IBM Product Security Incident Response

Acknowledgement

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services.

Disclosures for 2018

  • Artem Metla
  • Cody Wass, (NetSPI)
  • David Azria, Alex Mor, (Ernst & Young, Hacktics Advanced Security Center)
  • Eddie Zhu, (Beijing DBSEC Technology CO, LTD)
  • Giulio Comi, (Horizon Security)
  • Jakub Tyrlik, (ING TECH)
  • Jan Bee, (Google Security Team)
  • Martin Strand
  • Mayank Somani
  • Mohamed Sayed, (SecureMisr)
  • Moshe Mizrahi, (Ernst & Young, Hacktics Advanced Security Center)
  • Okan Coskun, (Biznet Bilisim)
  • Omar Eissa, (Deloitte Germany)
  • Panu Tamminen
  • Patrick Schmid, (Redguard)
  • Quentin Rhodes-Herrera
  • Rich Mirch
  • Ryan Adamson
  • Sebastian Neuner, (Google Security Team)
  • Spyridon Chatzimichail
  • Tim Brown, (Security Advisory EMEAR, Cisco)
  • Vasilis Sikkis, (QSecure)
  • Vikas Khanna, (LinkedIn)
  • Yicheng Dong
  • Yoganandam Dayalan, (Cognizant, LinkedIn)

 

Disclosures for 2017

  • Adeel Imtiaz (LinkedIn)
  • Alberto Garcia Illera (SalesForce)
  • Alex Haynes (CDL)
  • Angelis Pseftis (Cyber Innovations Center, Jacobs)
  • Bosko Stankovic (DefenseCode)
  • Christopher Haney (LinkedIn)
  • Dale Thornton (PwC)
  • Daniel Hamid (Centurion Information Security, LinkedIn)
  • Dominique Righetto (Excellium)
  • Eddie Zhu (Beijing DBSEC Technology CO, LTD)
  • Eduardo Naranjo Pessota
  • Emanuele Calvelli (Quantum Leap)
  • Farzad Nehru-Sehabu (The Missing Link SecurityLinkedIn)
  • Francisco Oca (SalesForce)
  • Gabriele Gristina (LinkedIn)
  • Goh Zhi Hao (SEC Consult Vulnerability Lab)
  • Harjot Singh Lidher
  • Henri Salo
  • Honggang Ren (Fortinet’s FortiGuard Labs)
  • Jakub Palaczynski (ING Services Polska)
  • James Nichols (80/20 Labs)
  • Jarad Kopf (Deltek, LinkedIn)
  • John Moss (IRM Security)
  • Juho Nurminen
  • Kenneth F. Belva (LinkedIn, Twitter, OpCode Security, Inc) for identifying vulnerabilities in IBM Merge PACS
  • Kiran Shirali (LinkedIn,   Twitter)
  • Kravchenko Stas (LinkedIn, Twitter)
  • Leiliang Sun (NSFOCUS)
  • Leon Juranic (DefenseCode)
  • Lukasz Juszczyk (ING Services Polska)
  • Luke Valenta (University of Pennsylvania)
  • Marc Ströbel (HvS-Consulting AG, Twitter)
  • Martin Carpenter
  • Mathijs Schmittmann
  • Matthias Kaiser  (Code White)
  • Michael Bentley (appthority)
  • Mohammed Adel (Facebook)
  • Mohammad Shah Bin Mohammad Esa (SEC Consult Vulnerability Lab)
  • Mohammed Shameem Shahnawaz (Twitter)
  • Nalla Muthu S  (LinkedIn)
  • Nebojsa Bajagic (Security Compass)
  • Prasath K  (LinkedIn)
  • Rich Mirch
  • Robert McClellan (Blue Canopy Group LLC, LinkedIn)​
  • Samandeep Singh (SEC Consult Vulnerability Lab, Singapore)
  • Sergio Ortega  (LinkedIn)
  • Spyridon Chatzimichail (OTE Hellenic Telecommunications Organization S.A., LinkedIn)
  • Suman Tiwari (LinkedInTwitterBlog)
  • Thierry De Leeuw (Avance Consulting SPRL)
  • Tim Brown, (Security Advisory EMEAR, Cisco)
  • Vaibhav Gupta (LinkedIn, Twitter, Blog)
  • Valentinos Chouris (NCC Group)
  • Wayne Chang (WYC Technology, LLC)
  • William Easton (Stawgate, LLC)
  • Yuting Chen (Shanghai Jiao Tong Univiversity)
  • Zhendong Su (University of California)

The names of individuals and organizations appear above with their permission. To report a potential security issue with any IBM product or offering, please see Report Security Issue.

More stories

IBM Product Security Incident Response

Acknowledgement

Nov 9, 2018 2:30 pm EST

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2018 Artem Metla Cody Wass, (NetSPI) David Azria, Alex Mor, (Ernst & Young, Hacktics Advanced Security Center) Eddie Zhu, (Beijing DBSEC Technology CO, LTD) ...read more


Potential Impact on Processors in the POWER Family

Aug 16, 2018 4:20 pm EST

In January 2018, three security vulnerabilities were made public that allow unauthorized users to bypass the hardware barrier between applications and kernel memory. These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks. The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to ...read more


IBM Security Bulletin: Vulnerabilities in bind affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems

Nov 27, 2017 3:17 pm EST | High Severity

IBM Chassis Management Module has addressed the following vulnerabilities in PHP. CVE(s): CVE-2017-3143, CVE-2017-3142 Affected product(s) and affected version(s): Product Affected Version IBM Integrated Management Module II (IMM2) for System x and Flex Systems 1AOO IBM Integrated Management Module II (IMM2) for BladeCenter Systems 1AOO Refer to the following reference URLs for remediation and additional ...read more