AIM-WebSphere Platform

IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2016-0263)

May 15, 2016 7:22 pm EDT

A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.2, V4.1 and IBM General Parallel File System V3.5, that could allow a local user, under special circumstances, to escalate their privileges or cause a denial of service when the mmapplypolicy command is issued with certain options and syntax. IBM PureApplication ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server for Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427)

May 13, 2016 2:00 pm EDT

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

May 12, 2016 2:00 pm EDT

OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs. CVE(s):CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794 Affected product(s) and affected version(s): IBM Image Construction and Composition Tool v2.3.2.0 IBM Image Construction and Composition ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Deployer. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

May 12, 2016 2:00 pm EDT

OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Workload Deployer. IBM Workload Deployer has addressed the applicable CVEs. CVE(s):CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794 Affected product(s) and affected version(s): IBM Workload Deployer version 3.1.0.7 Refer to the following reference URLs for remediation and additional vulnerability details: Source ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus

May 12, 2016 2:00 pm EDT

Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus. The DataDirect ODBC Drivers used by WebSphere Message Broker and IBM Integration Bus have addressed the applicable CVEs. CVE(s):CVE-2016-2842, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-2842, CVE-2016-0705, CVE-2016-0701, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195 Affected product(s) and affected version(s): IBM Integration Bus V10, V9 WebSphere Message Broker ...read more


IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7488)

May 12, 2016 2:00 pm EDT

A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local, unprivileged user or a user with network access to the IBM Spectrum Scale cluster, access to the LDAP directory bind user password when File protocol is deployed with LDAP / LDAP ...read more


IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7456)

May 12, 2016 2:00 pm EDT

A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local unprivileged user, or a user with network access to the IBM Spectrum Scale cluster, to access admin passwords for object storage infrastructure. This vulnerability only affects clusters which have installed and ...read more


IBM Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8860

May 11, 2016 2:00 pm EDT

Denial of service vulnerability in module tar, used by the npm package management tool CVE(s):CVE-2015-8860 Affected product(s) and affected version(s): These vulnerabilities affect IBM SDK for Node.js v1.1.0.21 and previous releases. These vulnerabilities affect IBM SDK for Node.js v1.2.0.10 and previous releases. These vulnerabilities affect IBM SDK for Node.js v4.3.2.0 and previous releases. Refer to ...read more


IBM Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8855

May 10, 2016 2:00 pm EDT

Denial of service vulnerability in module semver, used by the npm package management tool CVE(s):CVE-2015-8855 Affected product(s) and affected version(s): These vulnerabilities affect IBM SDK for Node.js v1.1.0.20 and previous releases. These vulnerabilities affect IBM SDK for Node.js v1.2.0.1 and previous releases. Refer to the following reference URLs for remediation and additional vulnerability details: Source ...read more