Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2®

Summary IBM has released the following fix for IBM Db2® Warehouse in response to multiple vulnerabilities found in IBM Db2®. Vulnerability Details CVEID: CVE-2020-4230 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 and 11.5 is vulnerable to an escalation of...

Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor

Summary There are three vulnerabilities in Nimbus JOSE+JWT 3.1.2 used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3 have addressed the applicable CVEs...

Security Bulletin: Multiple vulnerabilities in Nimbus-JOSE-JWT affect IBM Spectrum Symphony

Summary Multiple vulnerabilities exist in the Nimbus-JOSE-JWT used by IBM Spectrum Symphony V7.3 and V7.2.1. Interim fixes that provide instructions on upgrading the nimbus-jose-jwt package to version 8.10 are available on IBM Fix Central. Vulnerability Details CVEID: CVE-2017-12974 DESCRIPTION:...

CVE-2017-12972

CVE-2017-12972 : Nimbus JOSE+JWT before 4.39 has no integer-overflow check when converting length values from bytes to bits, enabling a remote attacker to perform a HMAC bypass by shifting AAD and ciphertext so different plaintext yields the same HMAC. Public records show this vulnerability discu...