I think you're right on the Support portal only showing vulnerabilities
where they have PTFs.
I was able to find plenty under "My support" or searching the portal using
the following criteria:

Support Portal > IBM i 7.1
Filter by operating system
"i family of operating systems (formerly i5/OS family)"
Filter by document type
"Security bulletins"

Search withing results:
"CVE"

That's a painful and complicated way to get what should be a simple list of
all known CVE vulnerabilities. But, as usual, it's just seems to be the
standard for how IBM operates.


Ron Adams



On Mon, Aug 8, 2016 at 6:33 AM, Rob Berendt <rob@xxxxxxxxx> wrote:

Where are you finding this in the IBM Support Portal? Show me that and
I'll see if there's a better list for it.

I would think that the IBM Support Portal would only show you
vulnerabilities in which there was a PTF issued to resolve it.

I checked that cvedetails site. Not to go Trevor on you but there is also
a product called "I". That site however only listed one entry for i and I
know there's been a whole load of other vulnerabilities.
And, with all the open source crap IBM uses and refuses to update their
version but only patch the version it's really hard to use that site to
tie it back to IBM i. For example, tie these two together:
CVE-2016-1285
https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2016-1285
http://www-912.ibm.com/a_dir/as4ptf.nsf/86acab6961d02f8386257707005030d2/
a467dc4de66921a286257fab0000a450?OpenDocument&Highlight=2,dns


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Ron Adams <rondadams@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 08/07/2016 06:00 PM
Subject: IBM i CVE Vulnerability database search
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Does anyone know of a comprehensive source to search for IBM i
vulnerabilities other than the IBM Support portal. The support portal will
give a good list, but I need something that can be more easily imported
into a security tool for cross-referencing.

Searching sites like cvedetails.com or cve.mitre.org don't seem to
cross-reference the i very well. Searching cvedetails.comonly yields 3
hits.
https://www.cvedetails.com/vulnerability-list/vendor_id-
14/product_id-5093/IBM-Iseries-As-400.html


--
Ron Adams
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.





This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].