Security Bulletin: Security Vulnerability in IBM WebSphere Cast Iron (CVE-2013-2972)

Jun 2, 2013 5:32 pm EDT

A security vulnerability exists in WebSphere Cast Iron Virtual and Physical appliance offerings which may allow an unauthorized user to gain access to the system. CVE(s):CVE-2013-2972 AFFECTED PLATFORMS: IBM WebSphere Cast Iron v6.0, v6.1 and v6.3 Virtual Appliance and Physical Appliance Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21635993 ...read more


Security Bulletin: WebSphere Application Server – Oracle CPU April 2013

Jun 1, 2013 9:38 pm EDT

Multiple security vulnerabilites exist in the IBM Java SDK that is shipped with IBM WebSphere Application Server. CVE(s):CVE-2013-0169 Versions affected: SDK shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.0.2, Version 8.0.0.0 through 8.0.0.6, Version 7.0.0.0 through 7.0.0.27, Version 6.1.0.0 through 6.1.0.45 Refer to the following reference URLs for remediation and additional vulnerability details. ...read more


Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169

Jun 1, 2013 9:26 pm EDT

Potential Security Exposure with IBM HTTP Server for WebSphere Application Server. CVEID:CVE-2013-0169 AFFECTED VERSIONS: This problem affects the IBM HTTP Server component in all editions of WebSphere Application Server and bundling products: · Version 8.5 · Version 8 · Version 7 · Version 6.1 Refer to the following reference URLs for remediation and additional vulnerability ...read more


Security Bulletin: Privilege escalation vulnerability in IBM DB2’s Audit Facility (CVE-2013-3475)

Jun 1, 2013 3:18 pm EDT

Vulnerability in IBM DB2’s Audit Facility could allow an escalation of privilege attack. CVEID: CVE-2013-3475 Affected product(s) and affected version(s): The following IBM DB2 and DB2 Connect V9.1, V9.5, V9.7 and V10.1 editions running on AIX, Linux, HP and Solaris (this vulnerability is not applicable to DB2 on Windows.). IBM® DB2® Express EditionIBM® DB2® Workgroup ...read more


Security Bulletin: IBM DB2 is impacted by a vulnerability in the IBM GSKit library (CVE-2013-0169)

Jun 1, 2013 3:16 pm EDT

GSKit is used by IBM DB2 for SSL support. The version of GSKit iused by DB2 is vulnerable to the “Lucky Thirteen” security vulnerability. By default, DB2 does not use SSL for client-server communication and therefore DB2 is vulnerable only if SSL is enabled. CVEID: CVE-2013-0169 Affected product(s) and affected version(s):The following IBM DB2 and ...read more


Security Bulletin: IBM Tivoli Access Manager – token authentication RSA SecurID library uses weak cryptography (CVE-2013-0941)

Jun 1, 2013 3:14 pm EDT

This bulletin applies to the WebSEAL component of Tivoli Access Manager for e-business (TAM) systems participating in token authentication. Earlier versions of the Authentication API provided by RSA used poor cryptography in generating keys which are used to encrypt communications between the WebSEAL system and the RSA Server when performing RSA SecurID token authentication. CVEID: ...read more


Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors Local Configuration file Buffer Overflow (CVE-2013-0508)

Jun 1, 2013 3:11 pm EDT

Descriptive text in agent configuration files that is greater than 255 characters may cause buffer overflow. CVEID: CVE-2013-0508 Affected product(s) and affected version(s):SSM 4.0.0 FP1-FP13SSM 4.0.1 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21638459 X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/82333 ...read more


Security Bulletin: IBM Tivoli Directory Server can be affected by a vulnerability in the IBM GSKit library (CVE-2013-0169)

Jun 1, 2013 3:09 pm EDT

The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the “Lucky Thirteen” issue. CVEID: CVE-2013-0169 Affected product(s) and affected version(s): PRODUCT version GSKit Version Tivoli Directory Server V6.0 Tivoli Directory ...read more


Security Bulletin: Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467)

Jun 1, 2013 3:06 pm EDT

The version of IBM Eclipse Help System that is shipped with IBM SPSS Data Collection versions 6.0, 6.0.1 (“Data Collection”) and 7.0 has multiple security vulnerabilities. These vulnerabilities allow attackers to perform cross-site scripting and source code disclosure attacks. CVEID: CVE-2013-0464 CVE-2013-0467 Affected product(s) and affected version(s):IBM SPSS Data Collection Developer Library 6.0 (DDL 6.0) ...read more