Security Bulletin: SONAS Fix Available for multiple Red Hat Security Advisories

Oct 24, 2012 9:55 pm EDT

SONAS includes multiple Red Hat RPMs for which Red Hat has provided security fixes. CVE(s):CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000 Affected product(s):SONASAffected version(s):1.1 through 1.3.0.5 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004165 X-Force Vulnerability Database ...read more


Security bulletin: Potential security vulnerabilities in IBM DataQuant with JRE 6

Oct 24, 2012 5:17 pm EDT

IBM® DataQuant makes use of Java Runtime Environment (JRE) Version 6. This security bulletin explains how to address potential security exposures with IBM DataQuant for z/OS and IBM DataQuant for Multiplatforms due to vulnerabilities in Java Software Developer Kits. CVE(s):CVE-2012-0551, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722,CVE-2012-1725 Affected product(s): IBM DataQuant Affected version(s): 1.2.15 ...read more


Security bulletin: Potential security vulnerabilities in DB2 QMF for Workstation and DB2 QMF for WebSphere with JRE 6

Oct 23, 2012 9:31 pm EDT

IBM® DB2® QMF for Workstation makes use of Java Runtime Environment (JRE) Version 6. This security bulletin describes how to address potential security exposures with QMF due to vulnerabilities in Java Software Developer Kits. CVE(s):CVE-2012-0551, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722,CVE-2012-1725 Affected product(s): DB2 QMF for Workstation and DB2 QMF for WebSphere Affected ...read more


IBM DataQuant for z/OS and IBM DataQuant for Multiplatforms make use of the IBM Eclipse Help System (IEHS), which has the security vulnerabilities described in this bulletin.

Oct 23, 2012 6:35 pm EDT

IBM DB2 QMF for Workstation and IBM DB2 QMF for WebSphere make use of the IBM Eclipse Help System (IEHS), which has the security vulnerabilities described in this bulletin. CVE(s):CVE-2012-2159, CVE-2012-2161 Affected product(s): DB2® QMFTM for Workstation and DB2 QMF for WebSphere® Affected version(s): 10.1.5 and earlier Refer to the following reference URLs for remediation ...read more


Security bulletin: Open redirect and cross-site scripting vulnerabilities in IBM DataQuant for z/OS and IBM DataQuant for Multiplatforms help systems (CVE-2012-2159, CVE-2012-2161)

Oct 23, 2012 6:28 pm EDT

IBM DataQuant for z/OS and IBM DataQuant for Multiplatforms make use of the IBM Eclipse Help System (IEHS), which has the security vulnerabilities described in this bulletin. CVE(s):CVE-2012-2159, CVE-2012-2161 Affected product(s): IBM® DataQuant for z/OS® and IBM DataQuant for MultiplatformsAffected version(s): 1.2.15 and earlier Refer to the following reference URLs for remediation and additional vulnerability ...read more


Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826).

Oct 23, 2012 3:11 am EDT

Vulnerability in IBM DB2 could allow an authenticated user to cause a stack-based buffer overflow and possibly attain remote code execution. CVE(s):CVE-2012-4826 Affected product(s) &Affected version(s): The following IBM DB2 V9.1, V9.5, V9.7 and V10.1 editions running on AIX, Linux, HP, Solaris and Windows: IBM® DB2® 10.1 Express Edition IBM® DB2® 10.1 Workgroup Server Edition ...read more


Security Bulletin: IBM Lotus Notes Traveler open redirect (CVE-2012-4824) and cross-site scripting vulnerability (CVE-2012-4825)

Oct 6, 2012 3:06 am EDT

IBM Lotus Notes Traveler has one open redirect vulnerability (fixed in both 8.5.3.3 Interim Fix 1 and 8.5.3 Upgrade Pack 1 Interim Fix 1) and one cross-site scripting vulnerability (fixed in release 8.5.3.2). CVE(s):CVE-2012-4824, CVE-2012-4825 Affected product(s): Lotus Notes TravelerAffected version(s): release 8.5.3 only (8.5.2 and lower are not affected) Refer to the following reference ...read more


Security Bulletin: GSKit Trust Anchor vulnerability in Tivoli Access Manager for e-business (CVE-2012-2203)

Oct 6, 2012 2:33 am EDT

A vulnerability has been identified in the GSKit component utilized by Tivoli Access Manager for e-business (TAM) such that trust anchors can be inserted without detection. Remediation for the issue consists of upgrading affected GSKit 7 versions to version 7.0.4.42 or higher following the instructions at the end of this bulletin. CVE(s):CVE-2012-2203 Affected product(s): Tivoli ...read more


Security Bulletin: Open Redirect and Cross-Site Scripting Vulnerabilities in Administration Client for ASF Help System (CVE-2012-2159, CVE-2012-2161)

Oct 6, 2012 2:08 am EDT

Administration Client for ASF bundles the IBM Eclipse Help System (IEHS) which has two known security vulnerabilities. CVE(s):CVE-2012-2159,CVE-2012-2161 Affected product(s): Administration Client for ASF running on Microsoft Windows. Affected version(s): 1.0 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21611767 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/74832 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/74833 ...read more