12 matches found
Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...
Security Bulletin: AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159)
Summary AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the...
Security Bulletin: IBM Storage Protect server is vulnerable to a file system access attack due to AWS SDK for Java (CVE-2022-31159)
Summary The AWS SDK for Java is used by IBM Storage Protect server as part of its AWS cloud support. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the downloadDirector...
Security Bulletin: IBM Security Guardium is affected by an AWS SDK vulnerability (CVE-2022-31159)
Summary IBM Security Guardium has fixed this vulnerability. Instructions for obtaining the fix are below. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the...
Security Bulletin: IBM Sterling B2B Integrator vulnerable to directory traversal due to AWS SDK for Java (CVE-2022-31159)
Summary IBM Sterling B2B Integrator has addressed the security vulnerability in AWS SDK for Java shipped with the product. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw i...
Security Bulletin: Vulnerability in AWS SDK for Java affects IBM Process Mining . CVE-2022-31159
Summary There is a vulnerability in AWS SDK for Java that could allow a directory traversal . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could...
CVE-2022-31171
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-31159. Reason: This candidate is a reservation duplicate of CVE-2022-31159. Notes: All CVE users should reference CVE-2022-31159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-31159. Reason: This candidate is a reservation duplicate of CVE-2022-31159. Notes: All CVE users should reference CVE-2022-31159 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2022-31171
CVE-2022-31159: Path traversal in AWS SDK for Java downloadDirectory in S3 TransferManager. IBM bulletins show multiple products affected (e.g., QRadar SIEM, Maximo Asset Management, Guardium, Disconnected Log Collector) and provide fix guidance. Remediation is upgrading to vendor-supplied fixed ...
CVE-2022-31159
creationtimestamp| type| source ---|---|--- 2022-07-15 22:20:31+00:00| seen| https://t.me/cibsecurity/46368 2025-08-20 21:02:35+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwud7a7ym52m...
CVE-2022-31159 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...
CVE-2022-31159
CVE-2022-31159 affects the AWS SDK for Java S3 TransferManager (v1) prior to 1.12.261. A validation flaw in downloadDirectory can let a caller include a UNIX .. sequence in an S3 object key, potentially allowing a remote attacker to download or write files outside the intended destination directo...