Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for Hyper-V. IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V has addressed the applicable CVEs...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) Server

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager Server. The IBM Spectrum Protect Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for VMware. IBM Spectrum Protect for Virtual Environments: Data Protection for VMware has addressed the applicable CVEs...

Security Bulletin: Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus

Summary Multiple vulnerabilities has been addressed in the GSKit component of Tivoli Netcool/OMNIbus. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be...

Security Bulletin: eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities

Summary eDiscovery Manager has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Details of the vulnerabilities is mentioned below. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private...

Security Bulletin: IBM FileNet Image Services is affected by GSKit and GSKit-Crypto vulnerabilities

Summary IBM FileNet Image Services has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this...

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine

Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2016-5582 DESCRIPTION: A flaw in the Hotspot JIT compiler allows an attacker to disable the security manager and execute arbitrary code...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Service Tester (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Service Tester. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: IBM Security Network Protection is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, CVE-2017-3736, CVE-2017-3732, CVE-2016-0705, and CVE-2018-1447 have been discovered in GSKit used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is...

Security Bulletin: IBM Security Access Manager Appliance is affected by an encryption vulnerability (CVE-2017-1473)

Summary IBM Security Access Manager Appliance has addressed the following weak encryption vulnerability. Vulnerability Details CVEID: CVE-2017-1473 DESCRIPTION: IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

Security Bulletin: IBM Security Key Lifecycle Manager uses indeaquate encryption strength algorithms (CVE-2017-1665)

Summary IBM Security Key Lifecycle Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2017-1665 DESCRIPTION: IBM Tivoli Key Lifecycle Manager uses weaker than expected cryptographic...

Security Bulletin: IBM Security Key Lifecycle Manager uses broken or risky cryptographic algorithm (CVE-2017-1664)

Summary IBM Security Key Lifecycle Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2017-1664 DESCRIPTION: IBM Tivoli Key Lifecycle Manager uses weaker than expected cryptographic...

Security Bulletin: Multiple Security vulnerabilities fixed in IBM Security Privileged Identity Manager

Summary There are multiple Security vulnerabilities that are fixed in the IBM Security Privileged Identity Manager Vulnerability Details CVEID: CVE-2016-5957 DESCRIPTION: IBM Security Privileged Identity Manager uses weaker than expected cryptographic algorithms that could allow an attacker to...

Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879)

Summary The software uses an outdated insecure cipher or it is using a proprietary crypto standard which is likely to be vulnerable. Outdated/broken algorithms are MD4, MD5, SHA1, DES, ECB, RC4, Export ciphers, SSLv2, SSLv3, DH using keys less than 1024 Vulnerability Details CVEID: CVE-2016-2879...

Security Bulletin: CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2008-5161)

Summary CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities have been discovered in OpenSSH used with IBM Security Network Protection. These vulnerabilities have been addressed in the firmware versions below. Vulnerability Details CVEID: CVE-2008-5161 DESCRIPTION: OpenSSH and multiple S...

Security Bulletin: IBM Security Access Manager for Web appliances has some weak SSH MAC Algorithms enabled (CVE-2015-5012)

Summary IBM Security Access Manager for Web appliance enables some SSH MAC Algorithms that only provide weak security, which could leave sensitive information vulnerable to decryption. Vulnerability Details CVEID: CVE-2015-5012 DESCRIPTION: IBM Security Access Manager for Web could provide weaker...

Satellite Tracking Application: Gpredict

Gpredict is a real-time satellite tracking and orbit prediction application. It can track a large number of satellites and display their position and other data in lists, tables, maps, and polar plots radar view. Gpredict can also predict the time of future passes for a satellite, and provide you...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM WebSphere MQ (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere MQ. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Gpredict - Satellite Tracking Application

Gpredict is a real-time satellite tracking and orbit prediction application. It can track a large number of satellites and display their position and other data in lists, tables, maps, and polar plots radar view. Gpredict can also predict the time of future passes for a satellite, and provide you...

Cloudflare Gets Transparent on DNS Resolver Outage

In a testament to transparency, Cloudflare has explained a 17-minute outage on its 1.1.1.1 resolver service last week: It was a glitch in its own systems, not a cyber-incident. The 1.1.1.1 service is a Domain Name System DNS resolver that matches up URLs say, “cloudflare.com” with their...