101 matches found
Security Bulletin: PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component which affects IBM watsonx.data
Summary PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. These can affect...
Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 286 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CWE:CWE-345:...
Advisory ROSA-SA-2025-2685
Software: nettle 3.4.1 OS: ROSA Virtualization 3.0 packageevrstring: nettle-3.4.1-7 CVE-ID: CVE-2021-20305 BDU-ID: 2021-02748 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the signature verification functions GOST DSA, EDDSA, and ECDSA of the Nettle library is related to flaws in the cryptographic...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31580]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has bee...
Security Bulletin: Apache Kafka vulnerability affect IBM Spectrum Control
Summary Apache Kafka vulnerable to local authenticated attacker to gain elevated privileges on the system affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused ...
Intel® oneAPI DPC++/C++ Compiler Advisory
Summary: A potential security vulnerability in some Intel® oneAPI DPC++/C++ Compiler may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-34165 Description: Uncontrolled search path in some Intel®...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 282 Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivate, IsLoopback, etc did not work as expected for...
Security Bulletin: Vulnerabilities in Go affects IBM watsonx.data
Summary Vulnerabilities in the Go package could allow a remote attacker to either inject malicious HTML code into a template causing an HTML injection or execute arbritray code on the system. These vulnerabilities may impact watsonx.data. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-30261 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with fetch with integrity...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenCV
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenCV Vulnerability Details CVEID:CVE-2023-2617 DESCRIPTION: OpenCV wechatqrcode Module is vulnerable to a denial of service, caused by a flaw in the DecodedBitStreamParser::decodeByteSegment function at...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-29896 DESCRIPTION: Node.js npm Astro-Shield module is vulnerable to script injection, caused by an error when automated CSP headers generation for SSR content is...
Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affect IBM Storage Scale packaged in IBM Storage Scale System
Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Storage Scale System GUI, could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926,...
Security Bulletin: IBM Datapower Operations Dashboard could allow a a denial of service CVEID 256137
Summary FasterXML Jackson Core is used by the IBM Datapower Operations Dashboard streaming and parsing implementation. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...
Security Bulletin: Server-side request forgery vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-22329)
Summary IBM Storage Protect Operations Center may be affected by server-side request forgery vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...
Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 271 Vulnerability Details CVEID:CVE-2023-45285 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when using go get to...
Security Bulletin: There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway Desktop Edition (CVE-2023-22045 and CVE-2023-22049).
Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway Desktop Edition CVE-2023-22045 and CVE-2023-22049. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Santuario
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Santuario. Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a...