36 matches found
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to OpenSSL
Summary Vulnerabilities in OpenSSL such as denial of service, may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbio...
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Java SE (CVE-2022-21426)
Summary Java SE is used by the IBM Storage Protect Server and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server
Summary The following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2019-4670 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a...
AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-29824)
IBM SECURITY ADVISORY First Issued: Mon Sep 12 15:07:01 CDT 2022 |Updated: Mon Dec 12 12:49:47 CST 2022 |Update: Added iFixes for AIX 7.2 TL5 SP5 and VIOS 3.1.4.10. The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/libxml2advisory3.asc...
IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service
IBM SECURITY ADVISORY First Issued: Thu Jul 28 13:39:29 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/viosadvisory.asc https://aix.software.ibm.com/aix/efixes/security/viosadvisory.asc...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID: CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly recursive collections or maps, a remote...
Security Bulletin: Vulnerability in IBM Dojo affects IBM Spectrum Protect Operations Center (CVE-2021-23450)
Summary IBM Spectrum Protect Operations Center may be affected by a vulnerability in IBM Dojo CVE-2021-23450 which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrar...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)
Summary OpenSSL vulnerabilities were disclosed on December 8, 2020 and February 16, 2021 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect Backup-Archive Client for network connections with NetApp services, has addressed the applicable CVEs. UPDATED: 14 June 2021 - Added 7.1 fix...
Security Bulletin: Go can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D
Summary Go is vulnerable to a denial of service and can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-17596 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when verifying invalid DSA publ...
Security Bulletin: Tensor Flow security vulnerabilities with segmentation fault on IBM Watson Machine Learning on CP4D
Summary TensorFlow is vulnerable to a denial of service and segmentation fault on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-5215 DESCRIPTION: Tensorflow is vulnerable to a denial of service, caused by a flaw when converting a string from Python to a tf.float16 valu...
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM MessageGateway
Summary There is a vulnerability in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway. This issue was disclosed as part of the IBM Java SDK updates in October, 2020. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
Security Bulletin: A vulnerability in jQuery affects IBM WIoTP MessageGateway (CVE-2020-7656)
Summary There is a vulnerability in jQuery that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this...
Security Bulletin: IBM Java Runtime Vulnerability affects the IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-2654)
Summary A denial of service vulnerability in IBM® Runtime Environment Java™ was disclosed as part of the IBM Java SDK updates in January 2020. IBM® Runtime Environment Java™ is used by the IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum...
Security Bulletin: A security vulnerability in IBM Websphere affects IBM Tivoli Netcool Performance Manager for Wireline (CVE-2013-0169)
Summary The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security TLS protocol that use the CBC mode of operation. An attacker could perform main in the middle attacks to successfully obtain plain text from the secure channel. Vulnerability...
Introducing Malwarebytes Privacy
Here at Malwarebytes, we’re no strangers to using virtual private networks VPNs to protect our privacy while browsing online. Regular readers of our blog will remember that we’ve advised on VPN usage on many occasions, whether for mobile device users looking for anonymity or business owners wanti...
Solarwinds LEM Insecure Update Process
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Multiple Affected Version: Multiple Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control, CWE-346: Origin Validation Error Impact: Counterfeit Product Downloads Attack vector: HTTP 2. Vulnerability...