Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in OpenSSH

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authenticatio...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by First Failure Data Capture (FFDC) information disclosure (CVE-2018-9068)

Summary IBM Integrated Management Module II IMM2 has addressed the following First Failure Data Capture FFDC information disclosure vulnerability. Vulnerability Details CVEID: CVE-2018-9068 DESCRIPTION: Lenovo Integrated Management Module 2 IMM2 contains hard-coded credentials to access the SFTP...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in cURL/libcURL (CVE-2016-7141)

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerability in cURL/libcURL. Vulnerability Details CVEID: CVE-2016-7141 DESCRIPTION: cURL/libcURL client certificates could allow a remote attacker to bypass security restrictions, caused by an implementation error of...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in Ncurses (CVE-2017-13733)

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerability in Ncurses. Vulnerability Details CVEID: CVE-2017-13733 DESCRIPTION: Ncurses is vulnerable to a denial of service, caused by an illegal address access in the fmtentry function in progs/dumpentry.c. By using...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in libxml/libxml2

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in libxml/libxml2. Vulnerability Details CVEID: CVE-2017-5130 DESCRIPTION: Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by libxml2. By persuading a victi...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in Libidn2 (CVE-2017-14062)

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerability in Libidn2. Vulnerability Details CVEID: CVE-2017-14062 DESCRIPTION: Libidn2 is vulnerable to a denial of service, caused by an integer overflow in the decodedigit function in punydecode.c. By persuading a...

Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)

Summary The following security vulnerabilities have been addressed by IBM Integrated Management Module II IMM2 for System x, BladeCenter and Flex Systems. Vulnerability Details Summary The following security vulnerabilities have been addressed by IBM Integrated Management Module II IMM2 for Syste...

Security Bulletin: Several System x and Flex Systems products are affected by vulnerabilities in OpenSSL (CVE-2013-6449, CVE-2013-4353 and CVE-2013-6450)

Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been fix...

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2016-3627)

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following vulnerability in libxml2. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following...

Security Bulletin: Vulnerabilities in bind affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following vulnerabilities in bind. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833)

Summary IBM Integrated Management Module II IMM2 for System x, Flex & BladeCenter Systems have addressed the following vulnerability in OpenSLP. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex & BladeCenter Systems have addressed the following vulnerabili...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Integrated Management Module II (IMM2) for BladeCenter, System x and FLEX Systems (CVE-2015-7575)

Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLEX Systems. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLE...

Security Bulletin: IBM System x and Flex Systems Potential Denial of Service Due to Weak IPv4 and IPv6 Sequence Numbers

Summary Potentially predictable IPv4 and IPv6 sequence numbers generated by Linux kernels before version 3.1 may make it easier for remote attackers to cause a denial of service or hijack network sessions.. Vulnerability Details Abstract Potentially predictable IPv4 and IPv6 sequence numbers...

Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS (BEAST) Mitigations (CVE-2011-3389)

Summary Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS BEAST Mitigations CVE-2011-3389 Vulnerability Details Summary The SSL 3.0 and TLS 1.0 protocols when used with Cipher Block Chaining CBC mode with chained initialization vectors may allow man-in-the-middle...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2015-1789 CVE-2015-1790 CVE-2015-1792)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface. IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface UEFI have addressed the...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2015-0286 CVE-2015-0288 CVE-2015-0289 CVE-2015-0209 CVE-2015-0287)

Summary OpenSSL vulnerabilities were disclosed on March 19th, 2015 by the OpenSSL Project. OpenSSL is used by IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface UEFI. IBM System x, BladeCenter and Flex Systems UEFI have addressedthe applicable CVEs. Vulnerability...

Security Bulletin: Vulnerabilities in OpenSSL affect System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface UEFI. IBM System x, BladeCenter and Flex Systems UEFI has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Multiple potential vulnerabilities in OpenSSL fixed in Chassis Management Module (CMM) (CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508)

Summary OpenSSL disclosed several vulnerabilities in August 2014. Seven of those vulnerabilities apply to the version of OpenSSL used by Flex Systems Chassis Management Module CMM. Vulnerability Details Abstract OpenSSL disclosed several vulnerabilities in August 2014. Seven of those...

Security Bulletin: IBM System x and Flex Systems OpenSSH Vulnerabilities (CVE-2012-0814, CVE-2008-5161)

Summary Older versions of OpenSSH, used by several System x and Flex Systems products, contain multiple vulnerabilities. Vulnerability Details Abstract Older versions of OpenSSH, used by several System x and Flex Systems products, contain multiple vulnerabilities. Content Vulnerability Details:...