IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)

Jan 18, 2019 9:01 am EST | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2016-1000031 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794179X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 ...read more


IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager

Jan 17, 2019 9:01 am EST | High Severity

Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager. Oracle OIT issues disclosed in the Oracle October 2018 Critical Patch Update. CVE(s): CVE-2018-18224, CVE-2018-3227, CVE-2018-3226, CVE-2018-3218, CVE-2018-3229, CVE-2018-3217, CVE-2018-3228, CVE-2018-3219, CVE-2018-3230, CVE-2018-3232, CVE-2018-3221, CVE-2018-3231, CVE-2018-3220, CVE-2018-3223, CVE-2018-3234, CVE-2018-3233, CVE-2018-3222, CVE-2018-3225, CVE-2018-3302, CVE-2018-3224, CVE-2018-3147, CVE-2018-18223 Affected product(s) and ...read more


IBM Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime

Jan 17, 2019 9:00 am EST | High Severity

There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. CVE(s): CVE-2018-2579, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678, CVE-2018-2602, CVE-2018-2603, CVE-2018-2657, CVE-2018-2637, CVE-2018-2633, ...read more


IBM Security Bulletin: Asset Analyzer (RAA) is affected by an Apache CXF vulnerability

Jan 15, 2019 9:01 am EST | High Severity

Rational Asset Analyzer (RAA) has addressed the following vulnerability. CVE(s): CVE-2018-8039 Affected product(s) and affected version(s): Affected Versions Rational Asset Analyzer 6.1.0.0 – 6.1.0.18 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10744591X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516 ...read more


IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Jan 15, 2019 9:00 am EST | High Severity

There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server. There is a potential cross-site scripting vulnerability in the Cache Monitor web application in WebSphere Application Server. There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty. Potential cross-site scripting vulnerability in WebSphere ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Jan 12, 2019 9:00 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in July 2018 and ...read more


IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 )

Jan 11, 2019 9:40 am EST | High Severity

IBM Security Identity Manager (ISIM) has addressed the following vulnerabilities that can allow attackers to compromise user accounts via weak passwords, uploading or transferring dangerous files types, or cross-site scripting. CVE(s): CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 Affected product(s) and affected version(s): Product Version IBM Security Identity Manager 6.0.0 – 6.0.0.20 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904)

Jan 11, 2019 9:39 am EST | High Severity

There is a potential remote code execution vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). CVE(s): CVE-2018-1904 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1 IBM Spectrum Control 5.2.8 – 5.2.13 The versions listed above apply to all licensed ...read more


IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL

Jan 10, 2019 9:00 am EST | High Severity

IBM Security Guardium has addressed the following vulnerabilities. CVE(s): CVE-2018-3283, CVE-2018-3162, CVE-2018-3279, CVE-2018-3258, CVE-2018-3137, CVE-2018-3156, CVE-2018-3277, CVE-2018-3212, CVE-2018-3278, CVE-2018-3276, CVE-2018-3133, CVE-2018-3155, CVE-2018-3251, CVE-2018-3174, CVE-2018-3195, CVE-2018-3173, CVE-2018-3170, CVE-2018-3171, CVE-2018-3247, CVE-2018-3203, CVE-2018-3145, CVE-2018-3200, CVE-2018-3286, CVE-2018-3143, CVE-2018-3187, CVE-2018-3144, CVE-2018-3284, CVE-2018-3185, CVE-2018-3285, CVE-2018-3186, CVE-2018-3161, CVE-2018-3282 Affected product(s) and affected version(s): Affected IBM Security Guardium Affected Versions IBM Security Guardium ...read more