High Severity
IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)
Jan 18, 2019 9:01 am EST | High Severity
IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2016-1000031 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794179X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 ...read more
IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager
Jan 17, 2019 9:01 am EST | High Severity
Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager. Oracle OIT issues disclosed in the Oracle October 2018 Critical Patch Update. CVE(s): CVE-2018-18224, CVE-2018-3227, CVE-2018-3226, CVE-2018-3218, CVE-2018-3229, CVE-2018-3217, CVE-2018-3228, CVE-2018-3219, CVE-2018-3230, CVE-2018-3232, CVE-2018-3221, CVE-2018-3231, CVE-2018-3220, CVE-2018-3223, CVE-2018-3234, CVE-2018-3233, CVE-2018-3222, CVE-2018-3225, CVE-2018-3302, CVE-2018-3224, CVE-2018-3147, CVE-2018-18223 Affected product(s) and ...read more
IBM Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime
Jan 17, 2019 9:00 am EST | High Severity
There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. CVE(s): CVE-2018-2579, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678, CVE-2018-2602, CVE-2018-2603, CVE-2018-2657, CVE-2018-2637, CVE-2018-2633, ...read more
IBM Security Bulletin: Asset Analyzer (RAA) is affected by an Apache CXF vulnerability
Jan 15, 2019 9:01 am EST | High Severity
Rational Asset Analyzer (RAA) has addressed the following vulnerability. CVE(s): CVE-2018-8039 Affected product(s) and affected version(s): Affected Versions Rational Asset Analyzer 6.1.0.0 – 6.1.0.18 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10744591X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516 ...read more
IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
Jan 15, 2019 9:00 am EST | High Severity
There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server. There is a potential cross-site scripting vulnerability in the Cache Monitor web application in WebSphere Application Server. There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty. Potential cross-site scripting vulnerability in WebSphere ...read more
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Jan 12, 2019 9:00 am EST | High Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in July 2018 and ...read more
IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 )
Jan 11, 2019 9:40 am EST | High Severity
IBM Security Identity Manager (ISIM) has addressed the following vulnerabilities that can allow attackers to compromise user accounts via weak passwords, uploading or transferring dangerous files types, or cross-site scripting. CVE(s): CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 Affected product(s) and affected version(s): Product Version IBM Security Identity Manager 6.0.0 – 6.0.0.20 Refer to the following reference URLs for ...read more
IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904)
Jan 11, 2019 9:39 am EST | High Severity
There is a potential remote code execution vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). CVE(s): CVE-2018-1904 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1 IBM Spectrum Control 5.2.8 – 5.2.13 The versions listed above apply to all licensed ...read more
IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL
Jan 10, 2019 9:00 am EST | High Severity
IBM Security Guardium has addressed the following vulnerabilities. CVE(s): CVE-2018-3283, CVE-2018-3162, CVE-2018-3279, CVE-2018-3258, CVE-2018-3137, CVE-2018-3156, CVE-2018-3277, CVE-2018-3212, CVE-2018-3278, CVE-2018-3276, CVE-2018-3133, CVE-2018-3155, CVE-2018-3251, CVE-2018-3174, CVE-2018-3195, CVE-2018-3173, CVE-2018-3170, CVE-2018-3171, CVE-2018-3247, CVE-2018-3203, CVE-2018-3145, CVE-2018-3200, CVE-2018-3286, CVE-2018-3143, CVE-2018-3187, CVE-2018-3144, CVE-2018-3284, CVE-2018-3185, CVE-2018-3285, CVE-2018-3186, CVE-2018-3161, CVE-2018-3282 Affected product(s) and affected version(s): Affected IBM Security Guardium Affected Versions IBM Security Guardium ...read more