High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Sensitive data protection vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1349)

Jun 22, 2017 10:00 am EDT | Medium Severity

IBM Sterling B2B Integrator Standard Edition stores potentially sensitive information from HTTP sessions that could be read by a local user. CVE(s): CVE-2017-1349 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004209X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126525 ...read more


IBM Security Bulletin: Multiple vulnerabilities in glibc affect Power Hardware Management Console

Jun 22, 2017 10:00 am EDT | Medium Severity

glibc is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE. CVE(s): CVE-2015-8778, CVE-2015-8779, CVE-2014-9761, CVE-2015-8776 Affected product(s) and affected version(s): Power HMC V8.8.3.0 Power HMC V8.8.4.0 Power HMC V8.8.5.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1022033X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111086X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111087X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111085X-Force Database: ...read more


IBM Security Bulletin: JavaScript vulnerability affects IBM Sterling B2B Integrator (CVE-2008-7220)

Jun 22, 2017 10:00 am EDT | Medium Severity

 An unspecified error in the Prototype JavaScript framework (prototype.js), as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certain versions of Asterisk. CVE(s): CVE-2008-7220 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 ...read more


IBM Security Bulletin: Multiple Information disclosure vulnerabilities affect IBM Sterling B2B Integrator (CVE-2017-1302, CVE-2017-1193)

Jun 22, 2017 10:00 am EDT | Medium Severity

IBM Sterling B2B Integrator Standard Edition could allow a local user to view sensitive information due to improper access controls CVE(s): CVE-2017-1302, CVE-2017-1193 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004202X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125456X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123667 ...read more


IBM Security Bulletin: Session management vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1152)

Jun 22, 2017 10:00 am EDT | Medium Severity

IBM Sterling Global Integration On-Demand Environment does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. CVE(s): CVE-2017-1152 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Multiple vulnerabilities in EBICS client in IBM Sterling B2B Integrator (CVE-2017-1132, CVE-2017-1347, CVE-2017-1348)

Jun 22, 2017 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs. CVE(s): CVE-2017-1132, CVE-2017-1347, CVE-2017-1348 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004199X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121418X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator (CVE-2017-3730, CVE-2017-3732, CVE-2016-7055, CVE-2016-8610)

Jun 22, 2017 10:00 am EDT | High Severity

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs. CVE(s): CVE-2017-3730, CVE-2017-3732, CVE-2016-7055, CVE-2016-8610 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004195X-Force Database: ...read more


IBM Security Bulletin: HTTP verb tampering vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1131)

Jun 22, 2017 10:00 am EDT | Medium Severity

IBM Sterling B2B Integrator Standard Edition could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. CVE(s): CVE-2017-1131 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004270X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121375 ...read more


IBM Security Bulletin: Web page caching vulnerability affects IBM Sterling B2B Integrator (CVE-2016-5893)

Jun 22, 2017 10:00 am EDT | Medium Severity

IBM Sterling B2B Integrator Standard Edition allows web pages to be stored locally which can be read by another user on the system. CVE(s): CVE-2016-5893 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004272X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115336 ...read more