IBM Traveler 9.0.1.13 server released

IBM just released FP13 for IBM Traveler. You can get it here. 
It will be available on Passport Advantage by August 25th.
The following APAR fixes are included:

LO89772 - Multiple replies sent to meeting chair from invitee using Apple Native Calendar
LO82881 - Domino server may crash if $NTTrack field is corrupted.
LO89471 - Traveler invitee status may be incorrect if using mixed case Internet addresses.
LO89606 - Number of recipients limited to 100 when sending mail from a mobile device.
LO89745 - Traveler server enters constrained state when load balancing a large number of users.
LO89840 - IBM Verse mobile application fails to download entire mail for very large mail documents.
LO89952 - Deleted device still present in the Web Administration UI after the 30 day reap interval.
LO89954 - E-mail not in sent folder on mobile device when user sends and files an e-mail in Notes client

IBM Traveler 9.0.1.13 Release Notes

Traveler FixList

Source: ibm.com

multiple vulnerabilities in IBM Connections

IBM just reported multiple XSS and other vulnerabilities in IBM Connections (all versions).
You will have upgrade your Connections envoirnment to the most recent version & apply the provided IFs to get rid of them.


 CVEID: CVE-2016-0310
DESCRIPTION: IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111450 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

VEID: CVE-2016-0305
DESCRIPTION: IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111422 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2016-0307
DESCRIPTION: IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111447 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-0308
DESCRIPTION: IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111448 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)


 

IBM Domino and TLS - Part 4 - How To fix your trust & security issues

"The server does not support Forward Secrecy" (PFS)
Ciphers supporting PFS were introduced with Domino 9.0.1 FP3 IF2. The only thing you need to do is to upgrade your Domino to the most recent version. You may also have a look at this article.
Please keep in mind that PFS may significantly raise the CPU usage of your servers in huge envoirnments (8000+ users).


This was my last part of "How to fix your trust & security issues".
I hope I was able to help some of you and I would appreciate any kind of feedback from you !

Regards,
Jan