ibm security advisories

21 threat alerts tracking vulnerabilities and security advisories that affect ibm products.

Vulnios monitors ibm CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent ibm security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2017-1383 — ibm — infosphere_information_server, softlayer
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expo
criticalCVE-2017-1383
Critical Vulnerability: CVE-2016-8964 — ibm — bigfix_inventory, license_metric_tool
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.
criticalCVE-2016-8964
Critical Vulnerability: CVE-2017-1269 — ibm — security_guardium
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informa
criticalCVE-2017-1269
Critical Vulnerability: CVE-2017-1253 — ibm — security_guardium
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability
criticalCVE-2017-1253
Critical Vulnerability: CVE-2017-1175 — ibm — maximo_asset_management
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or dele
criticalCVE-2017-1175
Critical Vulnerability: CVE-2017-1197 — ibm — bigfix_security_compliance_analytics
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.
criticalCVE-2017-1197
Critical Vulnerability: CVE-2017-1196 — ibm — bigfix_security_compliance_analytics
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID:
criticalCVE-2017-1196
Critical Vulnerability: CVE-2016-6087 — ibm — domino
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
criticalCVE-2016-6087
Critical Vulnerability: CVE-2016-6093 — ibm — security_key_lifecycle_manager, tivoli_key_lifecycle_manager
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
criticalCVE-2016-6093
Critical Vulnerability: CVE-2017-1092 — ibm — informix_open_admin_tool
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
criticalCVE-2017-1092
Critical Vulnerability: CVE-2016-6111 — ibm — curam_social_program_management
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit
criticalCVE-2016-6111
Critical Vulnerability: CVE-2016-9706 — ibm — integration_bus, websphere_message_broker
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote
criticalCVE-2016-9706
Critical Vulnerability: CVE-2016-0360 — ibm — websphere_mq_jms
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding v
criticalCVE-2016-0360
Critical Vulnerability: CVE-2016-8954 — ibm — dashdb_local
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
criticalCVE-2016-8954
Critical Vulnerability: CVE-2016-9005 — ibm — system_storage_ts3100-ts3200_tape_library
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.
criticalCVE-2016-9005
Critical Vulnerability: CVE-2016-6095 — ibm — security_key_lifecycle_manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
criticalCVE-2016-6095
Critical Vulnerability: CVE-2016-5964 — ibm — security_privileged_identity_manager
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
criticalCVE-2016-5964
Critical Vulnerability: CVE-2016-6090 — ibm — websphere_commerce
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial o
criticalCVE-2016-6090
Critical Vulnerability: CVE-2016-6082 — ibm — bigfix_platform
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary
criticalCVE-2016-6082
Critical Vulnerability: CVE-2016-8938 — ibm — urbancode_deploy
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host cus
criticalCVE-2016-8938
Critical Vulnerability: CVE-2016-2908 — ibm — security_access_manager_9.0_firmware, security_access_manager_for_mobile_8.0_firmware
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker
criticalCVE-2016-2908

Track ibm exposure across your environment

Vulnios automatically cross-references your asset inventory against new ibm CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

ibm security advisories

Critical Vulnerability: CVE-2017-1383 — ibm — infosphere_information_server, softlayer

Critical Vulnerability: CVE-2016-8964 — ibm — bigfix_inventory, license_metric_tool

Critical Vulnerability: CVE-2017-1269 — ibm — security_guardium

Critical Vulnerability: CVE-2017-1253 — ibm — security_guardium

Critical Vulnerability: CVE-2017-1175 — ibm — maximo_asset_management

Critical Vulnerability: CVE-2017-1197 — ibm — bigfix_security_compliance_analytics

Critical Vulnerability: CVE-2017-1196 — ibm — bigfix_security_compliance_analytics

Critical Vulnerability: CVE-2016-6087 — ibm — domino

Critical Vulnerability: CVE-2016-6093 — ibm — security_key_lifecycle_manager, tivoli_key_lifecycle_manager

Critical Vulnerability: CVE-2017-1092 — ibm — informix_open_admin_tool

Critical Vulnerability: CVE-2016-6111 — ibm — curam_social_program_management

Critical Vulnerability: CVE-2016-9706 — ibm — integration_bus, websphere_message_broker

Critical Vulnerability: CVE-2016-0360 — ibm — websphere_mq_jms

Critical Vulnerability: CVE-2016-8954 — ibm — dashdb_local

Critical Vulnerability: CVE-2016-9005 — ibm — system_storage_ts3100-ts3200_tape_library

Critical Vulnerability: CVE-2016-6095 — ibm — security_key_lifecycle_manager

Critical Vulnerability: CVE-2016-5964 — ibm — security_privileged_identity_manager

Critical Vulnerability: CVE-2016-6090 — ibm — websphere_commerce

Critical Vulnerability: CVE-2016-6082 — ibm — bigfix_platform

Critical Vulnerability: CVE-2016-8938 — ibm — urbancode_deploy

Critical Vulnerability: CVE-2016-2908 — ibm — security_access_manager_9.0_firmware, security_access_manager_for_mobile_8.0_firmware

Track ibm exposure across your environment