Medium Severity

IBM Security Bulletin: IBM Notes Open Source Expat Vulnerabilities disclsoure

Share this post:

IBM Notes consumes Expat XML Parser for which the vulnerabilities are reported. Expat XML Parser is used by Keyview 10.22 library which is consumed by IBM Notes. IBM will address this vulnerability by updating fixes provided by HP to the existing Keyview 10.22 library.

CVE(s): CVE-2012-6702, CVE-2016-5300

Affected product(s) and affected version(s):

IBM Notes 9.0.1 to 9.0.1 FP7
IBM Notes 9.0 to 9.0 IF4
IBM Notes 8.5.3 to 8.5.3 FP6 IF13
IBM Notes 8.5.2 to 8.5.2 FP4 IF3
IBM Notes 8.5.1. to 8.5.1 FP5 IF3
IBM Notes 8.5 release

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21990658
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114541
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114435

More stories

IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities

Jul 17, 2019 9:02 am EDT | Medium Severity

IBM Event Streams has addressed the following vulnerabilities in the Go Runtimes shipped. CVE(s): CVE-2019-9741 Affected product(s) and affected version(s):IBM Event Streams 2018.3.0 IBM Event Streams 2018.3.1 IBM Event Streams 2019.1.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884414X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158137 ...read more


IBM Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4046

Jul 17, 2019 9:01 am EDT | Medium Severity

IBM Event Streams has addressed the following vulnerability. CVE(s): CVE-2019-4046 Affected product(s) and affected version(s):IBM Event Streams 2018.3.0 IBM Event Streams 2018.3.1 IBM Event Streams 2019.1.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10888065X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242 ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to File Path Traversal (CVE-2019-4430)

Jul 16, 2019 9:02 am EDT | Medium Severity

IBM Maximo Asset Management is vulnerable to File Path Traversal CVE(s): CVE-2019-4430 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, if they are currently installed on top ...read more