High Severity

IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin

Share this post:

There are multiple vulnerabilities in GSKit that affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX.

CVE(s): CVE-2018-1388, CVE-2018-1427, CVE-2018-1426, CVE-2016-0702, CVE-2018-1447

Affected product(s) and affected version(s):

AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x

The following fileset levels (VRMF) are vulnerable, if the respective IBM Tivoli Directory Server (ITDS) or IBM Security Directory Server (ISDS) version is installed:
For ITDS 6.2.0: Less than 6.2.0.56
For ITDS 6.3.0: Less than 6.3.0.49
For ISDS 6.3.0: Less than 6.3.1.24
For ISDS 6.3.0: Less than 6.4.0.16

Note: To find out whether the affected ITDS or ISDS filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example: lslpp -L | grep -i itds

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10788069
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138212
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111144
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972

More stories

IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities

Jan 22, 2019 9:01 am EST | High Severity

IBM MessageSight has addressed the following Java vulnerabilities: CVE-2018-3183: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting) CVE-2018-3169: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot) CVE-2018-3149: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java ...read more


IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301)

Jan 22, 2019 9:00 am EST | High Severity

There are vulnerabilities in the OpenSSL and LibcURL libraries used by BigFix. These are addressed in the BigFix Platform 9.5.11 and 9.2.16 releases. CVE(s): CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301 Affected product(s) and affected version(s): Affected IBM BigFix Platform Affected Versions BigFix Platform 9.5 – 9.5.10 BigFix Platform 9.2 – 9.2.15 Refer to the following reference URLs ...read more


IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)

Jan 18, 2019 9:01 am EST | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2016-1000031 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794179X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 ...read more