High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Dec 9, 2017 12:27 pm EST | High Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in October 2017. CVE(s): CVE-2017-10345, CVE-2017-10295, CVE-2017-10281, CVE-2017-10350, CVE-2017-10347, CVE-2017-10349, CVE-2017-10348, CVE-2017-10357, CVE-2017-10355, CVE-2017-10356, CVE-2017-10309, CVE-2017-10388, CVE-2017-10285, CVE-2017-10346, CVE-2016-10165 Affected product(s) and affected ...read more


IBM Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products

Dec 9, 2017 12:27 pm EST | Medium Severity

DB2 is shipped with IBM Performance Management products. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. CVE(s): CVE-2017-1520, CVE-2017-1519, CVE-2017-1434, CVE-2017-1452, CVE-2017-1438, CVE-2017-1451, CVE-2017-1439, CVE-2017-1520, CVE-2017-1434, CVE-2017-1452, CVE-2017-1438, CVE-2017-1451, CVE-2017-1439, CVE-2017-1519, CVE-2017-1439 Affected product(s) and affected version(s): IBM Cloud Application Performance Management, Base Private 8.1.4 IBM Cloud Application ...read more


IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1421)

Dec 9, 2017 12:27 pm EST | Medium Severity

IBM iNotes has a cross-site scripting vulnerability CVE-2017-1421. CVE(s): CVE-2017-1421 Affected product(s) and affected version(s): IBM iNotes versions 9.0 and 9.0.1 prior to 9.0.1 Feature Pack 9 IBM iNotes versions 8.5, 8.5.1, 8.5.2 and 8.5.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22005234X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127411 ...read more


IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime Affect IBM Web Experience Factory

Dec 8, 2017 10:01 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Version 6 used by IBM Web Experience Factory. These issues were disclosed as part of the IBM Java SDK updates in October 2017. CVE(s): CVE-2017-10388, CVE-2017-10356, CVE-2017-10355, CVE-2017-10357, CVE-2017-10348, CVE-2017-10349, CVE-2017-10347, CVE-2017-10350, CVE-2017-10281, CVE-2017-10295, CVE-2017-10345 Affected product(s) and ...read more


IBM Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM)

Dec 8, 2017 10:00 am EST | High Severity

Multiple vulnerabilities have been identified in openssh that is embedded in the FSM. This bulletin addresses these vulnerabilities. CVE(s): CVE-2016-10011, CVE-2016-10009, CVE-2016-6515, CVE-2016-6210 Affected product(s) and affected version(s): Flex System Manager 1.3.4.1 Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.1 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.2 Flex System Manager 1.3.2.1 Flex System Manager ...read more


IBM Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server

Dec 8, 2017 10:00 am EST | High Severity

A vulnerability in Apache Solr was addressed by IBM InfoSphere Information Server. CVE(s): CVE-2017-12629 Affected product(s) and affected version(s): The following product, running on all supported platforms, is affected: IBM InfoSphere Information Server Data Quality Exception Console: version 11.5 IBM InfoSphere Information Analyzer: version 11.5 IBM InfoSphere Information Server on Cloud version 11.5 Refer to ...read more


IBM Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2017-11185)

Dec 8, 2017 10:00 am EST | Medium Severity

A vulnerability has been discovered in strongSwan that is embedded in FSM. This bulletin addresses that issue. CVE(s): CVE-2017-11185 Affected product(s) and affected version(s): Flex System Manager 1.3.4.1 Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.1 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.2 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

Dec 8, 2017 10:00 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in July 2017. This bulletin addresses these vulnerabilities. CVE(s): CVE-2017-10198, CVE-2017-10125, CVE-2017-10067, CVE-2017-10115, CVE-2017-10118, CVE-2017-10176, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10116, CVE-2017-10102, CVE-2017-10087, CVE-2017-10089, CVE-2017-10107, CVE-2017-10110, CVE-2017-10193, ...read more


IBM Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2016-9318)

Dec 8, 2017 10:00 am EST | Medium Severity

A vulnerability has been discovered in libxml2 that is embedded in FSM. This bulletin addresses that issue. CVE(s): CVE-2016-9318 Affected product(s) and affected version(s): Flex System Manager 1.3.4.1 Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.1 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.2 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the ...read more