Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE executed under a security manager.

October 3, 2013

IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity. CVE(s):CVE-2013-2436, CVE-2013-2467, CVE-2013-2448, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, ...read more


GSKit Security Vulnerabilities addressed in IBM Tivoli Network Manager 3.8 and 3.9

October 2, 2013

A number of potential security vulnerabilies have been discovered in connection with OpenSSL Libraries which are included in IBM Tivoli Network Manager 3.8 and 3.9.OpenSSL Security Advisory updates Feb 2013 -CVE-2012-2190 CVE-2013-0169, CVE-2013-0166, CVE-2012-2686. GSKit Lucky 13 TLS CBC Timing Attack – CVE-2013-0169. OpenSSL versions prior to 1.0.0 do not follow best security practices and ...read more


Security Bulletin: TSM UNIX and Linux Client Local Buffer Overrun (CVE-2013-2964)

October 2, 2013

There is a local buffer overrun vulnerability in the IBM Tivoli Storage Manager (TSM) UNIX and Linux clients CVE(s): CVE-2013-2964 Affected product(s) and affected version(s): Tivoli Storage Manager · 6.3.0 through 6.3.0.17· 6.2.0 through 6.2.4.7· 6.1.0 through 6.1.5.4· 5.5.0 through 5.5.4.0· 5.4 and prior unsupported releases· Note: the 6.4 release is unaffected Refer to the ...read more


Security Bulletin: Vulnerability in Rational Lifecycle Integrations Adapter – HP (CVE-2013-4002)

October 2, 2013

The XML parser used in versions of the HP adapter prior to 1.1.0.1 was vulnerable to a denial of service attack. CVE(s): CVE-2013-4002 Affected product(s) and affected version(s): All versions of the HP adapter prior to 1.1.0.1 are vulnerable. Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21650876 X-Force ...read more


Security Bulletin: Vulnerabilities in IBM SPSS Collaboration and Deployment Services (CVE-2013-5370 & CVE-2013-4042)

September 28, 2013

Vulnerabilities have been identified in IBM SPSS Collaboration and Deployment Services which make the product vulnerable to remote code execution. CVE(s): CVE-2013-4042and CVE-2013-5370 Affected product(s) and affected version(s):Collaboration and Deployment Services, version 5.0 fix pack 2 and earlier. Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21651299 X-Force Database: ...read more


Security Bulletin: IBM Tivoli System Automation for Integrated Operations Management 2.1.1 Vulnerability.

September 27, 2013

Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation for Integrated Operations Management which may affect the product. CVE(s): CVE-2013-2468, CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-2466, CVE-2013-2462, CVE-2013-2460, CVE-2013-3743, CVE-2013-2448, CVE-2013-2442, CVE-2013-2407, CVE-2013-2454, CVE-2013-2458, CVE-2013-3744, CVE-2013-2400, CVE-2013-2456, CVE-2013-2453, CVE-2013-2457, CVE-2013-2455, CVE-2013-2412, CVE-2013-2443, CVE-2013-2447, CVE-2013-2437, ...read more


Security Bulletin: WebSphere DataPower XC10 Appliance vulnerability for administrative access to code and data (CVE-2013-5403)

September 27, 2013

A security vulnerability in the WebSphere DataPower XC10 Appliance might allow unauthenticated access to administrative operations and data. CVE(s):CVE-2013-1571 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance version 2.0 WebSphere DataPower XC10 Appliance version 2.1 WebSphere DataPower XC10 Appliance version 2.5 Refer to the following reference URLs for remediation and additional vulnerability details. Source ...read more


Security Bulletin: Tivoli Endpoint Manager Security Compliance Analytics (SCA) is affected by multiple Java vulnerabilities

September 26, 2013

Security Compliance Analytics version 1.3 and prior affected by multiple Java vulnerabilities CVE(s): CVE-2013-2463 CVE-2013-2465 CVE-2013-2471 Affected product(s) and affected version(s): Tivoli Endpoint Manager SCA 1.3 and earlier. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21650836 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/85029 https://exchange.xforce.ibmcloud.com/vulnerabilities/85031 https://exchange.xforce.ibmcloud.com/vulnerabilities/85026 ...read more


Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus

September 26, 2013

Multiple vulnerabilities related to the Java JRE shipped by Tivoli Netcool/OMNIbus have been resolved. CVE(s):CVE-2012-0502, CVE-2012-0503, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0505, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-4301, CVE-2012-4305, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0436, CVE-2013-0437, ...read more