611 matches found
Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to use of open-vm-tools (CVE-2023-20900)
Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit hypervisor users to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20900 DESCRIPTION: VMware Tools could allow a remote attacker to bypa...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to remote code execution (CVE-2024-35154)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a remote code execution vulnerability in the administative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)
Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request, ...
Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)
Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID:CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086. Vulnerability Details CVEID:CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)
Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...
Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)
Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack (CVE-2024-35116)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See:...
Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)
Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID:CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway (CVE-2023-50310, CVE-2023-50311)
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway. This bulletin identifies the steps to take to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50310 DESCRIPTION: IBM CICS...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Jav...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial o...
Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)
Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path CVE-2023-51074. IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability Details...
Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service
Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service CVE-2023-4807, CVE-2023-3817 Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit...
Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.
Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details CVEID:CVE-2023-26117 DESCRIPTION: AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the $resource service. By providing...
Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2024 Vulnerability Advisory, plus CVE-2024-3933. For more information please refer to OpenJDK's April 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar (CVE-2024-28863)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-tar is vulnerable to a denial of service, caused by the lack of...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity XXE injection vulnerability. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are...