Security Bulletin: Vulnerabilities in Open Source Expact affect Tivoli Network Manager IP Edition

Summary Vulnerabilities in Open Source Expat affect Tivoli Network Manager IP Edition. Tivoli Network Manager IP Edition has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2012-6702 DESCRIPTION: Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of...

Security Bulletin: A vulnerability in Apache Xerces-C XML Parser library affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-4463)

Summary Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-4463 DESCRIPTION: Apach...

Security Bulletin: A vulnerability in Apache Xerces-C XML Parser library affects IBM Performance Management products (CVE-2016-0729 )

Summary Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input documents, an attacker could exploit this vulnerability to cause the library to crash or possibly execute...

Security Bulletin: Multiple Expat XML Parser vulnerabilities in Prospect

Summary There are potential multiple Expat xml parser vulnerabilities in Prospect Core 8.0.7 Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple...

Security Bulletin: A vulnerability in Apache Xerces-C XML Parser library affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-0729 )

Summary Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input documents, an attacker could exploit this vulnerability to cause the library to crash or possibly execute...

Security Bulletin: Multiple vulnerabilities in usage of IBM Java SDK in IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition (CVE-2013-5802, CVE-2013-4002, CVE-2013-5825, CVE-2013-5372)

Summary Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition products. Vulnerability Details CVE ID: CVE-2013-5802 DESCRIPTION: JRE vulnerable to denial of service attacks via malform...

Security Bulletin: Open Source Apache PDFBox Vulnerability in IBM eDiscovery Analyzer

Summary Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of...

Security Bulletin: Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability (CVE-2016-0729)

Summary Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error...

Security Bulletin: Content Manager OnDemand for Multiplatforms is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729)

Summary Content Manager OnDemand for Multiplatforms is affected by Open Source Apache Xerces-C XML parser Vulnerabilities. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during...

Security Bulletin: Content Integrator- Apache Xerces-J XML parser Denial of Service attack (CVE-2013-4002)

Summary Apache Xerces-J XML parser XML4J shipped with IBM Content Integrator is vulnerable to a denial of service attack that can be triggered by malformed XML data Vulnerability Details DESCRIPTION: The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malforme...

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718)

Summary A vulnerability has been identified in the Expat XML parser, which affects IBM Security Access Manager appliances. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By...

Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463)

Summary Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service. IBM Tivoli Access Manager for e-business and IBM Security...

Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718)

Summary A security vulnerability has been discovered in Expat XML parser, which is used by IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By...

Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection

Summary There are several vulnerabilities that might affect IBM HTTP Server that is used by IBM Security Network Protection. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending...

Security Bulletin: A vulnerability in the Apache Xerces-C XML parser affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software (CVE-2016-0729)

Summary IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software is affected by a vulnerability in the Apache Xerces-C XML parser. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service,...

Security Bulletin: A vulnerability in the Apache Xerces-C XML parser affects IBM Security Access Manager for Web (CVE-2016-0729)

Summary IBM Security Access Manager for Web is affected by a vulnerability in the Apache Xerces-C XML parser. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and...

Security Bulletin: Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway can be affected by two vulnerabilities in the IBM WebSphere Application Server component (CVE-2014-0423, CVE-2014-0411)

Summary The IBM WebSphere Application Server component provided with IBM Tivoli Federated Identity Manager FIM and IBM Tivoli Federated Identity Manager Business Gateway FIMBG is vulnerable to a denial of service attack and a transport layer security TLS timing attack. Vulnerability Details CVE-I...

Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management (CVE-2016-2175)

Summary Apache PDFBox affects IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2016-2175 DESCRIPTION: Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. ...

Security Bulletin: IBM Forms Viewer may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729, CVE-2016-4463)

Summary An IBM Form XFDL document that contains a specially crafted mark-up could crash IBM Forms Viewer. This may expose a vulnerability in its use of the Apache Xerces-C XML Parser library. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable ...

Security Bulletin: IBM Forms Server may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729, CVE-2016-4463)

Summary An IBM Form XFDL document that contains a specially crafted mark-up could crash IBM Forms Server. This may expose a vulnerability in its use of the Apache Xerces-C XML Parser library. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable ...