60 matches found
CVE-2019-17359
The ASN.1 parser in Bouncy Castle Crypto aka BC Java 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importi...
Security Bulletin: Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services
Summary Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services CVE-2024-8184, CVE-2024-6763, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2021-28170, CVE-2023-48795, CVE-2023-33201, CVE-2023-33202, CVE-2023-4218, CVE-2023-36478,...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in t...
Security Bulletin: IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171
Summary IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow ...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Bouncy Castle Crypto Package For Java
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Bouncy Castle Crypto Package For Java Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Bouncy Castle Crypto Package For Java
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Bouncy Castle Crypto Package For Java Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importin...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.
Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...
Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java
Summary There are vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java consumed by IBM Cognos Transformer. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to third-party components...
Security Bulletin: Multiple Vulnerabilities in Db2 affect IBM Cloud Pak Sytem
Summary Vulnerabilities in Db2 affect IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using ...
Security Bulletin: Denial of service, DNS poisoning, and information disclosure might affect IBM Storage Defender – Resiliency Service
Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in denial of service, DNS poisoning, and information disclosure. The vulnerabilities have been addressed. CVE-2024-34447, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2024-45296, CVE-2023-44487, CVE-2024-29857...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...
Security Bulletin: Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation. IBM Robotic Process Automation uses Bouncy Catle Crypto for some cryptographic processing. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafte...
Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...
Security Bulletin: Mutiple vulnerabilities in Bouncy Castle Crypto Package For Java may affect IBM Storage Scale GUI (CVE-2024-30171, CVE-2024-29857)
Summary There are vulnerabilities in Bouncy Castle Crypto Package For Java, used by IBM Storage Scale GUI, which could allow a remote attacker to exploit and obtain sensitive information. Vulnerability Details CVEID:CVE-2018-20676 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caus...
Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-29857.
Summary IBM Maximo Application Suite uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-29857. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable ...
Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)
Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: The...
Security Bulletin: Mutiple vulnerabilities in Bouncy Castle Crypto Package For Java may affect IBM Storage Scale GUI (CVE-2024-30171, CVE-2024-29857)
Summary There are vulnerabilities in Bouncy Castle Crypto Package For Java, used by IBM Storage Scale GUI, which could allow a remote attacker to exploit and obtain sensitive information. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerab...