Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control

Summary Node.js is vulnerable to remote attacker to obtain sensitive information, denial of service, HTTP request smuggling and allow a local authenticated attacker to gain elevated privileges on the system. These vulnerabilities affect IBM Spectrum Control. CVE-2024-27983, CVE-2024-22019,...

Security Bulletin: Apache Derby affects IBM Spectrum Control [CVE-2022-46337]

Summary Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDAP injection vulnerability in the authenticator. This vulnerability affects IBM Spectrum Control. This bulletin identifies the steps to take to mitigate the vulnerability. Vulnerability Details...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to OpenSSL

Summary Vulnerabilities in OpenSSL such as remote attacker bypass security restrictions, denial of service may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security...

Security Bulletin: IBM Spectrum Control is vulnerable weaknesses related to IBM WebSphere Application Server Liberty

Summary Vulnerabilities in IBM WebSphere Application Server Liberty such as denial of service may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js

Summary Vulnerabilities in Node.js such as remote attacker to bypass security restrictions, denial of service, may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-39333 DESCRIPTION: Node.js could allow a remote attacker to gain...

Security Bulletin: crypto-js affects IBM Spectrum Control [CVE-2023-46233]

Summary crypto-js is vulnerable to a remote attacker to obtain sensitive information. This vulnerability affects IBM Spectrum Control. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allow a remo...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to jna-platform, ant, httpclient, http-cache-semantics

Summary Vulnerabilities in jna-platform, ant, httpclient, http-cache-semantics such as remote attacker to obtain sensitive information, denial of service, remote attacker to bypass security restrictions may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node....

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Java SE

Summary Vulnerabilities in Java SE such as remote attacker to cause high availability impact, unauthenticated attacker to cause high confidentiality impact and high integrity impact, may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty

Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related OpenSSL

Summary Vulnerability in OpenSSL such as denial of service, may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related KIE Drools

Summary Vulnerability in KIE Drools could allow a remote authenticated attacker to execute arbitrary code may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-1415 DESCRIPTION: KIE Drools could allow a remote authenticated attacker to execute arbitrary code on the system, caused ...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to XStream

Summary Vulnerability in XStream allow denial of service, caused by a stack-based buffer overflow may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By manipulating the...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Log4j

Summary Vulnerability in Apache Log4j allow denial of service, caused by a flaw when using the Chainsaw or SocketAppender components may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by a flaw when...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Commons FileUpload

Summary Vulnerability in Apache Commons FileUpload allows denial of service, caused by not limit the number of request, may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by no...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Node.js

Summary Vulnerability in Node.js allow a denial of service, caused by a regular expression may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-24807 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Kafka

Summary Vulnerability in Apache Kafka to allow denial of service, caused by improper input validation may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Kafka

Summary Vulnerability in Apache Kafka allow a remote authenticated attacker to execute arbitrary code may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused b...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to OpenSSL

Summary Vulnerabilities in OpenSSL such as denial of service, may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbio...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache CXF

Summary Vulnerability in Apache CXF allows server-side request forgery, caused by a flaw in parsing may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to OpenSSL

Summary Vulnerabilities in such as remote attacker to obtain sensitive information, denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channe...