Security Bulletin: Vulnerability in Classic Sametime Meetings Server (CVE-2013-0535)

May 2, 2013 2:15 am EDT

The Web Application of the Classic Sametime Meetings server can be exploited via potential cross-site scripting (XSS) vulnerabilities. A fix is provided. CVE(s):CVE-2013-0535 Affected product(s) &Affected version(s): IBM Classic Sametime Meetings server 8.5.2.1 and prior releases Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21635185X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/82657 ...read more


Security Bulletin: Tivoli Storage Productivity Center 5.1.0 clients affected by vulnerabilities in WebSphere Application Server (CVE-2011-1377)

May 1, 2013 7:16 pm EDT

There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC. CVE(s):CVE-2011-1377 Affected product(s) &Affected version(s): Tivoli Storage Productivity Center 5.1.0 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21635958X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/71319 ...read more


Security Bulletin: IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6

May 1, 2013 7:01 pm EDT

Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR12 (and earlier). CVE(s): CVE-2013-1478 CVE-2013-0445 CVE-2013-1480 CVE-2013-1475 CVE-2013-1476 CVE-2012-1541 CVE-2013-0446 CVE-2012-3342 CVE-2013-0442 CVE-2013-0450 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2012-3213 CVE-2013-1481 CVE-2013-0419 CVE-2013-0423 CVE-2013-0351 CVE-2013-0432 CVE-2013-1473 CVE-2013-0435 CVE-2013-0434 CVE-2013-0409 CVE-2013-0427 CVE-2013-0433 CVE-2013-0424 CVE-2013-0440 CVE-2013-0438 CVE-2013-0443 CVE-2013-1487 CVE-2013-1486 CVE-2013-0169 ...read more


Security Bulletin: Tivoli Federated Identity Manager – SAML 2.0 Cross Site Scripting (CVE-2013-0582)

May 1, 2013 12:47 am EDT

A response used in FIM SAML 2.0 protocol could potentially contain unencoded data provided by an untrusted source. An attacker could potentially use this to initiate a cross site scripting attack. CVE(s):CVE-2013-0582 Affected product(s) &Affected version(s): Tivoli Federated Identity Manager versions 6.2.0, 6.2.1, 6.2.2 Tivoli Federated Identity Manager Business Gateway versions 6.2.0, 6.2.1 Refer to ...read more


Security Bulletin: IBM Connections has a cross-site scripting (XSS) vulnerability in the Communities component (CVE-2013-0569)

May 1, 2013 12:36 am EDT

The IBM Connections Communities component contains a cross-site scripting vulnerability. IBM Connections v4.5 is impacted. CVE(s):CVE-2013-0569 Affected product(s) &Affected version(s): IBM Connections 4.5 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21635059X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/83354 ...read more


Security Bulletin: IBM SPSS SamplePower olch2x32 ActiveX control vulnerability (CVE-2013-0593)

May 1, 2013 12:17 am EDT

There is a security vulnerability with the olch2x32 ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allows remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. CVE(s):CVE-2013-0593 Affected product(s) &Affected version(s): IBM SPSS SamplePower for Windows V3.0 Refer to the ...read more


Security Bulletin: IBM SPSS SamplePower vsflex7l ActiveX control vulnerability (CVE-2012-5947)

May 1, 2013 12:03 am EDT

There is a security vulnerability with the vsflex7l ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allows remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. CVE(s):CVE-2012-5947 Affected product(s) &Affected version(s): IBM SPSS SamplePower for Windows V3.0 Refer to the ...read more


Security Bulletin: IBM SPSS SamplePower c1sizer ActiveX control vulnerability (CVE-2012-5946)

Apr 30, 2013 11:58 pm EDT

There is a security vulnerability with the c1sizer ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allow remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. CVE(s):CVE-2012-5946 Affected product(s) &Affected version(s): IBM SPSS SamplePower for Windows V3.0 Refer to the ...read more


Security Bulletin: IBM SPSS SamplePower Vsflex8l ActiveX control vulnerability (CVE-2012-5945)

Apr 30, 2013 11:53 pm EDT

There is a security vulnerability with the Vsflex8l ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allows remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. CVE(s):CVE-2012-5945 Affected product(s) &Affected version(s): IBM SPSS SamplePower for Windows V3.0 Refer to the ...read more