Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects APM Agents for Monitoring

Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. This effects all IBM Cloud Application Performance Management agents, all versions. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a...

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358)

Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Vulnerability Details CVEID: CVE-2020-15358 DESCRIPTION: SQLite is vulnerable to a heap-based buffe...

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated...

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2019-16168)

Summary SQLite is vulnerable to a denial of service, caused by missing validation of a sqlitestat1 sz field in whereLoopAddBtreeIndex in sqlite3.c. By providing specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. Vulnerability Details...

Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2018-1901)

Summary IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. Vulnerability Details CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to...

Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4046)

Summary IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM Performance Management has addressed the applicable CVE. Vulnerability Details...

PT-2019-16891 · Ibm · Ibm Application Performance Management

Name of the Vulnerable Software and Affected Versions: IBM Cloud Application Performance Management version 8.1.4 Description: A remote attacker could hijack the clicking action of a victim by persuading them to visit a malicious Web site, potentially launching further attacks against the victim...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2018-1723 DESCRIPTION: IBM Spectrum Scale could all...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2016-5542 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has no...

Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031)

Summary Apache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of t...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects the IBM Performance Management product (CVE-2017-1681)

Summary IBM WebSphere Application Server could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Serve...

Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability.

Summary IBM HTTP Server Response Time module, which is delivered as part of IBM Performance Management, has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1441 DESCRIPTION: IBM Application Performance Management - Response Time Monitoring Agent is vulnerable to...

Security Bulletin: A vulnerability in the GSKIT component of the Core Framework affects IBM Performance Management products (CVE-2016-2183)

Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a...

Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products (CVE-2016-6153)

Summary SQLite could allow a local attacker to gain elevated privileges on the system, caused by the creation of temporary files in directory with insecure permissions. An attacker could exploit this vulnerability to obtain leaked data. Vulnerability Details CVEID: CVE-2016-6153 DESCRIPTION: SQLi...

Security Bulletin: A vulnerability in the Apache Xerces-C XML Parser library affects IBM Performance Management products (CVE-2016-4463)

Summary The Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-4463 DESCRIPTION:...