Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: IBM TRIRIGA Application Privilege Escalation (CVE-2017-1153)

Mar 23, 2017 10:00 am EDT | High Severity

The IBM TRIRIGA Application is vulnerable to privilege escalation vulnerability. CVE(s): CVE-2017-1153 Affected product(s) and affected version(s): The following IBM TRIRIGA Platform versions are affected. · IBM TRIRIGA Application Platform 3.5.0 – 3.5.2. · IBM TRIRIGA Application Platform 3.4.0 – 3.4.2.5. · IBM TRIRIGA Application Platform 3.3.0 – 3.3.2.5. Refer to the following reference URLs ...read more


IBM Security Bulletin: Vulnerability in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology

Mar 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.6 and 1.7 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance

Mar 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM MQ and the IBM MQ Appliance. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Please ensure that you read the remediation/fixes section carefully before applying fixes. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2017-3261, CVE-2016-2183 Affected ...read more


IBM Security Bulletin: IBM TRIRIGA Application Platform Cross-Site Scripting (XSS) (CVE-2016-9737)

Mar 23, 2017 10:00 am EDT | Medium Severity

The IBM TRIRIGA Application is vulnerable to a Cross-Site Scripting attack. CVE(s): CVE-2016-9737 Affected product(s) and affected version(s): The following IBM TRIRIGA Platform versions are affected. · IBM TRIRIGA Application Platform 3.5.2. · IBM TRIRIGA Application Platform 3.4.0 through 3.4.2.5 · IBM TRIRIGA Application Platform 3.3.0 through 3.3.2.5 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)

Mar 23, 2017 10:00 am EDT | High Severity

Security vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. CVE(s): CVE-2016-2834, CVE-2016-5285, CVE-2016-8635 Affected product(s) and affected version(s): The following versions are affected: IBM MQ Appliance 8.0 Maintenance levels between 8.0.0.0 and 8.0.0.5 IBM MQ Appliance 9.0.x Continuous Delivery (CD) release Continuous delivery update ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager Unix (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306)

Mar 23, 2017 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL used by Tivoli Storage FlashCopy Manager (IBM Spectrum Protect Snapshot) Unix has addressed the applicable CVEs. CVE(s): CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306 Affected product(s) and affected version(s): The following IBM Tivoli Storage FlashCopy Manager (IBM Spectrum Protect ...read more


IBM Security Bulletin: IBM Jazz for Service Management (Jazz SM) is affected by a code execution vulnerability in IBM Tivoli Common Reporting (TCR) (CVE-2016-5983)

Mar 23, 2017 10:00 am EDT | High Severity

A code execution vulnerability has been discovered in IBM Cognos Business Intelligence installed by IBM Tivoli Common Reporting (TCR). TCR is included in IBM Jazz for Service Management (JazzSM). IBM has addressed the applicable CVE. CVE(s): CVE-2016-5983 Affected product(s) and affected version(s): Tivoli Common Reporting 3.1 Tivoli Common Reporting 3.1.0.1 Tivoli Common Reporting 3.1.0.2 Tivoli ...read more


IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-6056)

Mar 22, 2017 10:00 am EDT | High Severity

Vulnerability CVE-2017-6056 in the Apache Tomcat component affects the product’s management GUI. The Command Line Interface is unaffected. CVE(s): CVE-2017-6056 Affected product(s) and affected version(s): IBM SAN Volume Controller IBM Storwize V7000 IBM Storwize V5000 IBM Storwize V3700 IBM Storwize V3500 IBM FlashSystem V9000 All products are affected when running supported releases 7.1 to 7.6. ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for HP NonStop (CVE-2016-7055, CVE-2017-3732)

Mar 22, 2017 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on November 10, 2016 and January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. CVE(s): CVE-2016-7055, CVE-2017-3732 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for HP NonStop 3.6.0.0 IBM Sterling Connect:Direct ...read more