IT Service Management

IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2015-7575)

April 27, 2016

There is a vulnerability in IBM® SDK Java™ Technology Edition that is shipped as part of several IBM Tivoli Monitoring (ITM) components. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. CVE(s):CVE-2015-7575 Affected product(s) and affected version(s): The following components of IBM Tivoli Monitoring ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-4872)

April 27, 2016

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 13 and Version 6 Service Refresh 16 Fix Pack 7 and earlier releases, that is used by IBM Tivoli Provisioning Manager. These issues were disclosed as part of the IBM Java SDK updates for October 2015. CVE(s):CVE-2015-4872 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2015-2601,CVE-2015-4749.CVE-2015-2625,CVE-2015-1931 )

April 27, 2016

There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of several IBM Tivoli Monitoring (ITM) components. CVE(s):CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931 Affected product(s) and affected version(s): The following components of IBM Tivoli Monitoring (ITM) are affected by the this vulnerability: – Tivoli Enterprise Portal Server (TEPS) – embedded WebSphere Application ...read more


2013 IBM® SDK, Java™ Technology Edition Vulnerabilities

April 25, 2016

Recent media articles have mentioned that a patch released by IBM in 2013 for a vulnerability in its IBM® SDK, Java™ Technology Edition implementation can be bypassed. IBM is aware of the vulnerability and is working to address the issue. ...read more


IBM Security Bulletin: Information disclosure through unauthenticated SOAP request message. (CVE-2016-0299)

April 22, 2016

IBM TRIRIGA could disclose sensitive information using a query to the IBM TRIRIGA platform database using crafted web service request by means of a HTTP / SOAP query. CVE(s):CVE-2016-0299 Affected product(s) and affected version(s): The following IBM TRIRIGA Application Platform versions are affected. · IBM TRIRIGA Application Platform 3.5. · IBM TRIRIGA Application Platform 3.4. ...read more


IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2016-0800)

April 20, 2016

A vulnerability, known as DROWN, exploitable in OpenSSL was disclosed on Mar 1, 2016 by openssl.org. OpenSSL 1.0.1s, used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors, has addressed this vulnerability. CVE(s):CVE-2016-0800 Affected product(s) and affected version(s): Versions: · SSM 4.0.0 FP1 – FP14 and Interim Fix 14-01 – Interim Fix 14-07 · SSM ...read more


IBM Security Bulletin: A vulnerability in libcURL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3237)

April 20, 2016

A vulnerability in libcURL was disclosed on September 10, 2015 by the cURL open source team as a fix in libcURL 7.43. libcURL 7.47.1, used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors, has addressed the vulnerability. CVE(s):CVE-2015-3237 Affected product(s) and affected version(s): Versions: · SSM 4.0.0 FP1 – FP14 and Interim Fix 14-01 ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3197, CVE-2015-4000)

April 20, 2016

Vulnerabilities in OpenSSL were disclosed on Jan 28, 2016 by openssl.org. OpenSSL 1.0.1s, used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors, has addressed these vulnerabilities. CVE(s):CVE-2015-3197 and CVE-2015-4000 Affected product(s) and affected version(s): Versions: · SSM 4.0.0 FP1 – FP14 and Interim Fix 14-01 – Interim Fix 14-07 · SSM 4.0.1 FP1 – ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)

April 20, 2016

Vulnerabilities in OpenSSL were disclosed on Jan 28, 2016 by openssl.org. OpenSSL 1.0.1s, used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors, has addressed these vulnerabilities. CVE(s):CVE-2015-3194, CVE-2015-3195 and CVE-2015-3196 Affected product(s) and affected version(s): Versions: · SSM 4.0.0 FP1 – FP14 and Interim Fix 14-01 – Interim Fix 14-07 · SSM 4.0.1 FP1 ...read more