Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NPS.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NPS addressed in 11.3.0.2-IF1 Vulnerability Details CVEID:CVE-2016-10735 DESCRIPTION: In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability...

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access Appliance. (CVE-2023-1206)

Summary The Linux Kernel as shipped on the IBM Security Verify Access Appliance has a denial of service vulnerability in the IPv6 connection lookup table. This has been fixed in the IBM Security Verify Access Appliance 10.0.8.0 IF1. Vulnerability Details CVEID:CVE-2023-1206 DESCRIPTION: Linux...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Enterprise Content Management System Monitor

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version Java 6 and Java 7 used by Enterprise Content Management System Monitor. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVEID: CVE-2016-5573 DESCRIPTION:...

Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in the Apache Portal Runtime (CVE-2017-12613)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array dereference in aprtimeexp...

Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in NSS (CVE-2017-7805)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-7805 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating handshake hashes...

Security Bulletin: IBM SPSS SamplePower vsflex8l ActiveX Control ComboList Property Remote Code Execution Vulnerability (CVE-2013-6724)

Summary There is security vulnerability with an ActiveX control shipped by IBM SPSS SamplePower Version 3.0.1. This is corrected in IBM SPSS SamplePower 3.0.1 IF1. Vulnerability Details VULNERABILITY DETAILS: CVE IDs: CVE-2013-6724 DESCRIPTION: The latest available Interim Fix installer for IBM...

Security Bulletin: IBM Cognos Controller is affected by HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)

Summary There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel. Vulnerability Details CVEID: CVE-2015-2017 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could...

Code injection

IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

Design/Logic Flaw

IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page...

CVE-2014-6074

IBM UrbanCode Deploy 6.1.0.2 before IF1 is affected. The flaw allows remote authenticated users to read keystore secret keys via direct access to a UI page, potentially exposing all encrypted values and SSL communications between server and agents. The IBM security bulletin notes the affected pro...