Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.492 for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.19. for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

Security Bulletin: Apache Commons IO used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-47554)

Summary The Apache Commons IO used by Identity Insight is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to...

Security Bulletin: InfoSphere Identity Insight is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache Commons FileUpload when servlet-3.0 feature is enabled. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: InfoSphere Identity Insight vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache CXF library when jaxws-2.2 feature is enabled. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-34165)

Summary The IBM WebSphere Liberty Profile used in IBM InfoSphere Identity Insight is vulnerable to HTTP header injection when processing web requests. This problem is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Source disclosure in IBM InfoSphere Identity Insight’s Help System (CVE-2013-0467)

Abstract Identity Insight’s Help System could allow a remote attacker to obtain source of the Help System. Content SUMMARY: Identity Insight’s Help System could allow a remote attacker to obtain source of the Help System. VULNERABILITY DETAILS: CVE ID: CVE-2013-0467 CVSS: CVSS Base Score: 4 CVSS...

Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

Summary A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. Vulnerability Details...

Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-22475 and CVE-2022-22476)

Summary The IBM WebSphere Liberty Profile used in IBM InfoSphere Identity Insight is vulnerable to identity spoofing by an authenticated user. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: Updating OpenJDK in Identity Insight 10.0 to 17.0.3

Summary This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.3. Vulnerability Details This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.0.3. NOTE: Please substitute...

Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM InfoSphere Identity Insight (CVE-2021-35550, CVE-2021-35603, CVE-2022-21496)

Summary There are multiple vulnerabilities in the IBM Java used in IBM InfoSphere Identity Insight II. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: Updating OpenJDK in Identity Insight 10.0 to 17.0.2

Summary This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.2. Vulnerability Details This document provides instructions on how to upgrade OpenJDK used in IBM InfoSphere Identity Insight II 10.0 to 17.0.0.2. NOTE: Please substitute...

Security Bulletin: Vulnerability in IBM Java JRE affects IBM InfoSphere Identity Insight (CVE-2021-35578)

Summary A vulnerability in the IBM Java JRE affects IBM InfoSphere Identity Insight. An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Identity Insight (CVE-2020-14781)

Summary IBM InfoSphere Identity Insight 9.0 and 9.1 contain a version of Java with a low-impact vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere Identity...

Security Bulletin: Vulnerabilities in IBM Java SE affect IBM InfoSphere Identity Insight (CVE-2020-14782)

Summary In the Java used in IBM InfoSphere Identity Insight 9.0 and 9.1, an unspecified vulnerability related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact. This vulnerability has no confidentiality impact or availability impact. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Identity Insight (CVE-2020-14621, CVE-2020-14577)

Summary There are two low-impact vulnerabilities in the IBM Java SDK that is used as part of IBM InfoSphere Identity Insight. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Identity Insight (CVE-2020-2754, CVE-2020-2755)

Summary An unspecified vulnerability in Java SE related to the Java SE Scripting component used by IBM InfoSphere Identity Insight could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details Refer ...

Security Bulletin: Vulnerability in Java SE libraries could allow unauthenticated attacker to cause denial of service

Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Identity Insight on Windows platforms (CVE-2019-4732)

Summary There is a vulnerability in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Identity Insight. This vulnerability affects Windows platforms only. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes secti...

Security Bulletin: Information disclosure in WebSphere Application Server may affect IBM InfoSphere Identity Insight (CVE-2019-4441)

Summary There is a potential information disclosure vulnerability in the IBM WebSphere Application Server shipped as part of the IBM InfoSphere Identity Insight product. This could allow a remote attacker to obtain some limited information when a stack trace is returned in the browser. The trace...