Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Manager (CVE-2016-5983 )

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. The deserialization of untrusted data vulnerability affecting IBM WebSphere...

Security Bulletin: A security vulnerability has been identified in Tivoli Integrated Portal shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2016-5986)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. Information about a security vulnerability affecting IBM WebSphere Application...

Security Bulletin: A security vulnerability has been identified in Tivoli Integrated Portal shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2016-0385)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. Information about a security vulnerability affecting IBM WebSphere Application...

Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server and bundling products shipped with IBM Cloud Orchestrator (CVE-2016-3426, CVE-2016-3427)

Summary Information about a security vulnerability that affects IBM Java SDK, IBM WebSphere Application Server, and bundling products of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition has been published in a security bulletin. These issues were also addressed by IBM WebSpher...

Security Bulletin: IBM SmartCloud Provisioning security vulnerability has been identified in nginx (CVE-2016-4450)

Summary IBM SmartCloud Provisioning and SmartCloud Provisioning for Software Virtual Appliaance ships with nginx. A denial of service vulnerability has been identified in nginx CVE-2016-4450. Vulnerability Details CVE-ID: CVE-2016-4450 Description: nginx is vulnerable to a denial of service, caus...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affects IBM WebSphere Application Server that is bundled with SmartCloud Cost Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM WebSphere Application Server. It is bundled and shipped with IBM SmartCloud Cost Management. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the...

Security Bulletin: Multiple Vulnerabilities in ISC Bind affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2016-1286, CVE-2016-2088, CVE-2016-1285)

Summary Vulnerabilities have been identified in bind package in ISC Bind affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2016-1286 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing signature records...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Provisioning

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ that is used by IBM SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3443 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator

Summary IBM Tivoli System Automation for Multiplatforms is shipped as a component of IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM SmartCloud Orchestrator, and IBM SmartCloud Orchestrator Enterprise. Information about security vulnerabilities affecting IBM Tivoli System Automatio...

Security Bulletin: Vulnerabilities in IBM Cloud Orchestrator (CVE-2016-0203, CVE-2015-7494)

Summary IBM Cloud Orchestrator has identified Cross Domain Services Action and Virtual Machine Authentication vulnerabilities. IBM Cloud Orchestrator, formerly known as SmartCloud Orchestrator, has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0203 DESCRIPTION: A...

Security Bulletin: A security vulnerability in FIPS140-2 has been identified in WebSphere Application Server shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager

Summary IBM WebSphere Application server is shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager. There is a potential security vulnerability in IBM WebSphere Application Server if FIPS 140-2 is enabled. Vulnerability Details Refer to the security bulletin in the...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Multiple vulnerabilities in OpenSSL affect all releases of IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance. This bulletin covers also OpenSSL vulnerabilities that were disclosed on March 1, 2016 by the OpenSSL Project inluding the “DROWN: Decrypting RSA with Obsolete an...

Security Bulletin: Multiple vulnerabilities in Samba affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by IBM SmartCloud Provisioning for IBM Software Virtual Appliance. IBM SmartCloud Provisioning for IBM Software Virtual Appliance has addressed the applicable CVEs including the vulnerability commonly referred to as...

Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Orchestrator, HTTP Server and bundling products shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2015-1788)

Summary Denial of Service vulnerability has been identified in OpenSSL. IBM Cloud Orchestrator® and IBM Cloud Orchestrator Enterprise Edition have addressed this issue. This issue was also addressed by IBM Cloud Manager with OpenStack, IBM HTTP Server, and IBM DB2® LUW which are shipped with IBM...

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator Enterprise and IBM SmartCloud Orchestrator Enterprise (CVE-2016-0603)

Summary IBM Tivoli Monitoring is shipped as a component of Cloud Orchestrator Enterprise and SmartCloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM Tivoli Monitoring has been published in a security bulletin. Vulnerability Details Consult the Security Bulleti...

Security Bulletin: Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance. Please note product software support discontinuance as per IBM Withdrawal Announcement 916-016. For withdrawal announcement information details see the Reference section below...

Security Bulletin: HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017)

Summary HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager CVE-2015-2017. Vulnerability Details CVEID: CVE-2015-2017 DESCRIPTION: The IBM WebSphere Application Server is...

Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Vulnerabilities in Python, rpcbind, SQLite packages affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2014-4650 DESCRIPTION: Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failu...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning

Summary Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Note that...

Security Bulletin: A vulnerability in GNU C library (glibc) affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-7547)

Summary A vulnerability in GNU C library glibc affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance CVE-2015-7547. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by th...