Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2023-26283)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server 9.0 vulnerability CVE-2023-26283 to cross-site scripting in the Admin Console has been published. Vulnerability Details Refer to the...

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights

Summary There are multiple vulnerabilities in IBM® DB2, which is a core component used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs CVE-2023-29257, CVE-2023-26021, CVE-2023-26022, CVE-2023-27559,...

Security Bulletin: Vulnerability from log4j-1.2.16.jar affect IBM Operations Analytics - Log Analysis (CVE-2023-26464)

Summary log4j-1.2.16.jar is vulnerable and it is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender components. By...

Security Bulletin: A vulnerability in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary A security vulnerability in IBM SDK, Java Technology Edition affects IBM Operations Analytics Predictive Insights 1.3.6 or earlier. IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks. This vulnerability has been addressed. Vulnerability Details Refer to the security...

Security Bulletin: Vulnerability from Google Gson affect IBM Operations Analytics - Log Analysis (CVE-2022-25647)

Summary Google Gson shipped with Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker could...

Security Bulletin: Denial of Service in Apache Commons used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request...

Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3510)

Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: Multiple vulnerabilities affect Apache Ant shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in Apache Ant. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By...

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of...

Security Bulletin: Vulnerability from Apache Calcite affect IBM Operations Analytics - Log Analysis (CVE-2022-39135)

Summary In Apache Calcite, the SQL operators do not restrict XML External Entity references in their configuration. This makes them vulnerable to a potential XML External Entity XXE attack. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite is vulnerable to an XML external...

Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3171)

Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749)

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-38750 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, CVE-2022-2154 1, CVE-2022-21540, CVE-2021-2163 allowing unauthorized access to critical data and CVE-2021-41041 allowing...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 allowing unauthorized access of unauthenticated attacker with...

Security Bulletin: FasterXML-jackson-databinds vulnerabilities affect IBM Operations Analytics Predictive Insights (CVE-2022-42004,CVE-2022-42003)

Summary FasterXML-jackson-databind is used by IBM Operations Analytics Predictive Insights REST Meditation utility tool only. If you do not have this utility installed you are not affected by this bulletin, otherwise, apply the recommended remediation fixes. Vulnerability Details...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics Predictive Insights (CVE-2023-23477)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability CVE-2020-35282 to remote code execution has been published. Vulnerability Details Refer to the security bulletins listed...

Security Bulletin: A security vulnerability ( CVE-2022-3509, CVE-2022-3171 ) has been identified in IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server Liberty profile is shipped as a component of IBM Operations Analytics Predictive Insights and is used in the UI component of IBM Operations Analytics Predictive Insights. The vulnerability CVE-2022-3509, CVE-2022-3171, and CVE-2022-46364 could be exploited to...

Security Bulletin: A security vulnerability ( CVE-2022-34165 ) has been identified in IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. IBM WebSphere Application Server Liberty profile is used in the UI component of IBM Operations Analytics Predictive Insights. The vulnerability CVE-2022-34165 has been addressed and...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics Predictive Insights (CVE-2022-35282)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability CVE-2020-35282 to server-side request forgery has been published. Vulnerability Details Refer to the security bulletins...

Security Bulletin: Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affects IBM Operations Analytics - Log Analysis (CVE-2022-34165)

Summary IBM WebSphere Application Server is vulnerable to HTTP header injection when processing web requests. This has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty...