IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Application Server

Written by IBM PSIRT | July 22, 2016 | High Severity

The following potential security vulnerabilities have been identified in all versions of IBM OpenPages GRC Platform with Application Server. See the CVE(s): CVE-2016-0638, CVE-2016-0675, CVE-2016-0688, CVE-2016-0696, CVE-2016-0700, CVE-2016-3416 Affected product(s) and affected version(s): IBM OpenPages GRC Platform with Application Server 7.0. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21987642X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2016-3426 CVE-2016-3427)

Written by IBM PSIRT | July 22, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3426, CVE-2016-3427 Affected product(s) and affected version(s): The following product, running on all supported platforms, is affected: ...read more


IBM Security Bulletin: Vulnerability in InstallShield affects IBM WebSphere eXtreme Scale .NET client installation (CVE-2016-2542)

Written by IBM PSIRT | July 22, 2016 | High Severity

InstallShield generates installation executables which are vulnerable to an DLL-planting vulnerability during installation of the .NET client CVE(s): CVE-2016-2542 Affected product(s) and affected version(s): WebSphere eXtreme Scale 8.6 .NET client installer Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21985366X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/110914 ...read more


IBM Security Bulletin: OpenSSL security vulnerabilities in IBM N Series Products

Written by IBM PSIRT | July 22, 2016 | High Severity

There are security vulnerabilities related to OpenSSL in IBM N Series products. CVE(s): CVE-2010-5298, CVE-2014-0195 , CVE-2014-0198 , CVE-2014-0221, CVE-2014-0224 , CVE-2014-3470 , CVE-2014-3505 , CVE-2014-3506 , CVE-2014-3507, CVE-2014-3508 , CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 , CVE-2014-5139 Affected product(s) and affected version(s): Clustered Data ONTAP Antivirus Connector: 1.0, 1.0.1, 1.0.3; Data ONTAP SMI-S Agent: 5.1.1, 5.1.2, ...read more


IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 (CVE-2016-0785 CVE-2016-2162)

Written by IBM PSIRT | July 21, 2016 | High Severity

Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by IBM® FlashSystem™ 840 and IBM FlashSystem 900 in its Service Assistant GUI. CVE(s): CVE-2016-0785, CVE-2016-2162 Affected product(s) and affected version(s): FlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1. FlashSystem 900 ...read more


IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V9000 (CVE-2016-0785 CVE-2016-2162)

Written by IBM PSIRT | July 21, 2016 | High Severity

Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by the IBM® FlashSystem™ V9000 in its Service Assistant GUI. CVE(s): CVE-2016-0785, CVE-2016-2162 Affected product(s) and affected version(s): FlashSystem V9000 including machine type and models (MTMs) for all available code levels. MTMs affected include 9846-AE2, 9848-AE2, 9846-AC2, and 9848-AC2 Refer to the ...read more


IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840 (CVE-2016-0785 CVE-2016-2162)

Written by IBM PSIRT | July 21, 2016 | High Severity

Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by the IBM® FlashSystem™ V840 in its Service Assistant GUI. CVE(s): CVE-2016-0785, CVE-2016-2162 Affected product(s) and affected version(s): FlashSystem V840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9846-AE1, 9848-AE1, 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1. Refer ...read more


IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS

Written by IBM PSIRT | July 21, 2016 | High Severity

There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.3 of IBM SONAS CVE(s): CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1973, CVE-2016-1974, CVE-2016-1977, CVE-2016-1978, CVE-2016-1979, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802 Affected product(s) and affected version(s): IBM ...read more


IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2015-7560)

Written by IBM PSIRT | July 21, 2016 | Medium Severity

IBM SONAS is shipped with Samba, for which a fix is available for security vulnerabilities. CVE(s): CVE-2015-7560 Affected product(s) and affected version(s): IBM SONAS The product is affected when running a code releases 1.5.0.0 to 1.5.2.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1005804X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111384 ...read more


IBM Security Bulletin: Multiple vulnerabilities in SSL affect IBM DataPower Gateways

Written by IBM PSIRT | July 21, 2016 | High Severity

SSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. CVE(s): CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2842 Affected product(s) and affected version(s): IBM DataPower Gateways appliances all versions through 7.0.0.13, 7.1.0.10, 7.2.0.6, 7.5.0.1 and 7.5.1.0. Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem model V9000 ( CVE-2016-0705, CVE-2016-0797 )

Written by IBM PSIRT | July 21, 2016 | Low Severity

There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of these vulnerabilities could allow a remote attacker to corrupt memory and/or cause a denial of service. CVE(s): CVE-2016-0705, CVE-2016-0797 Affected product(s) and affected version(s): FlashSystem V9000 including machine type and models (MTMs) for all available code levels. MTMs affected ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 ( CVE-2016-0705, CVE-2016-0797 )

Written by IBM PSIRT | July 21, 2016 | Low Severity

There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to corrupt memory and/or cause a denial of service. CVE(s): CVE-2016-0705, CVE-2016-0797 Affected product(s) and affected version(s): FlashSystem 840 including machine type and models (MTMs) for all available ...read more