Security Bulletin: The IBM® SDK Java Technology Edition 8.0.7.5 contains additional security fixes that can be applied to IBM Continuous Engineering products based on IBM Jazz Technology

Summary There are security vulnerabilities that are addressed in the IBM® SDK Java Technology Edition 8.0.7.5. The following products: IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: IBM Engineering Lifecycle Optimization - Engineering Insights ENI, IBM Commo...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server is vulnerable to HTTP header injection when processing web requests. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|---...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jazz for...

Security Bulletin: Vulnerability in IBM WebSphere Application Server (CVE-2022-35282) shipped with IBM Workload Scheduler 9.4

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. IBM WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2022-43680, CVE-2017-9233, CVE-2013-0340 and CVE-2022-40750. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpa...

Security Bulletin: IBM Copy Services Manager is vulnerable to a remote attack vulnerabilities due to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2022-22476)

Summary IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Websphere Application Server Liberty. IBM Websphere Application Server Liberty is used by IBM Copy Services Manager to serve application content. The following vulnerabilities have been...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2022-34165)

Summary An HTTP header injection vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5,...

Security Bulletin: Content Collector for Email is affected by a vulnerability found in embedded WebSphere Application Server

Summary Embedded WebSphere Application Server is vulnerable to information disclosure Vulnerability Details CVEID:CVE-2022-22473 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of...

Security Bulletin: WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests which affects Content Collector for Email

Summary WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct...

Security Bulletin: Content Collector for Email is affected by a vulnerability found in embedded WebSphere Application Server

Summary Embedded WebSphere Application Server is vulnerable to Server-Side Request Forgery Vulnerability Details CVEID:CVE-2022-35282 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an...

Security Bulletin: Content Collector for Email is affected by a vulnerability found in embedded WebSphere Application Server

Summary Embedded WebSphere Application Server is vulnerable to HTTP Header injection. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP heade...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli System Automation Application Manager (CVE-2022-35282)

Summary Server-side request forgery vulnerability in WebSphere Application Server has been addressed in the security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Tivol...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-24839, CVE-2022-37734, CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial o...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage Server

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage Server, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2022-34165)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage Server, which could allow a remote attacker to cause cache poisoning and cross-site scripting. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8....

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2022-34165)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System, which could allow a remote attacker to cause cache poisoning and cross-site scripting. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8....

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Virtual Environments (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Summary IBM Spectrum Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware can be affected by vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib. Vulnerabilities include HTTP header injection and denial of servic...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Summary IBM Spectrum Protect Backup-Archive Client can be affected by vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib. Vulnerabilities include HTTP header injection and denial of service, as described by the CVEs in the "Vulnerability Details"...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Space Management Client (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Summary IBM Spectrum Protect for Space Management Client can be affected by vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib. Vulnerabilities include HTTP header injection and denial of service, as described by the CVEs in the "Vulnerability Detail...