High Severity

IBM Security Bulletin: Open Source Expat XML Parser Vulnerabilities for IBM Notes

Share this post:

IBM Notes consumes Expat XML Parser for which the vulnerabilities are reported. Expat XML Parser is used by Keyview 10.22 library which is consumed by IBM Notes. IBM will address this vulnerability by updating fixes provided by HP to the existing Keyview 10.22 library.

CVE(s): CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-1283, CVE-2015-2716, CVE-2016-4472, CVE-2016-0718

Affected product(s) and affected version(s):

IBM Notes 9.0.1 to 9.0.1 FP7.
IBM Notes 9.0 to 9.0 IF4.
IBM Notes 8.5.3. to 8.5.3 FP6 IF13.
IBM Notes 8.5.2 to 8.5.2 FP4 IF3.
IBM Notes 8.5.1 to 8.5.1 FP5 IF3.
IBM Notes 8.5 release.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21990421
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/73868
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/73866
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/73867
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/104964
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103214
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114683
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113408

More stories

Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities

Aug 11, 2020 8:01 pm EDT | High Severity

Multiple memory corruption vulnerabilities have been found in the IBM i2 Analysts' Notebook, and IBM i2 Analysts' Notebook Premium. Please see linked CVE's for details. ...read more

Security Bulletin: IBM QRadar Wincollect is vulnerable to improper access control (CVE-2020-4485, CVE-2020-4486)

Aug 11, 2020 8:00 pm EDT | High Severity

IBM QRadar Wincollect agents could allow authenticated users to bypass restrictions to delete arbitrary files or disable the Wincollect service. ...read more

Security Bulletin: IBM Event Streams is affected by multiple Java vulnerabilities

Aug 10, 2020 8:01 pm EDT | High Severity

IBM Event Streams is affected by multiple Java vulnerabilities in the Java runtime ...read more