IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734)

Jul 17, 2019 9:01 am EDT | Low Severity

IBM RackSwitch firmware products listed below have addressed the following vulnerability in OpenSSL. CVE(s): CVE-2018-0734 Affected product(s) and affected version(s): Product Affected Version IBM RackSwitch G8000 7.1 IBM RackSwitch G8052 7.9 IBM RackSwitch G8052 7.11 IBM RackSwitch G8124/G8124E 7.11 IBM RackSwitch G8264 7.11 IBM RackSwitch G8264CS 7.8 IBM RackSwitch G8264T 7.9 IBM RackSwitch G8316 7.9 ...read more


IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734)

Jul 17, 2019 9:01 am EDT | Low Severity

IBM Flex System switch firmware products have addressed the following vulnerability in OpenSSL. CVE(s): CVE-2018-0734 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch firmware 7.8 IBM Flex System EN2092 1Gb Ethernet Scalable firmware 7.8 IBM Flex System Fabric GbFSIM 10Gb Scalable Switch firmware 7.8 IBM Flex System ...read more


IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11708)

Jul 10, 2019 9:03 am EDT | Low Severity

There is a security vulnerability in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.11 of IBM SONAS CVE(s): CVE-2019-11708 Affected product(s) and affected version(s): IBM SONAS The product is affected when running code releases 1.5.1.0 to 1.5.2.11 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10958151X-Force ...read more


IBM Security Bulletin: A vulnerability in IBM Websphere Application Server could affect IBM Cloud App Management

Jul 8, 2019 9:00 am EDT | Low Severity

There is a vulnerability in IBM Websphere Application Server used by IBM® Cloud App Management. WebSphere Application Server could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM® Cloud App Management has addressed the applicable CVE in a later version. CVE(s): CVE-2018-1902 Affected product(s) ...read more


IBM Security Bulletin: IBM Tivoli Netcool Impact Session Management – Session Fixation

Jul 2, 2019 9:01 am EDT | Low Severity

IBM Tivoli Netcool Impact did not implement proper Session Management. The attacker can fix the users session and lure the victim to login with the Arbitrary session he created, further results into Session hijacking. CVE(s): Not Applicable Affected product(s) and affected version(s): Affected IBM Tivoli Netcool Impact Affected Versions IBM Tivoli Netcool Impact 7.1.0 7.1.0.0 ...read more


IBM Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2019-4129)

Jun 29, 2019 9:02 am EDT | Low Severity

A stack trace may be displayed in error messages generated by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center. CVE(s): CVE-2019-4129 Affected product(s) and affected version(s): The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected: 8.1.0.000 through 8.1.7.xxx 7.1.0.000 through 7.1.9.200 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2018-1902)

Jun 29, 2019 9:01 am EDT | Low Severity

There is a potential spoofing vulnerability in IBM WebSphere Application Server Liberty which affects IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center. CVE(s): CVE-2018-1902 Affected product(s) and affected version(s): The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected: 8.1.0.000 through 8.1.7.xxx 7.1.0.000 through 7.1.9.200 Refer to the following ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048)

Jun 4, 2019 9:01 am EDT | Low Severity

IBM Maximo Asset Management could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. CVE(s): CVE-2019-4048 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control ...read more


IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018

May 31, 2019 9:00 am EDT | Low Severity

There is a vulnerability in Apache Commons Compress used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVE in a later version. CVE(s): CVE-2018-11771 Affected product(s) and affected version(s): IBM Cloud App Management V2018.2.0 IBM Cloud App Management V2018.4.0 IBM Cloud App Management V2018.4.1 Refer to the following reference ...read more