Security Bulletin: Asset and Service Mgmt Products – Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits

Apr 3, 2013 11:22 pm EDT

  Security Bulletin: Asset and Service Mgmt Products – Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. CVE(s) with related X-Force Database: CVE-2012-1541–https://exchange.xforce.ibmcloud.com/vulnerabilities/81761 CVE-2012-3174–https://exchange.xforce.ibmcloud.com/vulnerabilities/81200 CVE-2012-3213–https://exchange.xforce.ibmcloud.com/vulnerabilities/81769 CVE-2012-3342–https://exchange.xforce.ibmcloud.com/vulnerabilities/78334 CVE-2013-0169–https://exchange.xforce.ibmcloud.com/vulnerabilities/74380 CVE-2013-0351–https://exchange.xforce.ibmcloud.com/vulnerabilities/81786 CVE-2013-0409–https://exchange.xforce.ibmcloud.com/vulnerabilities/81793 CVE-2013-0419–https://exchange.xforce.ibmcloud.com/vulnerabilities/81783 CVE-2013-0422–https://exchange.xforce.ibmcloud.com/vulnerabilities/81117 CVE-2013-0423–https://exchange.xforce.ibmcloud.com/vulnerabilities/81784 CVE-2013-0424–https://exchange.xforce.ibmcloud.com/vulnerabilities/81798 CVE-2013-0425–https://exchange.xforce.ibmcloud.com/vulnerabilities/81766 CVE-2013-0426–https://exchange.xforce.ibmcloud.com/vulnerabilities/81767 CVE-2013-0427–https://exchange.xforce.ibmcloud.com/vulnerabilities/81795 CVE-2013-0428–https://exchange.xforce.ibmcloud.com/vulnerabilities/81768 CVE-2013-0429–https://exchange.xforce.ibmcloud.com/vulnerabilities/81782 CVE-2013-0431–https://exchange.xforce.ibmcloud.com/vulnerabilities/81794 CVE-2013-0432–https://exchange.xforce.ibmcloud.com/vulnerabilities/81788 CVE-2013-0433–https://exchange.xforce.ibmcloud.com/vulnerabilities/81797 ...read more


Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL

Apr 3, 2013 11:09 pm EDT

A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling Connect:Express for UNIX. CVE(s):·CVE-2013-0169 · CVE-2013-0166 · CVE-2012-2686 · CVE-2012-2131 · CVE-2012-2110 · CVE-2012-0884 · CVE-2012-0050· CVE-2011-4108 · CVE-2011-4576 · CVE-2011-4577 · CVE-2011-4619 · CVE-2011-0027 · CVE-2011-3207 · CVE-2011-3210· CVE-2011-0014 · CVE-2010-3864 · CVE-2010-4252 · CVE-2010-0742 · CVE-2010-1633 Affected ...read more


Security Bulletin: SSL/TLS denial of service vulnerability in IBM Tivoli Directory Server

Apr 3, 2013 10:10 pm EDT

A denial of service vulnerability in the Tivoli Directory Server can cause a connection to fail to time-out. CVE(s):CVE-2013-0556 Affected product(s) &Affected version(s): Running on all supported platforms: Tivoli Directory Server versions 6.2.0.27 and 6.3.0.19 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21631687X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/83009 ...read more


Security Bulletin: TADDM: Vulnerabilities in embedded JRE

Apr 3, 2013 5:53 pm EDT

Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) IBM JRE 5.0 Service Release 15 or earlier, and non-IBM Java 5.0 or earlier, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. CVE(s): CVE-2013-1475 CVE-2012-4820 CVE-2012-4822 CVE-2012-3216 CVE-2012-3143 CVE-2012-5073 CVE-2012-5075 CVE-2012-5083 CVE-2012-1531 CVE-2012-5081 CVE-2012-5069 CVE-2012-5071 CVE-2012-5084 CVE-2012-5079 CVE-2012-5089 Affected product(s) &Affected ...read more


Security Bulletin: IBM TS3400 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)

Apr 2, 2013 2:04 pm EDT

Download an update to the TS3400 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. CVE(s):CVE-2012-2333 Affected product(s) &Affected version(s): All TS3400 tape libraries with firmware versions lower than 0039. Refer to the following reference URLs for remediation and additional vulnerability details.Source ...read more


Security Bulletin: Cross-Site Scripting vulnerability in IBM InfoSphere Information Server (CVE-2013-0502)

Mar 31, 2013 4:56 pm EDT

A Cross-Site Scripting vulnerability exists in the Web Console of IBM InfoSphere Information Server that may lead to unauthorized access when a user is tricked into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link. CVE(s):CVE-2013-0502 Affected product(s) &Affected version(s): IBM InfoSphere Information Server Versions 8.1, 8.5, 8.7 and ...read more


Security Bulletin: Denial of service in IBM InfoSphere Data Replication Dashboard (CVE-2011-4461)

Mar 31, 2013 4:49 pm EDT

InfoSphere Data Replication Dashboard includes Jetty which has a known security vulnerability that can lead to a denial of service. CVE(s):CVE-2011-4461 Affected product(s) &Affected version(s): Versions 10.1 and 9.7 of InfoSphere Data Replication Dashboard are affected. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21632399 X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/72017 ...read more


Security Bulletin: Directory listing vulnerability in IBM InfoSphere Data Replication Dashboard (CVE-2012-4861)

Mar 31, 2013 4:45 pm EDT

InfoSphere Data Replication Dashboard includes a web server that can be used to list specific directories under the dashboard web application. CVE(s):CVE-2012-4861 Affected product(s) &Affected version(s): Versions 10.1 and 9.7 of InfoSphere Data Replication Dashboard are affected. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21632383 X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/79844 ...read more


Security Vulnerabilities addressed in IBM Tivoli Netcool Performance Manager (CVE-2012-2159, CVE-2012-2161)

Mar 31, 2013 4:12 pm EDT

IBM Eclipse Help System cross-site scripting exploit. CVE(s):CVE-2012-2159, CVE-2012-2161 Affected product(s) &Affected version(s): Tivoli Netcool Performance Manager (TNPM) 1.3.1 Tivoli Netcool Performance Manager (TNPM) 1.3.2 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21632748 X-Force Database: · X-Force Vulnerability Databasehttps://exchange.xforce.ibmcloud.com/vulnerabilities/74832 · X-Force Vulnerability Databasehttps://exchange.xforce.ibmcloud.com/vulnerabilities/74833 ...read more