Security Bulletin: Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway

Jul 3, 2013 6:16 pm EDT

CVE(s):CVE-2013-0560, CVE-2013-2984, CVE-2013-2982, CVE-2013-0476, CVE-2013-0539, CVE-2013-0455, CVE-2013-0468, CVE-2013-2983, CVE-2013-0558, CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, CVE-2013-0479, CVE-2013-0567, CVE-2013-0456, CVE-2012-5766, CVE-2012-5936, and CVE-2013-0481 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 and 5.1 IBM Sterling File Gateway 2.2 and 2.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: ...read more


Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are affected by multiple vulnerabilities in OpenSSL

Jul 3, 2013 5:54 pm EDT

A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling B2B Integrator and IBM Sterling File Gateway. CVE(s):CVE-2013-0169, CVE-2013-0166, CVE-2012-2686, CVE-2012-2131, CVE-2012-2110, CVE-2012-0884, CVE-2012-0050, CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2011-3207, CVE-2011-3210, CVE-2011-0014, CVE-2010-4252, CVE-2010-3864, CVE-2010-0742, and CVE-2010-1633 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2, 5.1. IBM ...read more


Security Bulletin: IBM Data Studio Web Console is vulnerable to cross-site request forgery, caused by improper validation of browser request headers.

Jul 3, 2013 2:46 am EDT

A service in the IBM Data Studio Web Console versions 3.1.0 and 3.1.1 is impacted by cross-site request forgery. By persuading an authenticated user to visit a malicious web site, a remote attacker could exploit this vulnerability to obtain sensitive information. CVE ID: CVE-2013-2980 AFFECTED PRODUCTS : IBM Data Studio Web Console 3.1.0 and 3.1.1 ...read more


Security Bulletin: IBM Data Studio Web Console is susceptible to a “Directory Traversal Arbitrary File Download” vulnerability.

Jul 3, 2013 2:42 am EDT

IBM Data Studio Web Console versions 3.1.0 and 3.1.1 could allow a remote attacker to traverse directories on the file system. An attacker could exploit this vulnerability to view potentially sensitive system files. CVE ID: CVE-2013-2981 AFFECTED PRODUCTS : IBM Data Studio Web Console v3.1.0 and v3.1.1 on all supported operating systems. Refer to the ...read more


Security Bulletin: Vulnerability in Sametime Clients – Password can be found on the clear on client’s memory (CVE-2013-0534)

Jul 3, 2013 2:38 am EDT

Low risk vulnerability in Sametime clients. If someone gets access to the machine of the Sametime user, it is possible to scan the memory of the client and find the password of the user on the clear. Issue may be intermittent and be cleared sometime after login. CVE-ID: CVE-2013-0534 AFFECTED PLATFORMS: Sametime Connect client (stand-alone) ...read more


Security Bulletin: IBM Sterling Control Center has various vulnerabilities (CVE-2013-2968 and CVE-2013-2969)

Jul 3, 2013 2:30 am EDT

IBM Sterling Control Center has various Denial-of-Service (DOS) and Cross Site Scripting (XSS) vulnerabilities. CVE ID(s): CVE-2013-2968CVE-2013-2969 AFFECTED PRODUCTS AND VERSIONS: IBM Sterling Control Center 5.4 through 5.4.0.1IBM Sterling Control Center 5.3 through 5.3.0.3IBM Sterling Control Center 5.2 through 5.2.0.8 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21640348X-Force ...read more


Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977)

Jul 3, 2013 2:26 am EDT

IBM Notes has an integer overflow vulnerability which may be triggered by viewing a malformed PNG image. CVE ID: CVE-2013-2977 AFFECTED PLATFORMS: IBM Notes 8.5.x, 9.0 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21635878X-Force Database (https://exchange.xforce.ibmcloud.com/vulnerabilities/83967) ...read more


Security Bulletin: Security vulnerabilities addressed in IBM Notes 9.0 (CVE-2011-3026, CVE-2012-6349, CVE-2012-6277)

Jul 3, 2013 2:21 am EDT

This security bulletin details fixes for three security vulnerabilities fixed in IBM Notes 9.0. CVE ID(s): CVE-2011-3026CVE-2012-6349CVE-2012-6277 AFFECTED PLATFORMS: IBM Notes 8.5.x Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21627992X-Force Database https://exchange.xforce.ibmcloud.com/vulnerabilities/73240 https://exchange.xforce.ibmcloud.com/vulnerabilities/80669https://exchange.xforce.ibmcloud.com/vulnerabilities/80207 ...read more


Security Bulletin: IBM Notes may fail to zero the plaintext password within memory (CVE-2013-0534)

Jul 3, 2013 2:15 am EDT

In some scenarios, IBM Notes may fail to zero the plaintext password within memory, leaving the plaintext password accessible to an attacker with the ability to access memory on the user’s local workstation. CVE ID: CVE-2013-0534 AFFECTED PLATFORMS: IBM Notes 9.0, 8.5.x. Refer to the following reference URLs for remediation and additional vulnerability details. Source ...read more