IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139)

May 24, 2019 9:01 am EDT | Medium Severity

This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates. CVE(s): CVE-2019-4139 Affected product(s) and affected ...read more


IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)

May 24, 2019 9:01 am EDT | Medium Severity

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is vulnerable to cross-site scripting and failure to enforce HTTP Strict Transport Security. CVE(s): CVE-2019-4137, CVE-2019-4138 Affected product(s) and affected version(s): IBM Spectrum Control 5.2.13 – 5.2.17.2 IBM Spectrum Control 5.3.0 – 5.3.2 The versions listed above apply to all licensed offerings of IBM Spectrum Control. Refer ...read more


IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability

May 24, 2019 9:01 am EDT | Medium Severity

IBM Security Guardium is aware of the following vulnerability CVE(s): CVE-2019-1559 Affected product(s) and affected version(s): Affected IBM Security Guardium Affected Versions IBM Security Guardium 10.1.4 – 10.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885200X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514 ...read more


IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)

May 24, 2019 9:01 am EDT | Medium Severity

An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control (formerly Tivoli Storage Productivity Center), has addressed the applicable CVE. CVE(s): CVE-2019-1559 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1 IBM Spectrum Control 5.2.8 – 5.2.17.2 IBM ...read more


IBM Security Bulletin: security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-1559)

May 24, 2019 9:01 am EDT | Medium Severity

OpenSSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here. CVE(s): VE-2019-1559 Affected product(s) and affected version(s):IBM Tivoli Network Manager IP Edition v3.9 Fix Pack 4 & Fix Pack 5. Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4046)

May 24, 2019 9:01 am EDT | Medium Severity

There is a potential denial of service in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE(s): CVE-2019-4046 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1 IBM Spectrum Control 5.2.8 – 5.2.17.2 IBM Spectrum Control 5.3.0 – 5.3.2 The versions listed ...read more


IBM Security Bulletin: IBM API Connect V5 is potentially impacted by a weak cipher (CVE-2019-4256)

May 23, 2019 9:01 am EDT | Medium Severity

API Connect has addressed the following vulnerability. CVE(s): CVE-2019-4256 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10882968X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159944 ...read more


IBM Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities

May 23, 2019 9:00 am EDT | Medium Severity

IBM Security Guardium has addressed the following vulnerabilities CVE(s): CVE-2019-2434, CVE-2019-2455, CVE-2019-2510, CVE-2019-2532, CVE-2019-2494, CVE-2019-2495, CVE-2019-2536, CVE-2019-2531, CVE-2019-2528, CVE-2019-2529, CVE-2019-2507, CVE-2019-2502, CVE-2019-2503, CVE-2019-2486, CVE-2019-2420, CVE-2019-2482, CVE-2019-2481, CVE-2019-2539, CVE-2019-2535, CVE-2019-2436, CVE-2019-2513, CVE-2019-2537, CVE-2019-2530, CVE-2019-2533 Affected product(s) and affected version(s): Affected IBM Security Guardium Affected Versions IBM Security Guardium 10 – 10.6 Refer to the following reference ...read more


IBM Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039)

May 22, 2019 9:00 am EDT | Medium Severity

A vulnerability was found within the error logging function that meant that a local attacker could cause an overwrite of arbitrary MQ files and cause a denial of service attack against IBM MQ queue managers. CVE(s): CVE-2019-4039 Affected product(s) and affected version(s):IBM MQ V8 versions 8.0.0.0 – 8.0.0.11 IBM MQ V9 LTS versions 9.0.0.0 – ...read more