Security Bulletin: Potential Security Vulnerabilities in Oracle Java 6 SDK affecting IBM WebSphere Multichannel Bank Transformation Toolkit version 8

Aug 12, 2013 6:50 pm EDT

CVE(s):CVE-2013-2468, CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-2466, CVE-2013-2462, CVE-2013-2460, CVE-2013-3743, CVE-2013-2445, CVE-2013-2448, CVE-2013-2461, CVE-2013-2442, CVE-2013-2407, CVE-2013-2454, CVE-2013-2458, CVE-2013-3744, CVE-2013-2400, CVE-2013-2456, CVE-2013-2453, CVE-2013-2457, CVE-2013-2455, CVE-2013-2412, CVE-2013-2443, CVE-2013-2447, CVE-2013-2437, CVE-2013-2444, CVE-2013-2452, CVE-2013-2446, CVE-2013-2450, CVE-2013-1571, CVE-2013-2449, CVE-2013-2451, CVE-2013-1500, CVE-2013-4002, CVE-2013-3006, CVE-2013-3007, CVE-2013-3008, CVE-2013-3009, CVE-2013-3010, CVE-2013-3011, CVE-2013-3012, and CVE-2013-2467 Affected product(s) and affected version(s): IBM ...read more


Security Bulletin: Tivoli Business Service Manager – Websphere Potential security exposure(CVE-2012-3325) and Apache Tomcat hash denial of service (CVE-2011-4858)

Aug 10, 2013 6:05 pm EDT

CVE-2012-3325: After installing an Interim Fix for PM44303 or a Fix Pack containing PM44303, there is a potential security exposure with IBM WebSphere Application Server. This Fix was part of the TIP (1.1.x) component installed with Tivoli Business Service Manager. CVE-2011-4858: Potential Denial of Service (Dos) security exposure when using Web based applications due to ...read more


Security Bulletin: IBM WebSphere Business Integration for Financial Networks Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Aug 10, 2013 6:00 pm EDT

Java API Documentation contains a frame injection vulnerability. CVE(s): CVE-2013-1571 Affected product(s) and affected version(s): IBM WebSphere Business Integration for Financial Networks for Multiplatforms Version 3 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21643400 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/84715 ...read more


Security Bulletin: IBM WebSphere Multichannel Banking Transformation Toolkit Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Aug 9, 2013 5:29 pm EDT

Java API Documentation contains a frame injection vulnerability. CVE(s):CVE-2013-0599 Affected product(s) and affected version(s): IBM WebSphere Multichannel Bank Transformation Toolkit 8.x IBM WebSphere Multichannel Bank Transformation Toolkit 7.xIBM WebSphere Multichannel Bank Transformation Toolkit 6.x Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21646268 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/84715 ...read more


Security Bulletin: The embedded help system in IBM InfoSphere Streams contains a potential vulnerability (CVE-2013-0599)

Aug 9, 2013 4:04 pm EDT

The embedded help system in IBM InfoSphere Streams has a potential vulnerability where sensitive information about the help system’s implementation is disclosed. CVE(s):CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Streams version 3.0.0.0 and 3.0.0.1 Version 2.x and versions 3.0.0.2 and higher are NOT affected and do not require a fix Refer to the following ...read more


The IBM InfoSphere Identity Insight’s Help System may display sensitive information. (CVE-2013-0599)

Aug 9, 2013 3:54 pm EDT

An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability that can be used to gain unauthorized access or collect sensitive information. CVE(s):CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Identity Insight Versions 8.0, 8.1 Refer to ...read more


Security Bulletin: Informix Open Admin Tool (OAT) cross-site scripting vulnerability (CVE-2013-0492)

Aug 9, 2013 3:46 pm EDT

An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability that can be used to gain unauthorized access or collect sensitive information. CVE(s):CVE-2013-0492 Affected product(s) and affected version(s): Informix Open Admin Tool (OAT) 3.11 and prior releases ...read more


A security vulnerability in IBM Sterling Connect:Direct for HP NonStop caused by a security vulnerability in OpenSSL.

Aug 9, 2013 2:18 pm EDT

A security vulnerability has been discovered in the OpenSSL libraries included in IBM Sterling Connect:Direct for HP NonStop that results in a security vulnerability in IBM Sterling Connect:Direct for HP NonStop. CVE(s):CVE-2011-4576 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for HP NonStop 3.5.0 and 3.6.0 Refer to the following reference URLs for remediation and ...read more


Security Bulletin: IBM Platform Application Center (CVE-2013-4002)

Aug 8, 2013 1:44 pm EDT

A variant of the Apache Xerces-J XML parser (XML4J) shipped with IBM Platform Application Center is vulnerable to a denial of service attack that can be triggered by malformed XML data. CVE(s):CVE-2013-4002 Affected product(s) and affected version(s): IBM Platform Application Center V8.3 and V9.1 Refer to the following reference URLs for remediation and additional vulnerability ...read more