Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-52881)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas fr...

Security Bulletin: A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2024-40974).

Summary A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. RedHat UBI images are used by IBM Robotic Process Automation base containers. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerabilit...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to improper input validation

Summary IBM Sterling Secure Proxy is affected by an improper input validation vulnerability that is exploitable by authenticated, privileged users. Vulnerability Details CVEID:CVE-2024-41783 DESCRIPTION: IBM Sterling Secure Proxy could allow a privileged user to inject commands into the underlyin...

Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...

Security Bulletin: IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation.

Summary IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language SpEL expression, a remote attacker could exploit this vulnerability to cause a deni...

Security Bulletin: Security vulnerability found in packages shipped with IBM CICS TX Advanced

Summary Security vulnerability found in packages cURL, krb5 and Python shipped with IBM CICS TX Advanced. The versions of the packages have been updated. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions,...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml. Vulnerability Details CVEID:CVE-2024-43398 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By using a specially crafted XML content, a remote attacker...

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-24789).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24789 DESCRIPTION: Golang Go could all...