Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile WLP to version 26.0.0.4 for security update in WLP. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.492 for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.19. for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

Security Bulletin: Apache Commons IO used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-47554)

Summary The Apache Commons IO used by Identity Insight is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to...

Security Bulletin: InfoSphere Identity Insight is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache Commons FileUpload when servlet-3.0 feature is enabled. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: InfoSphere Identity Insight vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache CXF library when jaxws-2.2 feature is enabled. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-34165)

Summary The IBM WebSphere Liberty Profile used in IBM InfoSphere Identity Insight is vulnerable to HTTP header injection when processing web requests. This problem is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Source disclosure in IBM InfoSphere Identity Insight’s Help System (CVE-2013-0467)

Abstract Identity Insight’s Help System could allow a remote attacker to obtain source of the Help System. Content SUMMARY: Identity Insight’s Help System could allow a remote attacker to obtain source of the Help System. VULNERABILITY DETAILS: CVE ID: CVE-2013-0467 CVSS: CVSS Base Score: 4 CVSS...

Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

Summary A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. Vulnerability Details...

Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-22475 and CVE-2022-22476)

Summary The IBM WebSphere Liberty Profile used in IBM InfoSphere Identity Insight is vulnerable to identity spoofing by an authenticated user. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: Updating OpenJDK in Identity Insight 10.0 to 17.0.3

Summary This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.3. Vulnerability Details This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.0.3. NOTE: Please substitute...

Security Bulletin: Updating OpenJDK in Identity Insight 10.0 to 17.0.3

Summary This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.3. Vulnerability Details This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.0.3. NOTE: Please substitute...

Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM InfoSphere Identity Insight (CVE-2021-35550, CVE-2021-35603, CVE-2022-21496)

Summary There are multiple vulnerabilities in the IBM Java used in IBM InfoSphere Identity Insight II. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: Updating OpenJDK in Identity Insight 10.0 to 17.0.2

Summary This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.2. Vulnerability Details This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.0.2. NOTE: Please substitute...

Security Bulletin: Vulnerability in IBM Java JRE affects IBM InfoSphere Identity Insight (CVE-2021-35578)

Summary A vulnerability in the IBM Java JRE affects IBM InfoSphere Identity Insight. An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors...

Security Bulletin: Vulnerabilities in WebSphere Liberty Profile affect IBM InfoSphere Identity Insight (CVE-2020-4421, CVE-2020-4590, CVE-2020-5258, CVE-2021-26296)

Summary There are multiple vulnerabilities in the WebSphere Liberty Profile used in IBM InfoSphere Identity Insight. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Identity Insight (CVE-2020-14781)

Summary IBM InfoSphere Identity Insight 9.0 and 9.1 contain a version of Java with a low-impact vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere Identity...

Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518)

Summary The libXml2 library used by Identity Insight has a potential use-after-free vulnerability that could be exploited by an attacker using a crafted input file. Vulnerability Details CVEID: CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: Vulnerabilities in IBM Java SE affect IBM InfoSphere Identity Insight (CVE-2020-14782)

Summary In the Java used in IBM InfoSphere Identity Insight 9.0 and 9.1, an unspecified vulnerability related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact. This vulnerability has no confidentiality impact or availability impact. Vulnerability...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM InfoSphere Identity Insight (CVE-2020-27221)

Summary Eclipse OpenJ9 used as part of IBM InfoSphere Identity Insight running on Linux or AIX is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker coul...