Security Bulletin: IBM Notes may fail to zero the plaintext password within memory (CVE-2013-0534)

Jul 3, 2013 2:15 am EDT

In some scenarios, IBM Notes may fail to zero the plaintext password within memory, leaving the plaintext password accessible to an attacker with the ability to access memory on the user’s local workstation. CVE ID: CVE-2013-0534 AFFECTED PLATFORMS: IBM Notes 9.0, 8.5.x. Refer to the following reference URLs for remediation and additional vulnerability details. Source ...read more


Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0518, CVE-2013-0519, CVE-2013-0520)

Jul 3, 2013 2:10 am EDT

IBM Sterling Secure Proxy is vulnerable to spoofing and information disclosure attacks. CVE ID(s):CVE-2013-0518CVE-2013-0519CVE-2013-0520 AFFECTED PRODUCTS: Sterling Secure Proxy 3.4.1 Sterling Secure Proxy 3.4.0Sterling Secure Proxy 3.3.01 Sterling Secure Proxy 3.2.0 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21636369X-Force Database (https://exchange.xforce.ibmcloud.com/vulnerabilities/83128) (https://exchange.xforce.ibmcloud.com/vulnerabilities/82654) (https://exchange.xforce.ibmcloud.com/vulnerabilities/83433) ...read more


Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-0514, CVE-2013-0517)

Jul 3, 2013 1:48 am EDT

IBM Sterling External Authentication Server is vulnerable to code execution and information disclosure attacks. CVE(s): CVE-2013-0514CVE-2013-0517 Affected product(s) and affected version(s): IBM Sterling External Authentication Server 2.4.1 IBM Sterling External Authentication Server 2.4.0 Sterling External Authentication Server 2.3.01 Sterling External Authentication Server 2.2.0 Refer to the following reference URLs for remediation and additional vulnerability details. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Data Studio Web Console due to vulnerabilities in IBM Java Runtime Environment.

Jul 1, 2013 7:58 pm EDT

IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE. CVE(s):CVE-2013-0440, CVE-2013-0443, and CVE-2013-0169 Affected product(s) and affected version(s): IBM Data Studio Web Console versions 3.1, 3.11, and 3.2 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: ...read more


Security Bulletin: IBM Data Studio Web Console is susceptible to a “Directory Traversal Arbitrary File Download” vulnerability.

Jul 1, 2013 7:50 pm EDT

IBM Data Studio Web Console versions 3.1.0 and 3.1.1 could allow a remote attacker to traverse directories on the file system. An attacker could exploit this vulnerability to view potentially sensitive system files. CVE(s):CVE-2013-2981 Affected product(s) and affected version(s): IBM Data Studio Web Console v3.1.0 and v3.1.1 on all supported operating systems. Refer to the ...read more


Security Bulletin: IBM Data Studio Web Console is vulnerable to cross-site request forgery, caused by improper validation of browser request headers.

Jul 1, 2013 7:46 pm EDT

A service in the IBM Data Studio Web Console versions 3.1.0 and 3.1.1 is impacted by cross-site request forgery. By persuading an authenticated user to visit a malicious web site, a remote attacker could exploit this vulnerability to obtain sensitive information. CVE(s):CVE-2013-2980 Affected product(s) and affected version(s): IBM Data Studio Web Console 3.1.0 and 3.1.1 ...read more


Security Bulletin: Multiple vulnerabilities in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite (CVE-2013-2953, CVE-2013-2954, CVE-2013-2955, CVE-2013-2956, CVE-2013-2957, CVE-2013-2959)

Jul 1, 2013 7:38 pm EDT

Multiple vulnerabilities have been identified in the Optim E-Business Console making the product vulnerable to phishing attacks, the interception of credentials and the bypass of login entirely. CVE(s):CVE-2013-2953 , CVE-2013-2954, CVE-2013-2955, CVE-2013-2956, CVE-2013-2957, and CVE-2013-2959 Affected product(s) and affected version(s): Versions 6.0 through 9.1 of IBM InfoSphere Optim Data Growth for Oracle E-Business Suite are ...read more


Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Master Data Management – Collaborative Edition (CVE-2013-0478, CVE-2013-0477)

Jul 1, 2013 7:28 pm EDT

IBM InfoSphere Master Data Management – Collaborative Edition versions 10.1, 10.0 and IBM InfoSphere Master Data Management Server for Product Information Management versions 9.1, 9.0, 6.0 are vulnerable to cross-site scripting and content spoofing. CVE(s): CVE-2013-0478 and CVE-2013-0477 Affected product(s) and affected version(s): IBM InfoSphere Master Data Management – Collaborative Edition Versions 10.1 and 10.0 ...read more


Security Bulletin: Open Redirect and Cross-Site Scripting Vulnerabilities in the locally installable IBM DB2 Information Center (CVE-2012-2159, CVE-2012-2161, CVE-2013-0467)

Jul 1, 2013 7:20 pm EDT

The IBM DB2 Information Center package gives you local access to DB2 documentation on a local or intranet system. Some scripts in the help system, used by DB2 Information Center, are vulnerable to open redirect, or cross-site scripting attacks. This security bulletin only applies to the installed (local or intranet system) DB2 Information Center. If ...read more