Security Bulletin: Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images – OpenSSL Security Advisory updates Feb 2013 (CVE-2013-0169, CVE-2013-0166, CVE-2012-2686)

Nov 11, 2013 12:50 am EST

OpenSSL released fixes for 3 security vulnerabilities. CVE(s): CVE-2013-0169, CVE-2013-0166,and CVE-2012-2686 Affected product(s) and affected version(s): IBM Tivoli Provisioning Manager for Images 7.1.1.xIBM Tivoli Provisioning Manager for OS Deployment 7.1.1.x IBM Tivoli Provisioning Manager for Images (and System X Edition) 7.1.1.x IBM Tivoli Provisioning Manager for OS Deployment 5.1.xIBM Tivoli Remote Deployment Manager 4.40 Refer ...read more


Security Bulletin: Vulnerabilities in Sametime Enterprise Meeting Server (CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985)

Nov 8, 2013 1:35 pm EST

The security bulletin addresses various vulnerabilities found in the Sametime Enterprise Meeting Server regarding spoofing and domain cookies. CVE(s): and CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985 Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21654355 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/84815 ...read more


Security Bulletin: IBM Lotus Sametime WebPlayer Denial-of-Service (CVE-2013-3986)

Nov 8, 2013 1:27 pm EST

An attacker participating in a Sametime Audio Visual (AV) session may be able to crash the IBM Sametime WebPlayer extension (Firefox extension) session of other users. CVE(s): and CVE-2013-3986 Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source ...read more


Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

Nov 8, 2013 2:07 am EST

Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities CVE(s):CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, ...read more


Security Bulletin: IBM Campaign and IBM Contact Optimization – Apache Xerces-J XML parser vulnerability to a Denial of Service attack triggered by malformed XML data. (CVE-2013-4002)

Nov 7, 2013 10:01 pm EST

The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data. CVE(s): CVE-2013-4002 Affected product(s) and affected version(s): IBM Campaign and IBM Contact Optimization V7.x to V9.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21654683 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/85260 ...read more


Security Bulletin: IBM DB2 Performance Expert Client affected by vulnerability in IBM Java Runtime Environment (JRE) (CVE-2013-1500)

Nov 7, 2013 9:53 pm EST

An unspecified vulnerability in the IBM Java Runtime Environment (JRE) 2D component has partial confidentiality impact, partial integrity impact, and no availability impact. CVE(s): CVE-2013-1500 Affected product(s) and affected version(s):IBM DB2 Performance Expert for Linux, UNIX, and Windows version 3.2 through 3.2.3 (only the Performance Expert (PE) Client component is affected) IBM InfoSphere Optim Performance ...read more


Security Bulletin: For safer administration of IBM Domino server, use Domino Administrator client instead of Domino Web Administrator

Nov 7, 2013 6:31 pm EST

IBM Domino Web Administrator (webadmin.nsf) has two cross-site scripting vulnerabilities and one cross-site request forgery of low CVSS score. These vulnerabilities do not exist in the Domino Administrator client. To prevent the potential for these attacks, use the Domino Administrator client or mitigations listed below. Domino Web Administrator is deprecated. CVE(s): CVE-2013-4051, CVE-2013-4055, CVE-2013-4050 Affected ...read more


Security Bulletin: IBM Sterling Connect:Enterprise Secure Client Shared Memory Permission Vulnerability (CVE-2013-1500)

Nov 5, 2013 9:50 pm EST

The IBM Sterling Connect:Enterprise Secure Client is susceptible to a shared memory permission vulnerability. CVE(s):CVE-2013-1500 Affected product(s) and affected version(s): IBM Sterling Secure Client: 1.3, 1.4 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21655065 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/85062 ...read more


Security Bulletin: IBM Sterling Certificate Wizard Shared Memory Permission Vulnerability (CVE-2013-1500)

Nov 5, 2013 9:47 pm EST

The IBM Sterling Certificate Wizard is susceptible to a shared memory permission vulnerability. CVE(s):CVE-2013-1500 Affected product(s) and affected version(s): IBM Sterling Certificate Wizard: 1.3, 1.4 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21655057 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/85062 ...read more