37 matches found
Security Bulletin: IBM® Db2® is affected by a vulnerability in protobuf-java (CVE-2022-3510, CVE-2022-3509, CVE-2022-3171).
Summary protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to caus...
Linux Distros Unpatched Vulnerability : CVE-2022-3509
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a...
CVE-2022-3509 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2022-3509 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509)
Summary A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by...
Security Bulletin: Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2022-3171, CVE-2022-3509)
Summary Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14755)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14755 advisory. - A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite version...
Security Bulletin: protobuf-java component is vulnerable to CVE-2022-3510 and CVE-2022-3509 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses protobuf-java package which is vulnerable to CVE-2022-3510 and CVE-2022-3509. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for...
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171)
Summary A security vulnerability has been identified and addressed in WebSphere Liberty Server shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...
Security Bulletin: WebSphere Application Server Liberty is vulnerable to CVE-2022-3509 and CVE-2022-3171 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to CVE-2022-3509 and CVE-2022-3171. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2022-3509]
Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...
Moderate: Red Hat Security Advisory: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release
JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is now available. See references for release notes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
CVE-2022-3509
A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection...
Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3510)
Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...
Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3171)
Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact(CVE-2022-3509, CVE-2022-3171)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...
Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-3509, CVE-2022-3171)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to ...
Security Bulletin: IBM MQ is affected by issues in IBM WebSphere Application Server Liberty (CVE-2022-3509, CVE-2022-3171)
Summary Issues were identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a...
Security Bulletin: IBM MQ Blockchain bridge is vulnerable to multiple issues within protobuf-java-core (CVE-2022-3510, CVE-2022-3509)
Summary Multiple issues were identified within protobuf-java-core which is used by fabric gateway which is used by IBM MQ Blockchain bridge to provide Blockchain functionality to IBM MQ. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...
Security Bulletin: A security vulnerability ( CVE-2022-3509, CVE-2022-3171 ) has been identified in IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics Predictive Insights
Summary Websphere Application Server Liberty profile is shipped as a component of IBM Operations Analytics Predictive Insights and is used in the UI component of IBM Operations Analytics Predictive Insights. The vulnerability CVE-2022-3509, CVE-2022-3171, and CVE-2022-46364 could be exploited to...
Security Bulletin: CVE-2022-3509 and CVE-2022-3171 may affect IBM TXSeries for Multiplatforms
Summary WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java . This affects IBM WebSphere Liberty used by IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-3509...