Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a OpenSSL vulnerability (CVE-2017-3731)

Mar 29, 2017 10:01 am EDT | Medium Severity

A security vulnerability has been identified in OpenSSL that is embedded in IBM FSM. This bulletin addresses this issue. CVE(s): CVE-2017-3731 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: IBM TRIRIGA Application Platform Privilege Escalation (CVE-2017-1171)

Mar 29, 2017 10:00 am EDT | Medium Severity

Applications running in the IBM TRIRIGA Application Platform are vulnerable to a privilege escalation attack. CVE(s): CVE-2017-1171 Affected product(s) and affected version(s): The following IBM TRIRIGA Platform versions are affected. · IBM TRIRIGA Application Platform 3.5.0 – 3.5.2.0. · IBM TRIRIGA Application Platform 3.4.0 – 3.4.2.5. · IBM TRIRIGA Application Platform 3.3.0 – 3.3.2.5. Refer ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy

Mar 29, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 and earlier releases that is used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and Jan 2017. CVE(s): CVE-2016-5597, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) ...read more


IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-6115)

Mar 29, 2017 10:00 am EDT | Medium Severity

There is a vulnerability in IBM Spectrum Scale packaged with the Elastic Storage Server and the GPFS Storage Server. CVE(s): CVE-2016-6115 Affected product(s) and affected version(s): The Elastic Storage Server 4.0.0 – 4.0.6 and 4.5.0 – 4.5.1 The Elastic Storage Server 3.0.0 – 3.0.5 and 3.5.0 – 3.5.6 The Elastic Storage Server 2.5.0 – 2.5.5 ...read more


IBM Security Bulletin: Fix available for Vulnerability in XML External Entity Injection (XXE) affecting IBM Cúram Social Program Management (CVE-2016-6111)

Mar 29, 2017 10:00 am EDT | Medium Severity

IBM Cúram Social Program Management is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could use the vulnerability to expose highly sensitive information, or to use all available memory resources. CVE(s): CVE-2016-6111 Affected product(s) and affected version(s): IBM Cúram Social Program ...read more


IBM Security Bulletin: Privilege Escalation vulnerability affects Cognos Analytics (CVE-2016-8960)

Mar 29, 2017 10:00 am EDT | Medium Severity

Cognos Analytics is vulnerable to a privilege escalation attack that could grant a user the Capabilities of another. CVE(s): CVE-2016-8960 Affected product(s) and affected version(s): IBM Cognos Analytics 11.0.0.0 to 11.0.5.0. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21993720X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118849 ...read more


IBM Security Bulletin: IBM Notes Open Source Expat Vulnerabilities disclsoure

Mar 29, 2017 10:00 am EDT | Medium Severity

IBM Notes consumes Expat XML Parser for which the vulnerabilities are reported. Expat XML Parser is used by Keyview 10.22 library which is consumed by IBM Notes. IBM will address this vulnerability by updating fixes provided by HP to the existing Keyview 10.22 library. CVE(s): CVE-2012-6702, CVE-2016-5300 Affected product(s) and affected version(s): IBM Notes 9.0.1 ...read more


IBM Security Bulletin: Open Source Expat XML Parser Vulnerabilities for IBM Notes

Mar 29, 2017 10:00 am EDT | High Severity

IBM Notes consumes Expat XML Parser for which the vulnerabilities are reported. Expat XML Parser is used by Keyview 10.22 library which is consumed by IBM Notes. IBM will address this vulnerability by updating fixes provided by HP to the existing Keyview 10.22 library. CVE(s): CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-1283, CVE-2015-2716, CVE-2016-4472, CVE-2016-0718 Affected product(s) and ...read more


IBM Security Bulletin: Multiple Vulnerabilities in Glibc, GNU C and OpenSSL affect IBM Netezza Firmware Diagnostics

Mar 29, 2017 10:00 am EDT | Medium Severity

Glibc, GNU C and OpenSSL are used by IBM Netezza Firmware Diagnostics. IBM Netezza Firmware Diagnostics Support Tools has addressed the applicable CVEs. CVE(s): CVE-2016-1234, CVE-2016-2179, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6302 Affected product(s) and affected version(s): IBM Netezza Firmware Diagnostics 4.1.0 – 4.3.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more