Security Bulletin: Balanced Warehouse C3000, C4000, & D5100, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700, & 7710, and PureData System for Operational Analytics A1791 Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Jun 18, 2013 8:46 pm EDT

Java API Documentation contains a frame injection vulnerability. CVE(s):CVE-2013-1571 Affected product(s) and affected version(s): IBM InfoSphere Balanced Warehouse C3000 IBM InfoSphere Balanced Warehouse C4000 IBM InfoSphere Balanced Warehouse D5100 IBM Smart Analytics System 1050 IBM Smart Analytics System 2050 IBM Smart Analytics System 5600 IBM Smart Analytics System 5710 IBM Smart Analytics System 7600 IBM ...read more


Security Bulletin: Multiple vulnerabilities in Product IBM Application Manager For Smart Business 1.2.1 (CVE-2013-0548, CVE-2013-0551, CVE-2013-0576 , CVE-2013-2960, CVE-2013-2961, CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Jun 17, 2013 3:55 pm EDT

Several vulnerabilities have been resolved in the Basic Services component of IBM Tivoli Monitoring. These vulnerabilities could have potentially caused a denial of service or Cross Site Scripting (XSS) exposure. CVE(s): CVE-2013-0548CVE-2013-0551CVE-2013-0576CVE-2012-2190CVE-2012-2191CVE-2013-2960CVE-2013-2961 Affected product(s) and version(s): IBM Application Manager For Smart Business 1.2.1 (earlier known as : Tivoli Foundations Application Manager 1.2 ) having ITM ...read more


Security Bulletin: WebSphere Commerce vulnerability could allow disclosure of user personal data (CVE-2013-0523)

Jun 15, 2013 11:55 pm EDT

Some WebSphere Commerce data may be encrypted using an encryption algorithm that is susceptible to a padding oracle attack which may allow for the disclosure of user personal data. CVE(s): CVE-2013-0523 Affected product(s) and version(s): WebSphere Commerce versions 7.0.0.0 to 7.0.0.7 WebSphere Commerce versions 6.0.0.0 to 6.0.0.11 WebSphere Commerce 5.6.1.0 to 5.6.1.5 Earlier out of ...read more


Security Bulletin: Multiple vulnerabilities in IBM Rational Build Forge

Jun 14, 2013 9:05 pm EDT

Rational Build Forge is shipped with an IBM Java that is based on Oracle Java. Oracle has released critical patch updates (CPUs) January 13, February 1 and February 19 that contain security vulnerability fixes and IBM Java is affected. These fixes have been added to the Rational Build Forge 8.0 release. CVE(s): CVE-2012-3213 CVE-2013-0419 CVE-2013-0423CVE-2013-0424CVE-2013-0425CVE-2013-0426CVE-2013-0427CVE-2013-0428CVE-2013-0433CVE-2013-0434CVE-2013-0435CVE-2013-0437CVE-2013-0440CVE-2013-0443CVE-2013-1478CVE-2013-1493 ...read more


Security Bulletin: Multiple vulnerabilities in InfoSphere Optim Performance Manager due to vulnerabilities in IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443)

Jun 14, 2013 8:35 pm EDT

IBM InfoSphere Optim Performance Manager uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE. CVE(s):CVE-2013-0440CVE-2013-0443 Affected product(s) and version(s): IBM Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 4.1.0.1 through 4.1.1 IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows version ...read more


Security Bulletin: Multiple vulnerabilities in IBM Data Studio Web Console due to vulnerabilities in IBM Java Runtime Environment.

Jun 14, 2013 7:45 pm EDT

IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE. CVE(s):CVE-2013-0440CVE-2013-0443CVE-2013-0169 Affected product(s) and version(s): IBM Data Studio Web Console versions 3.1, 3.11,3.2 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21640533X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/81799 https://exchange.xforce.ibmcloud.com/vulnerabilities/81801 https://exchange.xforce.ibmcloud.com/vulnerabilities/81902 ...read more


Security Bulletin: TPM for OS Deployment, TPM for Images – GSKit vulnerabilities (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203, CVE-2013-0169)

Jun 13, 2013 6:17 pm EDT

Notice of security vulnerabilities which impacts TPM for OSd / TPM for Images 7.1.1.X along with instructions to resolve the issues. CVE(s): CVE-2012-2190 CVE-2012-2191 CVE-2012-2203 CVE-2013-0169 Affected product(s) and version(s): TPM for OSd / TPM for Images 7.1.1.X Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21613589X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/77280 https://exchange.xforce.ibmcloud.com/vulnerabilities/75996 ...read more


Security Bulletin: IBM Data Studio Web Console is vulnerable to cross-site request forgery, caused by improper validation of browser request headers.

Jun 13, 2013 5:33 pm EDT

A service in the IBM Data Studio Web Console versions 3.1.0 and 3.1.1 is impacted by cross-site request forgery. By persuading an authenticated user to visit a malicious web site, a remote attacker could exploit this vulnerability to obtain sensitive information. CVE(s): CVE-2013-2980 Affected product(s) and version(s): IBM Data Studio Web Console 3.1.0 and 3.1.1 ...read more


Security Bulletin: IBM Data Studio Web Console is susceptible to a “Directory Traversal Arbitrary File Download” vulnerability.

Jun 13, 2013 5:30 pm EDT

IBM Data Studio Web Console versions 3.1.0 and 3.1.1 could allow a remote attacker to traverse directories on the file system. An attacker could exploit this vulnerability to view potentially sensitive system files. CVE(s): CVE-2013-2981 Affected product(s) and version(s): IBM Data Studio Web Console v3.1.0 and v3.1.1 on all supported operating systems. Refer to the ...read more