27 matches found
Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-43804, CVE-2023-45803]
Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-43804, CVE-2023-45803 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...
Security Bulletin: IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782
Summary IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic Authority...
Security Bulletin: IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks in Apache Mina SSHD Common (CVE-2023-48795)
Summary IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks CVE-2023-48795 found in Apache Mina SSHD Common. Apache Mina SSHD Common is used by the Open Source Package Manager feature of IBM i Access Client Solutions when authenticating to the IBM i server...
Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security componen...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-38737)
Summary IBM Storage Protect Operations Center may be affected by vulnerabilities in IBM WebSphere Application Server Liberty such as denial of service caused by sending a specially-crafted request. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application Server Liberty...
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-32342)
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or installed GSKit version 8.0.55.31, which contains the...
Security Bulletin: "Unrestricted Internet Access/Outbound Connections" affects IBM CICS TX Standard and IBM CICS TX Advanced
Summary "Unrestricted Internet Access/Outbound Connections" affects IBM CICS TX Standard and IBM CICS TX Advanced. IBM CICS TX Standard and IBM CICS TX Advanced have addressed the applicable vulnerability. Vulnerability Details CVEID: CVE-2023-43018 DESCRIPTION: IBM CICS TX performs an operation ...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-35717)
Summary An OS command injection vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-35717 DESCRIPTION: IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a...
Security Bulletin: IBM Storage Protect Snapshot for UNIX and Linux is vulnerable to sensitive information disclosure due to IBM GSKit ( CVE-2023-32342 )
Summary IBM GSKit is used by IBM Storage Protect Snapshot for UNIX and Linux and may be affected by vulnerability CVE-2023-32342. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel ...
Security Bulletin: IBM Security Verify Governance, Identity Manager virtual appliance component vulnerable to spoofing attacks (CVE-2022-38712)
Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to...
Buffer overflow
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...
Security Bulletin: Improper Error Handling
Summary Improper handling of errors can introduce a variety of security problems for a web site. The mostcommon problem is when detailed internal error messages such as stack traces, database dumps. Vulnerability Details CVEID:CVE-2022-34333 DESCRIPTION: IBM Sterling Order Management does not...
K33522171: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2020-14550 Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network...
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to denial of service due to FasterXML jackson-databind
Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable vulnerability. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-24769)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to...
Security Bulletin: CVE-2021-2161 may affect IBM® SDK, Java™ Technology Edition used by IBM Data Studio Client
Summary CVE-2021-2161 was disclosed in the Oracle April 2021 Patch Update. Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity...
EulerOS Virtualization 3.0.2.6 : mariadb (EulerOS-SA-2021-1443)
According to the version of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and...
Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-25659)
Summary IBM Cloud Private is vulnerable to a Python vulnerability Vulnerability Details CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the...
Security Bulletin: IBM Content Navigator is vulnerable to an email exploit
Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details Third Party Entry: PSIRT-ADV0028011 DESCRIPTION: Created from Advisory: ADV0028011 CVSS Base score: 5.9 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products and Versions Affected...