47 matches found
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons Compress
Summary Vulnerabilities have been identified in Apache Commons Compress, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...
Security Bulletin: Vulnerability in commons-compress affects IBM Integrated Analytics System (Sailfish) [CVE-2024-25710, CVE-2024-26308]
Summary The commons-compress package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2024-25710, CVE-2024-26308. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop'...
Security Bulletin: Vulnerability in commons-compress affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-25710, CVE-2024-26308].
Summary The commons-compress package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-25710, CVE-2024-26308. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop'...
Security Bulletin: Denial of Service in Apache Commons Compress used by Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2024-25710, CVE-2024-26308)
Summary There is a potential denial of service in Apache Commons Compress that is used by Apache Solr and IBM Operations Analytics - Log Analysis. This is caused by loop with unreachable exit condition and allocation of resources without limits. Vulnerability Details CVEID:CVE-2024-25710...
Security Bulletin: IBM Sterling Control Center is vulnerable to Apache Commons Compress (CVE-2024-26308, CVE-2024-25710)
Summary Apache Commons Compress jar vulnerabilities are impacting IBM Sterling Control Center v6.3.1 and v6.2.1. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons...
Security Bulletin: Vulnerabilities in commons-compress-1.21.jar affects IBM SPSS Collaboration and Deployment Services (CVE-2024-25710, CVE-2024-26308)
Summary There are vulnerabilities in commons-compress-1.21.jar used by IBM SPSS Collaboration and Deployment Services CVE-2024-25710, CVE-2024-26308. These vulnerabilitiies have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION:...
Linux Distros Unpatched Vulnerability : CVE-2024-26308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26...
Security Bulletin: Vulnerability in Apache commons-compress affects watsonx.data
Summary Apache Commons Compress is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Commons Compress component (CVE-2024-25710, CVE-2024-26308).
Summary IBM Event Streams is vulnerable to a denial of service due to the Apache Commons Compress component. Commons Compress is a library that creates a standard interface for the most widely used compression and archiving formats. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache...
Security Bulletin: Vulnerability in Apache Commons Compress ( CVE-2024-26308) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability CVE-2024-26308 has been identified related to Apache Commons Compress that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-26308...
Oracle Application Testing Suite (October 2024 CPU)
The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...
Security Bulletin: IBM Maximo Application Suite uses multiple packages which are vulnerable to multiple CVEs
Summary IBM Maximo Application Suite uses golang.org/x/net/http2 - v0.19.0 , v0.20.0, github.com/lestrrat-go/jwx/v2 - v2.0.11, setuptools - 50.3.2, tar - 6.2.0, github.com/docker/docker - v24.0.7, follow-redirects - 1.15.4, express - 4.18.2 , idna - 3.6 ,org.apache.cxfcxf-core - 3.5.5,...
Security Bulletin: IBM Content Navigator is vulnerable to Denial of Service (DoS) due to Apache Commons Compress (CVE-2024-26308, CVE-2024-25710)
Summary Apache Commons Compress is used by IBM Content Navigator to work with archive files. CVE-2024-26308, CVE-2024-25710 Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victi...
Oracle WebCenter Portal (July 2024 CPU)
The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by a vulnerability as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Portal Core Apache SOAP. The supported version that i...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Apache Commons Compress vulnerability affect IBM Spectrum Control
Summary Apache Commons Compress is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2024-25710, CVE-2024-26308, CVE-2023-42503. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...
Security Bulletin: IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component ( CVE-2024-25710,CVE-2024-26308).
Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details CVEID:CVE-2024-25710...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...
Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library. (CVE-2024-25710, CVE-2024-26308)
Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library when using the NoSQL Blockchain wrapper. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop...
Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.
Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerabl...