30 matches found
Security Bulletin:Vulnerability in snappy-java affects watsonx.data
Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request,...
Security Bulletin: IBM Master Data Management Server vulnerable to a denial of service from IBM Business Workflow Automation Event Emitters using snappy
Summary IBM Master Data Management version 14.0 is vulnerable to a denial of service from a package of snappy being used in IBM Business Workflow Automation Event Emitters. snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a speciall...
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8
Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java (CVE-2023-43642).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java component. In IBM Event Streams, Snappy-java boosts performance by compressing event payloads before transmission and decompressing them on the client side, reducing bandwidth usage and improving data...
Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. - jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted objec...
Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642
Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...
Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642
Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update
Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: IBM Sterling B2B Integrator vulnerable to denial of service due to snappy-java (CVE-2023-43642)
Summary IBM Sterling B2B Integrator uses snappy-java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sendin...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
Security Bulletin: IBM Maximo Asset Management application is vulnerable to an Allocation of Resources Without Limits or Throttling in snappy-java-1.1.10.1.jar (CVE-2023-43642)
Summary IBM Maximo Asset Management application is vulnerable to an Allocation of Resources Without Limits or Throttling in snappy-java-1.1.10.1.jar Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chu...
Security Bulletin: There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43642)
Summary There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in snappy-java [CVE-2023-43642]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in snappy-java , caused by missing upper bound check on chunk length CVE-2023-43642. Snappy-java is used as a component of our Speech microservices. This vulnerabilitiy has been addressed...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-43642]
Summary Potential snappy-java denial of service, vulnerability caused by caused by missing upper bound check on chunk length have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...
Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused...
Security Bulletin: IBM Security Verify Information Queue has a third-party library vulnerability (CVE-2023-43642)
Summary IBM Security Verify Information Queue ISIQ v10.0.7 has upgraded its Apache Kafka client to remediate a vulnerability in the snappy-java compression library. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper...
Security Bulletin: Vulnerabilities in snappy-java, Python, postgresql, Golang might affect IBM Spectrum Copy Data Management
Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in snappy-java, Python, PostgreSQL, and Golang Go. Vulnerabilities include causing a denial of service condition, causing a CPU denial of service condition, gaining access to the server's resources without being...
Security Bulletin: Snappy-java is vulnerable to CVE-2023-43642 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses snappy-java which is vulnerable to CVE-2023-43642. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, cause...