High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Storage — Meltdown/Spectre

Jan 15, 2018 9:13 pm EST

Three security vulnerabilities that allow unauthorized users to bypass the hardware barrier between applications and kernel memory have been made public. These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks. The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data ...read more


Potential CPU Security Issue

Jan 15, 2018 8:52 pm EST | High Severity

On Wednesday, January 3, researchers announced a security vulnerability impacting microprocessors.  IBM is working with our clients and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It’s important to note there are no known cases where this vulnerability has been used maliciously. Patches will be ...read more


Potential Impact on Processors in the POWER family

Jan 15, 2018 8:48 pm EST

Three security vulnerabilities that allow unauthorized users to bypass the hardware barrier between applications and kernel memory have been made public. These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks. The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data ...read more


IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196)

Jan 15, 2018 2:28 pm EST | High Severity

IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. CVE(s): CVE-2017-10196, CVE-2017-10141 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0.5 Rational DOORS Next Generation 6.0.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012619X-Force Database: ...read more


IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE

Jan 15, 2018 12:29 pm EST | Medium Severity

IBM Rational Developer for System z has added support for TLS v1.2 with MS-CAPI in the Host Connection Emulator CVE(s): CVE-2017-1796 Affected product(s) and affected version(s): Rational Developer for System z Version 9.0.1.6, 9.1.1.5, 9.5.1.5 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22011808 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137381 ...read more


IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE

Jan 15, 2018 12:26 pm EST | Medium Severity

IBM Developer for z Systems has added support for TLS v1.2 with MS-CAPI in the Host Connection Emulator CVE(s): CVE-2017-1796 Affected product(s) and affected version(s): IBM Developer for z Systems Version 14.0.0.4, 14.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22011816X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137381 ...read more


IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510)

Jan 15, 2018 12:26 pm EST | High Severity

IBM i2 COPLINK is affected by a BeanShell vulnerability. IBM has addressed this vulnerability. BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or XStream, an attacker could exploit this vulnerability deserialize data and execute arbitrary code on the system. CVE(s): ...read more


IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)

Jan 15, 2018 12:19 pm EST | Medium Severity

IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user’s submitted applications from the system and possibly obtain privileges. CVE(s): CVE-2018-1362 Affected product(s) and affected version(s): IBM Cúram Social Program Management 7.0.0.0 – 7.0.1.1 IBM Cúram Social Program Management 6.2.0.0 ...read more


IBM Security Bulletin: Vulnerabilities in WebSphere eXtreme Scale Version 8.6.0.8 Libraries Affect IBM B2B Advanced Communications (CVE-2015-4936)

Jan 15, 2018 10:00 am EST | Medium Severity

IBM B2B Advanced Communications uses objectgrid-8.6.0.8-20151124_1642.jar from Websphere eXtreme Scale where vulnerabilities have been identified. CVE(s): CVE-2015-4936 Affected product(s) and affected version(s): IBM Multi-Enterprise Integration Gateway 1.0 – 1.0.0.1 IBM B2B Advanced Communications 1.0.0.2 – 1.0.0.5_3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012332X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/104410 ...read more