Security Bulletin: IBM Operational Decision Manager for February 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-46158...

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS Transaction Gateway Desktop Edition and for Multiplatforms are vulnerable to weaker than expected security due to improper resource expiration handling (CVE-2023-46158).

Summary There is a vulnerability in IBM WebSphere Liberty, which is shipped as part of both IBM CICS Transaction Gateway Desktop Edition and IBM CICS Transaction Gateway for Multiplatforms. Updates to IBM CICS Transaction Gateway Desktop Edition and IBM CICS Transaction Gateway for Multiplatforms...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Vulnerabilities fixed in IBM WebSphere Application Server

IBM has fixed vulnerabilities in WebSphere. The vulnerabilities are located in the Java component of WebSphere and allow a malicious party to carry out attacks that could lead to loss of data integrity and confidentiality. IBM did not release any other detailed information. A more precise risk...

Security Bulletin: IBM Match 360 is vulnerable to vulnerable to a denial of service due to HTTP/2 Rapid Reset within IBM WebSphere Application Server Liberty (CVE-2023-44487)

Summary IBM Match 360 is vulnerable to vulnerable to a denial of service due to HTTP/2 Rapid Reset within IBM WebSphere Application Server Liberty. Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous...

Security Bulletin: IBM Match 360 is vulnerable to Apache Santuario used within IBM WebSphere Application Server Liberty (CVE-2023-44483)

Summary IBM Match 360 is vulnerable to Apache Santuario used within IBM WebSphere Application Server Liberty. Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the log files when using the JSR 105 API. By gainin...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache Commons FileUpload

Summary This security bulletin addresses the vulnerabilitiy in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Scale (CVE-2023-46158, CVE-2023-44487)

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could provide weaker than expected security due to improper resource expiration handling. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Libert...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security. (CVE-2023-46158)

Summary IBM PowerVM Novalink is vulnerable because BM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM...

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service and disclosure of sensitive information.

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2023-44487 and CVE-2023-44483 Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexe...

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS TX Advanced is vulnerable to an information disclosure due to Apache Santuario (CVE-2023-44483).

Summary There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled CVE-2023-44483. IBM WebSphere Liberty is used by IBM CICS TX Advanced to provide a web based administrati...

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS TX Standard is vulnerable to an information disclosure due to Apache Santuario (CVE-2023-44483).

Summary There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled CVE-2023-44483. IBM WebSphere Liberty is used by IBM CICS TX Standard to provide a web based administrati...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Content Manager Enterprise Edition ( CVE-2016-0385)

Summary IBM WebSphere Application Server is shipped as a component of Content Manager Enterprise Edition. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin...

Security Bulletin: IBM Copy Services Manager is vulnerable to remote attack vulnerabilities due to IBM WebSphere Application Server Liberty vulnerability.

Summary IBM Copy Services Manager is affected by a vulnerability in Websphere Liberty profile version 23.0.0.9 weaker than expected security Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: IBM Watson Explorer is affected by a vulnerability in IBM WebSphere Application Server Liberty ( CVE-2023-46158)

Summary IBM Watson Explorer contains a vulnerable version of IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193,...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-5072, CVE-2023-22081, CVE-2023-5676 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-22081, CVE-2023-5676 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS TX Advanced is vulnerable to weaker than expected security due to improper resource expiration handling (CVE-2023-46158).

Summary IBM WebSphere Liberty is used by IBM CICS TX Advanced to provide a web based administration console CVE-2023-46158. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due t...