Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities

Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this...

Security Bulletin: Security vulnerability in GSKit shipped with IBM PCOMM v12.

Summary GSKit is an IBM component that is used by Personal Communications v12. GSKit that is shipped with Personal Communications contains security vulnerability. Personal Communications has addressed it by packaging a higher version of GSKit that contains the fix. Vulnerability Details CVEID:...

Security Bulletin: Vulnerabilities in GSKit affect IBM Personal Communications v6.0.x (CVE-2015-0138)

Summary GSKit is an IBM component that is used by IBM Personal Communications. The GSKit that is shipped with IBM Personal Communications 6.0.13 and before contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability...

Security Bulletin: IBM Security Directory Server is affected by multiple vulnerabilities in GSKit

Summary IBM Security Directory Server has addressed the following vulnerabilities caused by issues in GSKit. Vulnerability Details CVEID: CVE-2018-1427 DESCRIPTION: IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. CVSS Base Score...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager Client. The IBM Spectrum Protect Client has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to...

Security Bulletin: Multiple vulnerabilities in IBM GSKit affect Rational Directory Server (Tivoli)

Summary There are multiple security vulnerabilities in IBM® GSKit version 8. GSKit is used by IBM Rational Directory Server Tivoli. Vulnerability Details CVEID: CVE-2018-1427 DESCRIPTION: IBM GSKit contains several environment variables that a local attacker could overflow and cause a denial of...

Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities

Summary IBM API Connect has addressed multiple vulnerabilities in GSKit and OpenSSL. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to...

Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX

Summary There are multiple vulnerabilities in GSKit that affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX. Vulnerability Details CVEID: CVE-2018-1388 DESCRIPTION: GSKit V7 may disclose side channel information via discrepencies between valid and invalid PKCS1 padding...

Security Bulletin: Multiple vulnerabilities affect the GSKit component of IBM Tivoli Monitoring shipped with IBM Operations Analytics - Log Analysis

Summary The following security issues have been identified in the GSKit component included as part of the IBM Tivoil Monitoring product. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of...

Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX

IBM SECURITY ADVISORY First Issued: Fri Dec 14 12:09:04 CST 2018 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/itdsadvisory2.asc https://aix.software.ibm.com/aix/efixes/security/itdsadvisory2.asc...

Security Bulletin: IBM Security Directory Server is affected by a vulnerability in GSKit

Summary IBM Security Directory Server has addressed the following vulnerability caused by an issue in GSKit. Vulnerability Details CVEID: CVE-2018-1388 DESCRIPTION: GSKit V7 may disclose side channel information via discrepencies between valid and invalid PKCS1 padding. CVSS Base Score: 9.1 CVSS...

Security Bulletin: IBM Tivoli Common Reporting (TCR) 2018Q1 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM®...

Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.13.0. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Analytics. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been addressed in IBM GSKit. IBM Cogn...

Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server

Summary There are multiple vulnerabilities in the GSKit component that is included in the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel...

Security Bulletin: IBM Security Access Manager is affected by multiple vulnerabilities in GSKit

Summary IBM Security Access Manager has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memor...

Security Bulletin: Multiple security vulnerabilities in GSKit used by Edge Caching proxy of WebSphere Application Server

Summary There are multiple security vulnerabilities in the GSKit used by Edge Caching proxy of WebSphere Application Server. This is a separate install from WebSphere Application Server. You only need to apply this if you use the Edge Caching Proxy. Vulnerability Details CVEID: CVE-2018-1447...

Security Bulletin: A vulnerability in the GSKit component of IBM Rational ClearQuest (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Rational ClearQuest. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by an MD5 collision. An attacker could exploit this vulnerability t...

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearQuest (CVE-2015-0159)

Summary GSKit is an IBM component that is used by IBM Rational ClearQuest. The GSKit that is shipped with Rational contains a security vulnerability and ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-0159 DESCRIPTION: An unspecified error in GSKit usage of...

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearQuest (CVE-2015-0138)

Summary GSKit is an IBM component that is used by IBM Rational ClearQuest. The GSKit that is shipped with IBM Rational ClearQuest contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM Rational ClearQuest...

Security Bulletin: Vulnerabilities in GSKit affect IBM Spectrum Scale used by DB2® pureScale™ (CVE-2018-1431, CVE-2018-1447, CVE-2017-3732, CVE-2016-0705)

Summary DB2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version V4.2 and V4.1 that is used by DB2® pureScale™ Feature on AIX and Linux. IBM Spectrum Scale is previously known as General Parallel File System GPFS. Vulnerability Details CVEID: CVE-2018-1431 DESCRIPTION: A vulnerabilit...