High Severity

IBM Security Bulletin: Open Source Expat XML Parser Vulnerabilities for IBM Notes

Share this post:

IBM Notes consumes Expat XML Parser for which the vulnerabilities are reported. Expat XML Parser is used by Keyview 10.22 library which is consumed by IBM Notes. IBM will address this vulnerability by updating fixes provided by HP to the existing Keyview 10.22 library.

CVE(s): CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-1283, CVE-2015-2716, CVE-2016-4472, CVE-2016-0718

Affected product(s) and affected version(s):

IBM Notes 9.0.1 to 9.0.1 FP7.
IBM Notes 9.0 to 9.0 IF4.
IBM Notes 8.5.3. to 8.5.3 FP6 IF13.
IBM Notes 8.5.2 to 8.5.2 FP4 IF3.
IBM Notes 8.5.1 to 8.5.1 FP5 IF3.
IBM Notes 8.5 release.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21990421
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/73868
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/73866
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/73867
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/104964
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103214
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114683
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113408

More stories

IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)

Sep 21, 2019 9:02 am EDT | High Severity

Node.js denial of service vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center). CVE(s): CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Spectrum Control 5.3.0 – 5.3.3 Note that the 5.2 release is not affected. Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2684, CVE-2019-4473, CVE-2019-11771)

Sep 21, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control (formerly Tivoli Storage Productivity Center). These issues were disclosed as part of the IBM Java SDK updates for April 2019 and July 2019. CVE(s): CVE-2019-2684, CVE-2019-4473, CVE-2019-11771 Affected product(s) and affected version(s): Affected Product Affected Versions ...read more


IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

Sep 20, 2019 9:02 am EDT | High Severity

IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. CVE(s): CVE-2019-2756, CVE-2019-2855, CVE-2019-2852, CVE-2019-2764, CVE-2019-2792, CVE-2019-2759, CVE-2019-2835, CVE-2019-2854, CVE-2019-2853 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0.6.1 Previous versions are not affected. Refer to the following reference URLs for remediation ...read more