Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearQuest (CVE-2015-7450)

Summary IBM WebSphere Application Server is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security Bulletin:...

Security Bulletin: IBM Security Access Manager appliances are affected by an SQL Injection vulnerability (CVE-2016-3046)

Summary IBM Security Access Manager appliances are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view information in the back-end database. Vulnerability Details CVEID: CVE-2016-3046 DESCRIPTION: IBM Security Access...

Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSL (CVE-2016-0797, CVE-2016-0705)

Summary Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web. Vulnerability Details CVEID: CVE-2016-0797 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BNhex2bn/BNdec2bn function. An attacker could exploit this vulnerability...

Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access Manager for Web (CVE-2015-2730)

Summary Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. IBM Security Access Manager for Web is affected by a vulnerability in the nss-softokn package. Vulnerability Details CVEID: CVE-2015-2730...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2014-8121)

Summary A GNU C library glibc vulnerability affects IBM Security Access Manager for Web. Vulnerability Details CVEID: CVE-2014-8121 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DBLOOKUP in nssfiles/files-XXX.c ...

CVE-2015-8531

CVE-2015-8531 affects IBM Security Access Manager for Web: 8.0 (before 8.0.1.3 IF4) and 9.0 (before 9.0.0.1 IF1). The issue is a cross-site scripting vulnerability caused by improper validation of user-supplied input, exploitable via a specially crafted URL to execute script in a victim’s browser...

CVE-2014-3052

The vulnerability CVE-2014-3052 affects IBM Security Access Manager for Web (ISAM) v8.0, firmware 8.0.0.2 and 8.0.0.3. A defect in the reverse-proxy configuration causes the jct-nist-compliance setting to be interpreted in the opposite way, so SSL connections to backends may not enforce NIST SP 8...

CVE-2014-3052

The reverse-proxy feature in IBM Security Access Manager ISAM for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL...