High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: IBM PowerVC is affected by vulnerability in OpenStack Nova (CVE-2017-7214)

May 29, 2017 10:00 am EDT | High Severity

OpenStack Nova could allow an attacker to obtain sensitive information from logs. CVE(s): CVE-2017-7214 Affected product(s) and affected version(s): IBM PowerVC Standard Edition 1.3.0 through 1.3.0.2 IBM PowerVC Standard Edition 1.3.1 through 1.3.1.2 IBM PowerVC Standard Edition 1.3.2 through 1.3.2.1 IBM Cloud PowerVC Manager 1.3.1 through 1.3.0.2 IBM Cloud PowerVC Manager 1.3.2 through 1.3.0.1 Refer ...read more


IBM Security Bulletin: A security vulnerability has been identified in Red Hat® Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM) (CVE-2017-6462 CVE-2017-6463 CVE-2017-6464)

May 29, 2017 10:00 am EDT | Medium Severity

RHEL Server is shipped as a component of PPIM. This bulletin addresses these vulnerabilities. CVE(s): CVE-2017-6462, CVE-2017-6463, CVE-2017-6464 Affected product(s) and affected version(s): Principal Product and Version(s) PurePower Integrated Manager Appliance 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4 PurePower Integrated Manager Service Appliance 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4 PurePower Integrated Manager ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 – January 2017

May 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 6, 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183 Affected product(s) and affected version(s): All versions of microcode for ...read more


IBM Security Bulletin: Vulnerabilities in libxml2 and zlib affect IBM Virtual Fabric 10Gb Switch Module

May 27, 2017 10:00 am EDT | High Severity

IBM Virtual Fabric 10Gb Switch Module has addressed the following vulnerabilities in libxml2 and zlib. Vulnerability Details: CVE(s): CVE-2016-4658, CVE-2016-9318, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): Product Affected Version IBM Virtual Fabric 10Gb Switch Module 7.8 Remediation/Fixes: Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/. Product Fix Version IBM Virtual Fabric ...read more


IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

May 27, 2017 10:00 am EDT | Medium Severity

IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the applicable CVEs in NTP. Vulnerability Details CVE(s): CVE-2016-7429, CVE-2016-7431, CVE-2016-7433 Affected product(s) and affected version(s): Product Affected Version IBM Flex System FC3171 ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

May 27, 2017 10:00 am EDT | High Severity

IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVE(s): CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308 Affected product(s) ...read more


IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-5648, CVE-2017-5647)

May 26, 2017 10:00 am EDT | Medium Severity

Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager CVE(s): CVE-2017-5648, CVE-2017-5647 Affected product(s) and affected version(s): TADDM 7.2.2.0 – 7.2.2.5 TADDM 7.3.0.0 (TADDM 7.3.0.1-3 – not affected – using WebSphere Liberty Profile) Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

May 26, 2017 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. CVE(s): CVE-2017-3731, CVE-2017-3732, CVE-2016-7055 Affected product(s) and affected version(s): The following products, running on all supported platforms, are affected: IBM InfoSphere Information Server: versions 9.1, 11.3 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates January 2017

May 26, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR9-FP60 used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2017 CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183 Affected product(s) and ...read more