Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty impacts IBM Common Licensing

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofin...

Security Bulletin: IBM License Key Server Administration Agent is vulnerable to a remote code attack in Apache Commons (CVE-2024-29131, CVE-2024-29133)

Summary IBM LKS Administration Agent is vulnerable to a remote code execution in Apache Commons Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerabilit...

Security Bulletin: IBM License Key Server Administration & Reporting Tool and Agent are vulnerable to avulnerability in Apache Commons Compress Library

Summary A Denial of Service vulnerability has been found in Apache Commons Compress. It affects IBM License Key Server Administration & Reporting Tool and its Agent. A mitigation has been released. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a...

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968 as it does have Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework version 5.3.19...

Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)

Summary IBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework 220575, CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...

Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent

Summary A Privilege Escalation related vulnerability has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART and its Agent. A fix has been published. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Spring Framework could allow a local...

Security Bulletin: Multiple Vulnerabilities in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent

Summary There are multiple vulnerabilities in the IBM® WebSphere Application Server Liberty used by IBM LKS Administration and Reporting Tool and its Agent. A fix has been identified and is being published here. Vulnerability Details CVEID: CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable...

Security Bulletin: A Security Vulnerability in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and its Agent

Summary A security vulnerability has been found in the IBM® Runtime Environment Java™ used by IBM License Key Server Administration and Reporting Tool and its Agent. A fix has been published to mitigate the same. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerabilit...