Security Bulletin: IBM TRIRIGA Application Platform Cross-Site scripting vulnerabilities

April 10, 2013

IBM TRIRIGA Application Platform has potential Cross-Site scripting vulnerabilities in various URLs. CVE(s):CVE-2012-5948 Affected product(s) &Affected version(s): The following versions are affected. IBM TRIRIGA Application Platform 3.3 is not impacted. · IBM TRIRIGA Application Platform 3.2.1 and fix packs · IBM TRIRIGA Application Platform 3.2 and fix packs · TRIRIGA Application Platform 3.1 and fix ...read more


Security Bulletin: IBM TRIRIGA Application Platform Cross Site Request Forgery vulnerabilities

April 10, 2013

IBM TRIRIGA Application Platform has potential Cross Site Request Forgery vulnerabilities in various URLs. CVE(s):CVE-2012-5950 Affected product(s) &Affected version(s): The following versions are affected. IBM TRIRIGA Application Platform 3.3 is not impacted. · IBM TRIRIGA Application Platform 3.2.1 and fix packs · IBM TRIRIGA Application Platform 3.2 and fix packs · TRIRIGA Application Platform 3.1 ...read more


Security Bulletin: SONAS documentation update available for configuration of SONAS with LDAP authentication (CVE-2012-0706)

April 5, 2013

SONAS includes a version of the LDAP client which stores the username and the password of the LDAP user in clear text in the local file system. CVE(s):CVE-2012-0706 Affected product(s) &Affected version(s): Affected releases: All SONAS releases Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004292X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/73309 ...read more


Security Bulletin: WebSphere Commerce V7.0 configuration file contains plain text passwords (CVE-2012-5764)

March 29, 2013

When WebSphere Commerce V7.0 Feature Pack 5 is configured with Bazaarvoice, two plain text passwords could be present in a configuration file. CVE(s):CVE-2012-5764 Affected product(s) &Affected version(s): WebSphere Commerce V7.0 Feature Pack 5 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21624747X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/80206 ...read more


Security bulletin: Directory browsing Vulnerability vulnerability in IBM’s Netezza Performance Portal 1.0.2 (CVE-2013-0470)

March 28, 2013

A vulnerability was identified in the IBM’s Netezza Performance Portal that application affecting, allows leakage of information about the application’s directory structure to be browsed. CVE(s):CVE-2013-0470 Affected product(s) &Affected version(s): Version 1.0.2 of IBM Netezza Performance Portal. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21631945X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/81336 ...read more


Security Bulletin: Tivoli Endpoint Manager for Software Use (CVE-2013-0452)

March 24, 2013

CSRF vulnerability in AMF handling in SUA 1.3 and earlier. CVE(s):CVE-2013-0452 Affected product(s) &Affected version(s): Tivoli Endpoint Manager for Software Use Analytics 1.3 and earlier Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21631350X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/80968 ...read more


Security Bulletin: Cross-site scripting (XSS) vulnerability was discovered in Web Reports (CVE-2013-0453)

March 24, 2013

XSS Vulnerability in Web Reports earlier than 8.2.1372. CVE(s):CVE-2013-0453 Affected product(s) &Affected version(s): Tivoli Endpoint Manager Platform Web Reports earlier than 8.2.1372 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www.ibm.com/support/docview.wss?uid=swg21631351X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/80969 ...read more


Security Bulletin: TADDM Web UI security vulnerabilities (CVE-2012-5939,CVE-2012-5942)

March 4, 2013

IBM Tivoli Application Dependency Discovery Manager has security vulnerabilities in Web User Interface (Data Management Portal) CVE(s):CVE-2012-5942, CVE-2012-5939 Affected product(s) &Affected version(s): TADDM 7.2.0.0 through 7.2.1.3 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21625935X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/80494X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/80537 ...read more


Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Master Data Management – Collaborative Edition (CVE-2013-0478, CVE-2013-0477)

February 11, 2013

IBM InfoSphere Master Data Management – Collaborative Edition versions 10.1, 10.0 and IBM InfoSphere Master Data Management Server for Production Information Management versions 9.1, 9.0, 6.0 are vulnerable to cross-site scripting and content spoofing. CVE(s): CVE-2013-0478 CVE-2013-0477 Affected product(s) &Affected version(s): IBM InfoSphere Master Data Management – Collaborative Edition Versions 10.1 and 10.0 IBM InfoSphere ...read more