Security Bulletin: IBM Security Directory Integrator has upgraded log4j

Summary IBM Security Directory Integrator SDI has upgraded to log4j 2.17.1. Although SDI was technically not vulnerable to the issue described below because it did not use JMSAppender, as a matter of good software hygiene the product has upgraded to the current version of log4j. SDI uses log4j as...

Security Bulletin: A security vulnerability has been identified in Apache Storm, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-0202)

Summary Apache Storm is shipped with IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting Apache Storm has been published here. Vulnerability Details CVE-ID: CVE-2019-0202 Description: Apache Storm could allow a remote attacker to obtain sensitiv...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Rational ClearCase (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Rational ClearCase. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

IBM DB2 Connect 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (Windows)

According to its version, the installation of IBM DB2 Connect on the remote Windows host is either 9.7 prior to Fix Pack 11 Special Build 36621, 10.1 prior to Fix Pack 6 Special Build 36610, 10.5 prior to Fix Pack 8 Special Build 36605, or 11.1.2 prior to Fix Pack 2. It is, therefore, affected by...

IBM Domino 8.5.x / 9.0.x < 9.0.1 Fix Pack 8 TLS Server Diffie-Hellman Key Validation MitM

According to its banner, the version of IBM Domino formerly IBM Lotus Domino running on the remote host is 8.5.x or 9.0.x prior to 9.0.1 Fix Pack 8. It is, therefore, affected by a flaw in the TLS server due to improper validation of Diffie-Hellman parameters. A man-in-the-middle MitM attacker ca...

IBM DB2 10.5 < Fix Pack 8 Multiple DoS

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 8. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the SQLNPSCOPETRIAL function due to improper handling of SQL statements. An...

IBM DB2 10.5 < Fix Pack 8 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 8. It is, therefore, affected by the following vulnerabilities : - A local privilege escalation vulnerability exists due to insecurely loading binaries planted in a location that a SETGID or...

IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 8 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A CSRF vulnerability exists in IBM WebSphere Application Server due to improper validation of portlets in the Administrative...

IBM DB2 9.1 < 9.1 Fix Pack 8 Multiple Vulnerabilities

Binary data 5190.prm...