AIX is vulnerable to arbitrary command execution (CVE-2024-56346 CVE-2024-56347)

IBM SECURITY ADVISORY First Issued: Tue Mar 18 10:46:14 CDT 2025 |Updated: Thu Apr 10 09:01:49 CDT 2025 |Update: The included README was updated for clarity. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/nimadvisory.asc Security...

About Remote Code Execution – XWiki Platform (CVE-2024-31982) vulnerability

About Remote Code Execution - XWiki Platform CVE-2024-31982 vulnerability. XWiki is a free open-source wiki platform. Its main feature is simplified extensibility. XWiki is often used in corporate environments as a replacement for commercial Wiki solutions such as Atlassian Confluence. A...

OwnCloud “graphapi” App Vulnerability Exposes Sensitive Data

By Deeba Ahmed The vulnerability is tracked as CVE-2023-49103 and declared critical with a CVSS v3 Base Score 10. This is a post from HackRead.com Read the original post: OwnCloud "graphapi" App Vulnerability Exposes Sensitive Data...

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center

Abstract A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC. Content CVE ID: CVE-2013-1557 DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment JRE related to RMI Remote...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing

Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot for VMware (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apac...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-44228. Vulnerabili...

Security Bulletin: Rational Test Automation Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache Log4j vulnerability associated with the Rational Performance Tester Apache JMeter™ Test Extension impacts Rational Test Automation Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products

Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...

Security Bulletin: Log4JShell Vulnerability affects Watson Machine Learning in Cloud Pak for Data (CVE-2021-44228)

Summary Apache Log4j, used for logging in Watson Machine Learning in Cloud Pak for Data, is impacted by the Apache Log4j vulnerability CVE-2021-44228. Customers are encouraged to take quick action to update their systems. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...

Security Bulletin: Apache Log4J Vulnerability affects Watson Studio in Cloud Pak for Data (CVE-2021-44228)

Summary Apache Log4j is used for logging in Watson Studio in Cloud Pak for Data is impacted by the Apache Log4j vulnerability CVE-2021-44228. Customers are encouraged to take quick action to update their systems. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Plus (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the Help system in IBM Spectrum Protect Plus . Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Security Bulletin: IBM Planning Analytics has addressed a Security Vulnerability

Summary This Security Bulletin addresses a security vulnerability that has been remediated in IBM Planning Analytics 2.0.9. Vulnerability Details CVEID: CVE-2019-4716 DESCRIPTION: IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as...

Security Bulletin: Upward Integration Module for HP Openview Operations for Windows is affected by multiple vulnerabilities in IBM Java SDK

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is shipped with Upward Integration Module for HP Openview Operations for Windows. These issues were disclosed as part of the Java Technology Edition Quarterly CPU - January 2015. Vulnerability Details Abstract Ther...

Security Bulletin: Rational License Key Server vulnerability affecting license server, lmgrd, and the vendor daemon, ibmratl (CVE-2011-1389)

Summary A possible security vulnerability has been reported in the FlexNet Publisher lmgrd license server manager as well as vendor daemons. There have been no reported exploits of this possible vulnerability, and to date it has not been reported by FlexNetSoftware users. Vulnerability Details |...

Security Bulletin: Multiple vulnerabilities in IBM Java SD affect Guardium Data Redaction

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition version 6 that is used by Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-4844 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: CICS Transaction Gateway for Multiplatforms

Summary Multiple security vulnerablilities exist in the JREs shipped with CICS TG for client applications. CICS TG itself is not vulnerable to all these risks but client side applications using the CICS TG supplied JREs might be. Vulnerability Details CVEID: CVE-2015-2638 DESCRIPTION: An...

CVE-2016-9335

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed...

PhpCollab 2.5.1 Shell Upload

CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents. An...