EUVD-2018-0575

Malware in sbrugna...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Linux Distros Unpatched Vulnerability : CVE-2014-3577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the...

Linux Distros Unpatched Vulnerability : CVE-2015-5262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an S...

Security Bulletin: Multiple Vulnerabilities in Rational Asset Manager

Summary Multiple vulnerabilities were addressed in Rational Asset Manager version 7.5.4.15 Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF16 patch Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for VMware only, and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache HttpComponents. The vulnerability can lead to spoofing attacks, bypass of...

Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management products.

Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. CVSS Bas...

Security Bulletin: Multiple Vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2022-43929, CVE-2022-43927, CVE-2014-3577, CVE-2022-43930)

Summary Multiple vulnerabilities have been identified in IBM DB2 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF022 and 22.0.2-IF006. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 a...

Security Bulletin: Vulnerability for path traversal fixed in IBM Security Verify Governance

Summary The following security vulnerability has been addressed in IBM Security Verify Governance. Vulnerability Details IBM X-Force ID: 220912 DESCRIPTION: Apache HttpComponents Client could allow a remote attacker to traverse directories on the system, caused by improper validation of user...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, cause...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager software component

Summary Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Security Verify...

K15737: Apache vulnerability CVE-2014-3577

Security Advisory Description org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509...

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)

Summary IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. Vulnerability Details CVEID:CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain...

Security Bulletin: Multiple Vulnerabilities in Java packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2010-2245 DESCRIPTION: Apache Wink could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-20454 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML Extern...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Portal shipped with IBM Intelligent Operations Center and related products (CVE-2015-5262)

Summary IBM WebSphere Portal is shipped as a component of IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM WebSphere Portal has been published in a security bulletin. Vulnerability Details Consult the security bulletin: Fixes available for Security...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...