Diagnostics Tools 4.3.1.2 and earlier Refer to the following ...read more


IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server (CVE-2016-3092)

Written by IBM PSIRT | December 5, 2016 | Medium Severity

An Apache Commons FileUpload vulnerability while processing file upload requests was addressed by IBM InfoSphere Information Server. CVE(s): CVE-2016-3092 Affected product(s) and affected version(s): The following product, running on all supported platforms, is affected: IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3, and 11.5 IBM InfoSphere Metadata Asset Manager: versions 8.7, 9.1, 11.3, and ...read more