High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]


IBM Product Security Incident Response

Acknowledgement



Oct 20, 2017 12:30 pm EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2017 Adeel Imtiaz (LinkedIn) Alberto Garcia Illera (SalesForce) Angelis Pseftis (Cyber Innovations Center, Jacobs) Bosko Stankovic (DefenseCode) Christopher Haney (LinkedIn) Dominique Righetto (Excellium) Eddie ...read more


IBM Security Bulletin: A vulnerability in Spice affects PowerKVM

Oct 20, 2017 10:49 am EDT | Medium Severity

PowerKVM is affected by a vulnerability in Spice. IBM has now addressed this vulnerability. CVE(s): CVE-2017-7506 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025754X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129056 ...read more


IBM Security Bulletin: Vulnerabilities in tcpdump affect PowerKVM

Oct 20, 2017 10:49 am EDT | High Severity

PowerKVM is affected by vulnerabilities in tcpdump. IBM has now addressed these vulnerabilities. CVE(s): CVE-2016-7986, CVE-2016-7985, CVE-2016-7984, CVE-2016-7983, CVE-2016-7975, CVE-2016-7974, CVE-2016-7973, CVE-2016-7940, CVE-2016-7939, CVE-2016-7938, CVE-2016-7937, CVE-2016-7936, CVE-2016-7935, CVE-2016-7934, CVE-2016-7933, CVE-2016-7932, CVE-2016-7931, CVE-2016-7930, CVE-2016-7929, CVE-2016-7928, CVE-2016-7927, CVE-2016-7926, CVE-2016-7925, CVE-2016-7924, CVE-2016-7923, CVE-2016-7922, CVE-2015-2155, CVE-2015-2154, CVE-2015-2153, CVE-2015-0261 Affected product(s) and affected version(s): PowerKVM 2.1 and 3.1 Refer to ...read more


IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Planning Analytics Express and IBM Cognos Express.

Oct 20, 2017 10:49 am EDT | High Severity

There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Planning Analytics Express and IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM ...read more


IBM Security Bulletin: A vulnerability in libsoup affects PowerKVM

Oct 20, 2017 10:02 am EDT | High Severity

PowerKVM is affected by a vulnerability in libsoup. IBM has now addressed this vulnerability. CVE(s): CVE-2017-2885 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025834X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/130196 ...read more


IBM Security Bulletin: Vulnerabilities in Apache HTTPD affect PowerKVM

Oct 20, 2017 10:02 am EDT | Medium Severity

PowerKVM is affected by vulnerabilities in Apache HTTPD. IBM has now addressed these vulnerabilities. CVE(s): CVE-2017-9788, CVE-2017-7679, CVE-2017-7668, CVE-2017-3169, CVE-2017-3167 Affected product(s) and affected version(s): PowerKVM 2.1 and 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025773X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128482X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127420X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127419X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127417X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127416 ...read more


IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2017-1583, CVE-2011-4343)

Oct 20, 2017 10:02 am EDT | Medium Severity

There is a potential infomation disclosure vulnerability that affects the Java Server Faces (JSF) component used by WebSphere Application Server. There is a potential infomation disclosure vulnerability that affects the MyFaces component used by JSF in WebSphere Application Server. CVE(s): CVE-2017-1583, CVE-2011-4343 Affected product(s) and affected version(s): This vulnerability affects all versions of Liberty for ...read more


IBM Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM

Oct 20, 2017 10:02 am EDT | High Severity

PowerKVM is affected by vulnerabilities in MariaDB. IBM has now addressed these vulnerabilities. CVE(s): CVE-2017-3600, CVE-2017-3464, CVE-2017-3456, CVE-2017-3453, CVE-2017-3318, CVE-2017-3317, CVE-2017-3313, CVE-2017-3312, CVE-2017-3309, CVE-2017-3308, CVE-2017-3302, CVE-2017-3291, CVE-2017-3265, CVE-2017-3258, CVE-2017-3244, CVE-2017-3243, CVE-2017-3238, CVE-2016-6664, CVE-2016-5617 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025771X-Force Database: ...read more


IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Oct 20, 2017 10:01 am EDT | High Severity

PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. CVE(s): CVE-2017-11600, CVE-2017-1000364, CVE-2017-7895, CVE-2017-7645, CVE-2017-7308, CVE-2017-6214, CVE-2017-5986, CVE-2017-2636, CVE-2017-2618, CVE-2017-2583, CVE-2016-10208, CVE-2016-9793, CVE-2016-8650, CVE-2016-8646, CVE-2016-7910 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=isg3T1025779X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129316X-Force Database: ...read more