High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i

Dec 12, 2017 10:00 am EST | High Severity

Samba is supported on IBM i. IBM i has addressed the applicable CVEs. CVE(s): CVE-2017-15275, CVE-2017-15087, CVE-2017-15086, CVE-2017-15085, CVE-2017-14746 Affected product(s) and affected version(s): Releases 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1022397X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135221X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134666X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134665X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134664X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2017 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud.

Dec 12, 2017 10:00 am EST | High Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in October 2017. CVE(s): CVE-2017-10388, CVE-2017-10356 Affected product(s) and affected version(s): IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 ...read more


IBM Security Bulletin: IBM Maximo Asset Management could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2017-1558)

Dec 12, 2017 10:00 am EST | High Severity

IBM Maximo Asset Management could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. ...read more


IBM Security Bulletin: May 2016 OpenSSL Vulnerabilities affect Multiple N series Products

Dec 12, 2017 10:00 am EST | High Severity

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by Multiple N series products. Multiple N series products has addressed the applicable CVEs. CVE(s): CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-2108 Affected product(s) and affected version(s): Data ONTAP operating in 7-Mode: 8.2.1, 8.2.2, 8.2.3, 8.2.4; SnapDrive for Unix: 5.2, 5.2.2, ...read more


IBM Security Bulletin: March 2016 OpenSSL Vulnerabilities affect Multiple N series Products

Dec 12, 2017 10:00 am EST | High Severity

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by Multiple N series. Multiple N series has addressed the applicable CVEs. CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-2842 Affected product(s) and affected version(s): Data ONTAP operating in 7-Mode: 8.2.1, 8.2.2, 8.2.3, 8.2.4; SnapDrive for Unix: 5.2, 5.2.2, ...read more


IBM Security Bulletin: CVE-2016-0800 SSLv2 Vulnerability in Multiple N series Products

Dec 12, 2017 10:00 am EST | High Severity

Multiple N series products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.2h and 1.0.1t are susceptible to vulnerabilities that could lead to out-of-bound writes, heap corruption, man-in-the-middle attacks, memory exhaustion, or arbitrary information disclosure. Multiple N series Products have addressed the applicable CVE. CVE(s): CVE-2016-0800 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio.

Dec 11, 2017 10:00 am EST | Medium Severity

Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in October 2017. These issues are also addressed by WebSphere Application Server Network Deployment shipped with WebSphere Service Registry ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Dec 9, 2017 12:27 pm EST | High Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in October 2017. CVE(s): CVE-2017-10345, CVE-2017-10295, CVE-2017-10281, CVE-2017-10350, CVE-2017-10347, CVE-2017-10349, CVE-2017-10348, CVE-2017-10357, CVE-2017-10355, CVE-2017-10356, CVE-2017-10309, CVE-2017-10388, CVE-2017-10285, CVE-2017-10346, CVE-2016-10165 Affected product(s) and affected ...read more


IBM Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products

Dec 9, 2017 12:27 pm EST | Medium Severity

DB2 is shipped with IBM Performance Management products. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. CVE(s): CVE-2017-1520, CVE-2017-1519, CVE-2017-1434, CVE-2017-1452, CVE-2017-1438, CVE-2017-1451, CVE-2017-1439, CVE-2017-1520, CVE-2017-1434, CVE-2017-1452, CVE-2017-1438, CVE-2017-1451, CVE-2017-1439, CVE-2017-1519, CVE-2017-1439 Affected product(s) and affected version(s): IBM Cloud Application Performance Management, Base Private 8.1.4 IBM Cloud Application ...read more