Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2021-28167)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions,...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the Admin Console (CVE-2022-40750)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console when using the Application Migration Report function. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7 and Version 8 (CVE-2022-21626)

Summary IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 and Version 8 used by IBM MQ Internet Pass-Thru. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related ...

Security Bulletin: Speech to Text, Text to Speech ICP WebSphere Application Server Liberty Fix

Summary Fix for Websphere Application Server Liberty vulnerability to Identity Spoofing CVE-2020-4421 in ICP WatsonTexttoSpeech and Watson Speech to Text v1.1.2 Vulnerability Details CVEID:CVE-2020-4421 DESCRIPTION: IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an...

Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix

Summary WebSphere Application Server Liberty vulnerability to Cross-site Scripting fixed in Liberty 20.0.0.5. Fix included in ICP WatsonTexttoSpeech and Speech to Text v1.1.2 GA: 6/19/20. Vulnerability Details CVEID:CVE-2020-4303 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3...

Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1)

Summary Bypass security restrictions in WAS Liberty affecting IBM Watson Text to Speech and Speech to Text Vulnerability Details CVEID:CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session...

Security Bulletin: A Vulnerability in IBM WebSphere Application Server - Liberty affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary A Vulnerability in IBM WebSphere Application Server - Liberty affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server -...

Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix

Summary A WebSphere liberty vulnerability to a DOS has been fixed in Liberty 20.0.0.5. This fix is included in ICP WatsonTexttoSpeech, Speech to Text v1.1.2 6/19/20. Vulnerability Details CVEID:CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a...

Security Bulletin: IBM WebSphere Application Server Vulnerability Affects Watson Speech Services

Summary An IBM WebSphere Application Server Liberty Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-29842 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix

Summary An information disclosure in WebSphere Application Server - Liberty Medium CVE-2020-4329 has been fixed in WebSphere Application Server Liberty 20.0.0.5, included in ICP WatsonTexttoSpeech and Speech to Text v1.1.2 GA: 6/19/20. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution with IBM WebSphere Application Server (CVE-2021-23450).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution with IBM WebSphere Application Server CVE-2021-23450. This is used as part of the base image included in our service components. Please read the details for remediation below...

Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix

Summary A vulnerability in Apache CXF affecting WebSphere Liberty JAX-WS has been fixed in Liberty: 20.0.0.5. This fix is included in ICP Watson Text to Speech, Speech to Text v1.1.2 GA: 6/19/20. Vulnerability Details CVEID:CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable to cross-site...

Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1)

Summary A cookie created without a secure flag can cause a vulnerability in WAS Liberty affecting IBM Watson Text to Speech and Speech to Text . Vulnerability Details CVEID:CVE-2019-4305 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive...

Security Bulletin: Information disclosure vulnerability in WebSphere Application Server affects IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1)

Summary There is a potential information disclosure vulnerability, where a Stack is displayed in IBM WebSphere Application Server. Vulnerability Details CVEID:CVE-2019-4441 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM WebSphere Application Servers used by IBM Master Data Management (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere...

Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-34165)

Summary The IBM WebSphere Liberty Profile used in IBM InfoSphere Identity Insight is vulnerable to HTTP header injection when processing web requests. This problem is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server is vulnerable to information disclosure. IBM WebSphere Application Server 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attac...

Security Bulletin: Security vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition used in IBM WebSphere Application Server used by IBM Master Data Management

Summary CVE-2022-21299 was disclosed as part of the Oracle January 2022 Critical Patch Update. An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack...

Security Bulletin: Security vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition used in IBM WebSphere Application Server and used by IBM Master Data Management

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 affecting CICS Transaction Gateway Desktop Edition

Summary There is a vulnerability which is related to HTTP injection in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 used by CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway Desktop Edition has...