611 matches found
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Te...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been address...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...
Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)
Summary Vulnerability in the AIX kernel may lead to privilege escalation CVE-2024-27273. Vulnerability Details CVEID:CVE-2024-27273 DESCRIPTION: IBM AIX's Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation an...
Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533
Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to Eclipse Jetty (CVE-2024-22201)
Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to a denial of service due to Eclipse Jetty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2024-20952 and CVE-2023-33850)
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. CVE-2023-33850 covers the GSKIT-Crypto ICC package used by IBM Runtime Environment, Java Technology Edition. This is separate to the GSKit-SSL package which is...
Security Bulletin: IBM MQ is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-20952)
Summary An issue was identified with IBM Semeru Runtime, Version 17, which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impa...
Security Bulletin: IBM MQ is vulnerable to an issue in follow-redirects due to open redirect (CVE-2023-26159)
Summary IBM MQ has addressed an issue in follow-redirects. Follow-redirects is used by IBM MQ as part of the MQ Console. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270)
Summary IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting with the servlet-6.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Automation.
Summary IBM Workload Automation has updated OpenSSL to address multiple vulnerabilities. CVE-2023-2650, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to an XML External Entity XXE injection vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to a denial of service due to jose4j (CVE-2023-51775)
Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008
Summary IBM Business Automation Workflow is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-22353)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting (CVE-2024-27270)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting with the servlet-6.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM App Connect Enterprise is vulnerable to cross-site request forgery due to Axios ( CVE-2023-45857)
Summary IBM App Connect Enterprise is vulnerable to a a cross-site request forgery due to Axios. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...
Security Bulletin: Cross-Site scripting vulnerability in ESAPI may affect IBM Business Automation Workflow - IBM X-Force ID: 273485
Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details IBM X-Force ID: 273485 DESCRIPTION: Enterprise Security API for Java is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...