Security Bulletin: Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203).

Feb 27, 2013 11:12 pm EST

GSKit is an IBM product that is used by IBM DB2 for SSL support. The GSKit that is shipped with DB2 contains multiple security vulnerabilities. By default, DB2 does not use SSL for client-server communication and therefore, DB2 is vulnerable only if SSL is enabled. CVE(s):CVE-2012-2190 and CVE-2012-2191 Affected product(s): IBM DB2 and DB2 Connect ...read more


Security Bulletin: Security vulnerability in IBM InfoSphere Guardium S-TAP for DB2 on z/OS (CVE-2013-0490)

Feb 26, 2013 9:34 pm EST

An unspecified vulnerability in IBM InfoSphere Guardium S-TAP for DB2 on z/OS v8.1 could allow local attackers to execute arbitrary commands via unknown vectors. CVE(s):CVE-2013-0490 Affected product(s) &Affected version(s): IBM InfoSphere Guardium S-TAP for DB2 on z/OS v8.1 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21626276X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/81948 ...read more


Security Bulletin: Multiple vulnerabilities in IBM DB2 Performance Expert and IBM InfoSphere Optim Performance Manager due to vulnerabilities in IBM Java Runtime Environment (CVE-2012-1720, CVE-2012-5081).

Feb 26, 2013 5:08 pm EST

DB2® Performance Expert and InfoSphere® Optim™ Performance Manager use the IBM® Java™ Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE. CVE(s):CVE-2012-1720 and CVE-2012-5081 Affected product(s) &Affected version(s): IBM DB2 Performance Expert for Multiplatforms IBM DB2 Performance Expert for Linux, UNIX, and Windows Optim Performance Manager for DB2 on Linux, UNIX, ...read more


Security Bulletin: IBM TS3500 Tape Library Update for Security Vulnerability in Web User Interface (CVE-2012-5767)

Feb 25, 2013 5:40 pm EST

Download an update to the TS3500 Tape Library which contains a fix for a security vulnerability that could allow unauthorized access to restricted actions. CVE(s): CVE-2012-5767 Affected product(s) &Affected version(s): All TS3500 tape libraries with firmware versions lower than C260. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004282X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/80272 ...read more


Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Feb 25, 2013 5:22 pm EST

IBM Security Network Intrusion Prevention System is affected by multiple vulnerabilities reported in Ruby on Rails. These vulnerabilities include multiple SQL injection, code execution, and denial of service vulnerabilities that could be exploited remotely by an attacker with access to the Local Management Interface (LMI). CVE(s): CVE-2012-2660 CVE-2012-6496 CVE-2012-2694 CVE-2013-0156 CVE-2012-3424 CVE-2012-2695 Affected product(s) &Affected ...read more


Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in OpenSSL (CVE-2011-4576, CVE-2011-4619, CVE-2012-2131 and CVE-2012-1165)

Feb 25, 2013 3:32 pm EST

IBM Security Network Intrusion Prevention System can be affected by several vulnerabilities in OpenSSL. These vulnerabilities include obtaining sensitive information, denial of service and code execution vulnerabilities that could be exploited remotely by an attacker. CVE(s): CVE-2012-2131 CVE-2011-4576 CVE-2011-4619 CVE-2012-1165 Affected product(s) &Affected version(s): Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, ...read more


Security Bulletin: IBM Lotus Domino Web Server Open Redirect (CVE-2012-4842) and Cross-site Scripting (CVE-2012-4844) Vulnerabilities

Feb 25, 2013 3:22 pm EST

IBM Lotus Domino Web server has one open redirect vulnerability and one cross-site scripting vulnerability. Fixes for these issues are planned for release 9.0 and upcoming Fix Packs. CVE(s):CVE-2012-4842,CVE-2012-4844 Affected product(s) &Affected version(s): IBM Lotus Domino 8.5.x. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21614077X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/79232X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/79233 ...read more


Security Bulletin: WebSphere Cast Iron Security Vulnerability: Security vulnerability when using LDAP Authentication – CVE-2013-0465

Feb 25, 2013 3:10 pm EST

Security vulnerability in WebSphere Cast Iron physical and virtual appliance when configured to use LDAP Authentication. CVE(s):CVE-2013-0465 Affected product(s) &Affected version(s): IBM WebSphere Cast Iron V6.0, V6.1 and V6.3 Studio, virtual appliance, physical applianceIBM WebSphere Cast Iron V6.1 SaaS offering isNOTaffected by this vulnerability Refer to the following reference URLs for remediation and additional vulnerability ...read more


Security Bulletin: Open redirect and cross-site scripting vulnerabilities in the IBM Data Studio help system (CVE-2012-2159, CVE-2012-2161, CVE-2013-0467)

Feb 16, 2013 3:50 pm EST

The Eclipse components that display the help content in IBM Data Studio version 3.1 and 3.1.1 are vulnerable to redirect and cross-site scripting attacks. CVE(s): CVE-2012-2159 CVE-2012-2161 CVE-2013-0467 Affected product(s) &Affected version(s): IBM Data Studio version 3.1 and 3.1.1 running on Microsoft Windows or Linux operating systems. Refer to the following reference URLs for remediation ...read more