7 matches found
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to Bouncy Castle BC-FJA
Summary IBM Sterling Connect:Direct Web Service 6.1 and 6.2 is vulnerable to BC version 1.75 . We have upgraded to version 1.78 to fix CVE-2022-45146. Vulnerability Details CVEID:CVE-2022-45146 DESCRIPTION: The Legion of the Bouncy Castle BC-FJA could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 271. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a denial of service, caused by a memory leak due to the use of Netty...
Security Bulletin: Vulnerability in The Legion of the Bouncy Castle affects IBM Process Mining CVE-2022-45146
Summary There is a vulnerability in The Legion of the Bouncy Castle that could allow an remote attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
CVE-2022-45146
A flaw was found in the FIPS Java API of Bouncy Castle BC-FJA. Affected versions of this package are vulnerable to Improper Authentication. Changes to the JVM garbage collector in Java 13 and later can trigger an issue in the BC-FJA FIPS modules, where it is possible for temporary keys used by th...
CVE-2022-45146 vulnerabilities
Vulnerabilities for packages: opensearch...
CVE-2022-45146 vulnerabilities
Vulnerabilities for packages: elasticsearch, opensearch...
CVE-2022-45146
CVE-2022-45146 affects the FIPS Java API in BC-FJA (Bouncy Castle) before 1.0.2.4. Changes to the JVM garbage collector in Java 13+ can cause temporary keys used by BC-FJA FIPS modules to be zeroed while still in use, leading to errors or potential information loss. Note: FIPS-certified Java vers...