Brennan Brazeau

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057 Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001 Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003 **Description** The issue makes it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. **Recommendations** For IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057, update to version 5.1.0.15-ISS-TIM-IF0057 or later. For Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001, update to version 6.0.0.4-ISS-SIM-IF0001 or later. For Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003, update to version 7.0.0.0-ISS-SIM-IF0003 or later.

**Name of the Vulnerable Software and Affected Versions** IBM Security SiteProtector System versions 3.0 through 3.1.1 **Description** The issue allows remote attackers to bypass intended security restrictions, execute unspecified commands, and obtain sensitive information via unknown vectors. **Recommendations** For versions 3.0 through 3.1.1, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: IBM Security Identity Manager versions 5.1 through 7.0 Description: A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests, potentially leading to cross-site scripting attacks, web cache poisoning, or other impacts. Recommendations: For IBM Security Identity Manager versions 5.1 through 7.0, update to a version that includes a fix for this issue, as no specific workaround is provided in the available data.

**Name of the Vulnerable Software and Affected Versions** IBM Security SiteProtector System versions 3.0 through 3.0.0.6 IBM Security SiteProtector System versions 3.1 through 3.1.0.3 IBM Security SiteProtector System versions 3.1.1 through 3.1.1.1 **Description** The issue allows remote authenticated users to write to arbitrary files. This is due to incorrect restriction of the directory path name with limited access. Exploitation of the issue may allow a remote attacker to record arbitrary files. **Recommendations** For IBM Security SiteProtector System versions 3.0 through 3.0.0.6, update to version 3.0.0.7. For IBM Security SiteProtector System versions 3.1 through 3.1.0.3, update to version 3.1.0.4. For IBM Security SiteProtector System versions 3.1.1 through 3.1.1.1, update to version 3.1.1.2.

**Name of the Vulnerable Software and Affected Versions** IBM Security Network Protection versions 5.1 before 5.1.0.0 FP13 IBM Security Network Protection versions 5.1.1 before 5.1.1.0 FP8 IBM Security Network Protection versions 5.1.2 before 5.1.2.0 FP9 IBM Security Network Protection versions 5.1.2.1 before FP5 IBM Security Network Protection versions 5.2 before 5.2.0.0 FP5 IBM Security Network Protection versions 5.3 before 5.3.0.0 FP1 **Description** The issue allows remote authenticated users to execute arbitrary commands via unspecified vectors on XGS devices. **Recommendations** For versions 5.1 before 5.1.0.0 FP13, update to 5.1.0.0 FP13 or later. For versions 5.1.1 before 5.1.1.0 FP8, update to 5.1.1.0 FP8 or later. For versions 5.1.2 before 5.1.2.0 FP9, update to 5.1.2.0 FP9 or later. For versions 5.1.2.1 before FP5, update to FP5 or later. For versions 5.2 before 5.2.0.0 FP5, update to 5.2.0.0 FP5 or later. For versions 5.3 before 5.3.0.0 FP1, update to 5.3.0.0 FP1 or later.

**Name of the Vulnerable Software and Affected Versions** IBM Security Identity Manager versions prior to 6.0.0.3 IF14 **Description** A directory traversal issue allows remote attackers to read arbitrary files. **Recommendations** For versions prior to 6.0.0.3 IF14, update to version 6.0.0.3 IF14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Directory Server versions 6.1 before 6.1.0.64-ISS-ITDS-IF0064 IBM Tivoli Directory Server versions 6.2 before 6.2.0.39-ISS-ITDS-FP0039 IBM Tivoli Directory Server versions 6.3 before 6.3.0.33-ISS-ITDS-IF0033 IBM Security Directory Server versions 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007 **Description** A cross-site scripting (XSS) issue exists in the Admin UI, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted URL. **Recommendations** For IBM Tivoli Directory Server version 6.1, update to 6.1.0.64-ISS-ITDS-IF0064 or later. For IBM Tivoli Directory Server version 6.2, update to 6.2.0.39-ISS-ITDS-FP0039 or later. For IBM Tivoli Directory Server version 6.3, update to 6.3.0.33-ISS-ITDS-IF0033 or later. For IBM Security Directory Server version 6.3.1, update to 6.3.1.7-ISS-ISDS-IF0007 or later.

**Name of the Vulnerable Software and Affected Versions** IBM Security QRadar SIEM versions 7.1 MR2 through 7.2 MR2 **Description** The issue allows remote attackers to execute arbitrary code. No further details are provided about the vectors used for the attack or the estimated number of potentially affected devices. **Recommendations** For versions 7.1 MR2 and 7.2 MR2, at the moment, there is no information about a newer version that contains a fix for this issue.