IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor

Nov 14, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions, specifically Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. These issues were disclosed as part of the IBM Java SDK updates in April 2018. CVE(s): CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539)

Nov 14, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. CVE(s): CVE-2018-1656, CVE-2018-12539 Affected product(s) and affected version(s): IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1 Refer to the ...read more


IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities

Nov 14, 2018 8:01 am EST | High Severity

The Planning Analytics Workspace component of IBM Planning Analytics is vulnerable to multiple Node.js vulnerabilities including OpenSSL vulnerabilities in Node.js. The version of Node.js use by IBM Planning Analytics Workspace has been upgraded to address these vulnerabilities. CVE(s): CVE-2018-0732, CVE-2018-0737, CVE-2018-7158, CVE-2018-7159, CVE-2018-7160, CVE-2018-7166, CVE-2018-12115 Affected product(s) and affected version(s): IBM Planning Analytics Local 2.0 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 )

Nov 13, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in July 2018. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli System ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Nov 13, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. CVE(s): CVE-2018-1656, CVE-2018-12539 Affected product(s) and affected version(s): IBM Installation Manager and IBM Packaging Utility versions 1.8.9.1 and earlier. Refer to the ...read more


IBM Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

Nov 12, 2018 8:01 am EST | High Severity

Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. CVE(s): CVE-2018-11776 Affected product(s) and affected version(s): IBM Content Collector for Email – 4.0.1 IBM Content Collector for File Systems – 4.0.1 IBM Content Collector for SharePoint – 4.0.1 IBM Content Collector for IBM ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight

Nov 12, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version IBM JRE 8.0.2.10 used by IBM Network Performance Insight. IBM Network Performance Insight has addressed the applicable CVEs. CVE(s): CVE-2018-1656, CVE-2018-12539, CVE-2018-1517 Affected product(s) and affected version(s): IBM Network Performance Insight: 1.2.1, 1.2.2, 1.2.3. Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: IBM MQ can allow an attacker to execute a privilege escalation attack on a local machine. (CVE-2018-1792)

Nov 10, 2018 8:00 am EST | High Severity

A problem within IBM MQ libraries could allow an attacker who has access to a local machine to use IBM MQ to escalate their privileges on that system and gain access to the root user. CVE(s): CVE-2018-1792 Affected product(s) and affected version(s): IBM MQ V8 IBM MQ V8 versions 8.0.0.0 – 8.0.0.10 IBM MQ V9 ...read more


IBM Security Bulletin: Vulnerability in FreeBSD affects AIX (CVE-2018-6922) Security Bulletin

Nov 9, 2018 8:02 am EST | High Severity

There is a vulnerability in FreeBSD that affects AIX. CVE(s): CVE-2018-6922 Affected product(s) and affected version(s): AIX 5.3, 6.1, 7.1, 7.2 VIOS 2.2.x The following fileset levels are vulnerable: key_fileset = aix Fileset Lower Level Upper Level KEY ——————————————————— bos.rte 5.3.12.0 5.3.12.1 key_w_fs bos.rte 6.1.9.0 6.1.9.400 key_w_fs bos.rte 7.1.4.0 7.1.4.32 key_w_fs bos.rte 7.1.5.0 7.1.5.30 key_w_fs ...read more