Security Bulletin: Potential security vulnerability exist in the IBM Java SDK’s TLS implementation that is shipped with Tivoli Netcool/OMNIbus Web GUI (CVE-2012-5081)

Nov 5, 2013 9:45 pm EST

The JDK’s TLS implementation does not strictly check the TLS vector length as set out in the latest RFC 5246. CVE(s):CVE-2012-5081 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus Web GUI: 7.3.0, 7.3.1, 7.4.0 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21655075 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/79435 ...read more


Security Bulletin: IBM SmartCloud Analytics – Log Analysis – Security exposures related to GSKit embedded with IBM Tivoli Monitoring components (CVE-2012-2203, CVE-2012-2191,CVE-2012-2190)

Nov 5, 2013 9:42 pm EST

IBM SmartCloud Analytics – Log Analysis bundles ITM component (GSKit version 7.4). Three vunerabilities have been discovered in this component. CVE(s):CVE-2012-2190, CVE-2012-2191, and CVE-2012-2203 Affected product(s) and affected version(s): IBM SmartCloud Analytics – Log Analysis 1.1.0 Examples: IBM SmartCloud Analytics – Log Analysis Version 1.1.0.0, 1.1.0.1 and 1.1.0.2 Refer to the following reference URLs for ...read more


Security Bulletin: IBM SmartCloud Analytics – Log Analysis – Security exposures related to http web server embedded with IBM Tivoli Monitoring components (CVE-2013-2961, CVE-2013-2960,CVE-2013-0548,CVE-2013-0551, CVE-2012-3297)

Nov 5, 2013 9:39 pm EST

IBM SmartCloud Analytics – Log Analysis bundles ITM component (ax IBM Tivoli Monitoring Shared Libraries, version 6.2.2 FP9). Five vulnerabilities have been discovered in this ITM Component. CVE(s):CVE-2012-3297, CVE-2013-0548, CVE-2013-0551, CVE-2013-2960, and CVE-2013-2961 Affected product(s) and affected version(s): IBM SmartCloud Analytics – Log Analysis 1.1.0 Examples: IBM SmartCloud Analytics – Log Analysis Version 1.1.0.0, 1.1.0.1 ...read more


Security Bulletin: IBM Domino Designer 9.0.1 and 8.5.3 Fix Pack 5 fix for IBM JRE XML Parsing Vulnerability

Oct 31, 2013 9:14 pm EDT

Releases 9.0 and 8.5.3 Fix Pack 4 (and earlier) of IBM Domino Designer are vulnerable to a denial of service attack when parsing malformed XML input. Upgrade to Domino Designer release 9.0.1 or 8.5.3 Fix Pack 5 to fix this issue. CVE(s):CVE-2013-4002 Affected product(s) and affected version(s): IBM Domino Designer 8.5.3 Fix Pack 4 and ...read more


Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000, and D5100 and IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700 and 7710 are affected by an unauthorized access to table vulnerability in IBM DB2 (CVE-2013-4033)

Oct 31, 2013 9:11 pm EDT

A vulnerability in IBM DB2 for Linux, UNIX, and Windows could allow an authenticated user holding EXPLAIN authority to temporarily gain SELECT, INSERT, UPDATE or DELETE privilege on a table. CVE(s):CVE-2013-4033 Affected product(s) and affected version(s): IBM InfoSphere Balanced Warehouse C3000 IBM InfoSphere Balanced Warehouse C4000 IBM InfoSphere Balanced Warehouse D5100 IBM Smart Analytics System ...read more


Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE

Oct 31, 2013 9:08 pm EDT

IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Infosphere Optim Data Growth for Oracle E-Business Suite (CVE-2013-0577, CVE-2013-0579, CVE-2013-0580)

Oct 31, 2013 6:54 pm EDT

Multiple vulnerabilities exist in the Optim E-Business Console that can allow an attacker to view sensitive information, perform actions as an impersonated legitimate user, or upload, modify or delete web pages or scripts on the server. CVE(s):CVE-2013-0577, CVE-2013-0579, and CVE-2013-0580 Affected product(s) and affected version(s): Versions 6.0 through 9.1 of IBM Infosphere Optim Data Growth ...read more


Security Bulletin: InfoSphere Guardium Data Redaction affected by SSL vulnerability in Apache Axis2 (CVE-2012-5785)

Oct 31, 2013 6:49 pm EDT

An SSL vulnerability exists in Apache Axis which is used by InfoSphere Guardium Data Redaction to process HTTPS requests from the Redaction SOAP API. CVE(s):CVE-2012-5785 Affected product(s) and affected version(s): InfoSphere Guardium Data Redaction v.2.1, 2.5 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21651054 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/79830 ...read more


Security Bulletin: IBM PureData System For Operational Analytics A1791 is affected by an OSPF vulnerability (CVE-2013-0149)

Oct 31, 2013 6:44 pm EDT

The IBM PureData System for Operational Analytics A1791 includes network switches which are used in part for external network access. When configured to use the Open Shortest Path First (OSPF) protocol these switches are vulnerable and allow remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information. CVE(s):CVE-2013-0149 Affected product(s) ...read more