Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for VMware. IBM Spectrum Protect Snapshot for VMware has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for Unix. IBM Spectrum Protect Snapshot for Unix has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL coul...

Security Bulletin: Vulnerabilities in GSKit fixed in IBM Security/Tivoli Directory Server for AIX/VIOS (CVE-2015-0138, CVE-2015-0159)

Summary GSKit is an IBM component that is used by IBM Security/Tivoli Directory Server. The GSKit that is shipped with IBM Security/Tivoli Directory Server contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability...

Security Bulletin: IBM Tivoli Directory Server CPU utilization - shipped with AIX and VIOS (CVE-2014-0963)

Summary IBM Security Directory Server, formerly known as IBM Tivoli Directory Server, is affected by a problem that is related to the Secure Sockets Layer SSL implementation. Some conditions can cause the processor utilization to rapidly increase, resulting in a denial of service. Vulnerability...

Security Bulletin: Vulnerabilities in GSKit 8 affect Tivoli Directory Server and IBM Security Directory Server for AIX/VIOS (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit 8. Tivoli Directory Server and IBM Security Directory Server use GSKit 8 and have addressed the applicable CVE's. GSKit 7 is not affected. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacke...

Security Bulletin: Vulnerability in GSKit affects IBM Tivoli Directory Server and IBM Security Directory Server for AIX/VIOS (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Security Directory Server Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerabili...

Security Bulletin: Vulnerability in OpenSSL affects IBM GPFS V4.1 and IBM Spectrum Scale V4.1.1 (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM GPFS V4.1 and IBM Spectrum Scale V4.1.1 use GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused b...

Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM DataPower Gateways uses GSKit in certain moduels - namely MQ, ISAM/TAM, JMS. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION:...

Security Bulletin: Vulnerabilities in GSKit affect Security Access Manager for DataPower (CVE-2015-0159, CVE-2015-0138)

Summary GSKit is an IBM component that is used by Security Access Manager components on DataPower. The GSKit that is shipped with Security Access Manager contains several security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. T...

Security Bulletin: Vulnerability in OpenSSL affects Informix Dynamic Server and CSDK (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Informix Dynamic Server uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...

Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in IBM Informix Server (CVE-2013-6747)

Summary An SSL/TLS connection initiated using a malformed certificate chain from a Client or Server could contain a circular reference. The circular reference can cause the chain building logic to loop and lead to an engine crash or an engine hang when it runs out of memory. Vulnerability Details...

Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in GSKit used with IBM Informix Client Software Development Kit (CSDK) (CVE-2013-6747)

Summary An SSL/TLS connection initiated using a malformed certificate chain from a Client or Server could contain a circular reference. The circular reference can cause the chain building logic to loop and lead to an engine crash or an engine hang when it runs out of memory. Vulnerability Details...

Security Bulletin: A vulnerability in the GSKit component of Client Software Development Kit (CSDK) (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit, component of Informix Client Software Development Kit CSDK Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit...

Security Bulletin: A vulnerability in the GSKit component of Informix Dynamic Server (IDS) (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit, component of Informix Dynamic Server IDS . Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...

Security Bulletin: TLS padding vulnerability affects Informix Dynamic Server ( CVE-2014-8730)

Summary IBM Informix Dynamic Server can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Dynamic Server. CVEID: CVE-2014-8730 DESCRIPTION: I...

Security Bulletin: TLS padding vulnerability affects Informix Client Software Development Kit (CSDK) ( CVE-2014-8730)

Summary Informix Client Software Development Kit CSDK can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Client Software Development Kit...

Security Bulletin: Vulnerabilities in GSKit affect InfoSphere BigInsights (CVE-2015-0138, CVE-2015-0159)

Summary GSKit is an IBM component that is used by InfoSphere BigInsights. The GSKit that is shipped with InfoSphere BigInsights contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. InfoSphere BigInsights has...

Security Bulletin: Security vulnerabilities have been identified in GSKIT and/or GSKit Crypto and Fork that are integrated with IBM DB2 and shipped with IBM InfoSphere BigInsights. (CVE-2015-7420, CVE-2015-7421, CVE-2016-0201)

Summary Security vulnerabilities have been identified in GSKIT and/or GSKit Crypto and Fork that are integrated with IBM DB2 and shipped with IBM InfoSphere BigInsights. Information about security vulnerabilities affecting GSKIT/ Crypto and Fork has been published in a security bulletin...

IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, including the following: - IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 duplicates the PRNG state across fork system calls when multiple ICC instances are loaded which cou...

Security Bulletin: Multiple vulnerabilities in Rational Directory Server (CVE-2012-2203, CVE-2012-2191)

Summary Notice of security vulnerabilities which impacts IBM Rational Directory Server 5.2.x Tivoli variant only along with instructions to resolve the issues. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...