Security Bulletin: Rational Functional Tester 8.x vulnerabilities due to security vulnerabilities in IBM JRE 7 SR3 or earlier, and non-IBM Java 7 (CVE-2013-0809, CVE-2013-1493, CVE-2013-0437, CVE-2012-1541, CVE-2013-0446, CVE-2012-3342, CVE-2013-0428)

Mar 31, 2013 4:05 pm EDT

Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) IBM JRE 7.0 Service Release 3 or earlier, and non-IBM Java 7.0 or earlier, that can affect the security of Rational Functional Tester. Fixes are available in IBM JRE 7.0 Service Release 4 and in the latest Java 7.0 patches. CVE(s): · CVE-2013-0809 · CVE-2013-1493 ...read more


Security Bulletin: WebSphere Commerce V7.0 configuration file contains plain text passwords (CVE-2012-5764)

Mar 29, 2013 7:36 pm EDT

When WebSphere Commerce V7.0 Feature Pack 5 is configured with Bazaarvoice, two plain text passwords could be present in a configuration file. CVE(s):CVE-2012-5764 Affected product(s) &Affected version(s): WebSphere Commerce V7.0 Feature Pack 5 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21624747X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/80206 ...read more


Security Bulletin: Vulnerability in Rational Rhapsody Design Manager, versions 4.0 or earlier (CVE-2012-1717, CVE-2012-1718)

Mar 29, 2013 7:30 pm EDT

Security vulnerabilities exist in the Java Runtime Environments (JREs) IBM JRE 6.0 Service Release 10 or earlier, that can affect the security of Rational Rhapsody Design Manager 4.0 or earlier. CVE(s):CVE-2012-1717CVE-2012-1718 Affected product(s) &Affected version(s): Versions 3.0 through 4.0 of IBM Rational Rhapsody Design Manager running on Microsoft Windows and Linux are affected. Refer to ...read more


Security Bulletin: WebSphere Application Server – Oracle CPU Feb 2013

Mar 29, 2013 7:18 pm EDT

Multiple security vulnerabilites exist in the IBM Java SDK that is shipped with IBM WebSphere Application Server. CVE(s):CVE-2013-0440CVE-2013-0443CVE-2013-0169 Affected product(s) &Affected version(s): IBM WebSphere Application Server Version 8.5.0.0 through 8.5.0.1, Version 8.0.0.0 through 8.0.0.5, Version 7.0.0.0 through 7.0.0.27, Version 6.1.0.0 through 6.1.0.45 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21627634X-Force ...read more


Security Bulletin: Multiple security vulnerabilities – IBM Sterling Order Management (CVE-2013-0505, CVE-2013-0506)

Mar 29, 2013 7:08 pm EDT

IBM Sterling Order Management is vulnerable to cross-site scripting and XPath injections CVE(s):CVE-2013-0505CVE-2013-0506 Affected product(s) &Affected version(s): IBM Sterling Selling and Fulfillment Foundation 9.2.0 IBM Sterling Selling and Fulfillment Foundation 9.1.0 IBM Sterling Selling and Fulfillment Foundation 9.0 IBM Sterling Selling and Fulfillment Foundation 8.5 IBM Sterling Multi-Channel Fulfillment Solution 8.0 Refer to the following ...read more


Security bulletin: Directory browsing Vulnerability vulnerability in IBM’s Netezza Performance Portal 1.0.2 (CVE-2013-0470)

Mar 28, 2013 7:55 pm EDT

A vulnerability was identified in the IBM’s Netezza Performance Portal that application affecting, allows leakage of information about the application’s directory structure to be browsed. CVE(s):CVE-2013-0470 Affected product(s) &Affected version(s): Version 1.0.2 of IBM Netezza Performance Portal. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21631945X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/81336 ...read more


Security Bulletin: IBM Tivoli Monitoring GSKIT vulnerabilities (CVE-2012-2203, CVE-2012-2191, CVE-2012-2190)

Mar 28, 2013 7:41 pm EDT

These vulnerabilities apply to IBM Global Security Kit (GSKit) that is shipped as part of IBM Tivoli Monitoring. CVE(s):CVE-2012-2190, CVE-2012-2191, CVE-2012-2203 Affected product(s) & Affected version(s): IBM Tivoli Monitoring version 6.2.3 through 6.2.3 Fix Pack 02 IBM Tivoli Monitoring version 6.2.2 through 6.2.2 Fix Pack 09 IBM Tivoli Monitoring version 6.2.1 through 6.2.1 Fix Pack ...read more


Security Bulletin: Multiple vulnerabilities in IBM Rational Policy Tester (CVE-2013-0532, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0473, CVE-2012-5081)

Mar 27, 2013 7:07 pm EDT

Previous releases of IBM Rational Policy Tester are affected by multiple vulnerabilities reported in 3rd party components bundled with the product as well as in proprietary IBM code. These vulnerabilities include Cross-site Scripting, SQL injection, code execution, stack overflow, Cross-Site Request Forgery, and Information disclosure vulnerabilities. CVE(s):CVE-2013-0532, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0473, CVE-2012-5081 Affected ...read more


Security Bulletin: Multiple vulnerabilities in IBM Security AppScan Enterprise (CVE-2013-0532, CVE-2013-0510, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0511, CVE-2013-0473, CVE-2012-5081)

Mar 27, 2013 6:48 pm EDT

Previous releases of IBM Security AppScan Enterprise are affected by multiple vulnerabilities reported in 3rd party components bundled with the product as well as in proprietary IBM code. These vulnerabilities include Cross-site Scripting, SQL injection, code execution, stack overflow, Cross-Site Request Forgery, and Information disclosure vulnerabilities. CVE(s):CVE-2013-0532, CVE-2013-0510, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0511, CVE-2013-0473, ...read more