Security Bulletin: node-uuid unsafe fallback to Math.random (CVE-2015-8851)

Summary A vulnerability in the node-uuid module causes the module to fallback on math.random under certain circumstances, which leads to predictable UUIDs. The node-uuid module is used by the Node.js Package Manager npm. Vulnerability Details CVEID: CVE-2015-8851 DESCRIPTION: node.js node-uuid...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2016-0363, CVE-2016-0376)

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 7 and 8 that is used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-0363...

Security Bulletin: Node.js Package Manager (npm) Bearer Token Vulnerability affects IBM Rational Application Developer for WebSphere Software (CVE-2016-3956)

Summary A vulnerability in the Node Package Manager's use of HTTP bearer tokens affects IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2016-3956 DESCRIPTION: npm could allow a remote attacker to obtain sensitive information, caused by the unintentional leakage of bearer tokens from the...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software (CVE-2016-2842)

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL project. OpenSSL is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Vulnerability in Apache Commons affects IBM Rational Application Developer for WebSphere Software (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute...

Security Bulletin: Rational Application Developer for WebSphere Software in Cordova platform (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)

Summary OpenSSL support for SSL 3.0 fallback protection + other 3 CVEs that affect the IBM SDK for Node.js used by the Cordova platform packaged with IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important produc...

Security Bulletin:Security vulnerability has been identified in Rational Application Developer shipped with Rational Software Architect for Websphere (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470)

Summary IBM Rational Application Developer for WebSphere Software RAD is shipped as a component of Rational Software Architect. Information about a security vulnerability affecting RAD has been published in a security bulletin. Vulnerability Details | Subscribe to My Notifications to be notified ...

Security Bulletin: IBM InfoSphere Streams update of IBM® SDK Java™ Technology Edition (CVE-2016-0363, CVE-2016-0376)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases provided with IBM...

Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)

Summary IBM API Connect has addressed the following vulnerability. PHP is vulnerable to server-side request forgery, caused by a flaw in the fsockopen function. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct a Server Side Request Forgery SSRF attack...

Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602)

Summary IBM API Connect has addressed the following vulnerability. Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this vulnerability using multiple attack vectors to execute arbitrary code on t...

Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)

Summary IBM API Connect has addressed the following vulnerabilities. API Connect Developer Portal is impacted by Drupal vulnerability: Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this...

Security Bulletin: API Connect Developer Portal is affected by authenticated user access to sensitive information vulnerability (CVE-2017-1785)

Summary API Connect has addressed the following vulnerability. API Connect Developer Portal could allow an authenticated remote user to modify query parameters to obtain sensitive information. Vulnerability Details CVEID: CVE-2017-1785 DESCRIPTION: API Connect Developer Portal could allow an...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499)

Summary IBM API Connect has addressed Node.js vulnerabilities involving access to sensitive information and potential denial of service. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 4 Fix Pack 7 and earlier releases that are used by IBM MQ Light. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10115...

Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922)

Summary IBM API Connect Developer Portal could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to the private file system. Vulnerability Details CVEID: CVE-2017-6922 DESCRIPTION: Drupal could allow a remote attacker to bypass security restrictions...

Security Bulletin: IBM API Connect is affected by an information disclosure vulnerability (CVE-2017-1379).

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-1379 DESCRIPTION: IBM API Connect could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. CVSS Base Score: 5.3 CVSS...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer and WebSphere Integration Developer

Summary There are vulnerabilities in IBM SDK Java™ Technology Edition that is used by IBM Integration Designer and WebSphere Integration Developer. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Vulnerability Details CVEID: CVE-2016-2183...

Security Bulletin: IBM API Connect Developer Portal is vulnerable to unauthenticated remote code execution (CVE-2017-1161)

Summary An unauthenticated remote code execution vulnerability affects IBM API Connect Developer Portal. IBM has addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-1161 DESCRIPTION: IBM API Connect could allow a remote attacker to execute arbitrary commands on the system, caused ...

Security Bulletin: A security vulnerability has been identified in IBM Rational Application Developer shipped with IBM Business Modeler (CVE-2015-7439)

Summary IBM Rational Application Developer is shipped as a component of IBM Business Modeler. Information about a security vulnerability affecting IBM Rational Application Developer has been published in a security bulletin. Vulnerability Details Consult the security bulletin Cross-Site Scripting...

Security Bulletin: Vulnerability in IBM Java™ SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2016-3427)

Summary There is a vulnerability in IBM SDK Java™ Technology Edition that is used by IBM Integration Designer and WebSphere Integration Developer. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An unspecified...