Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial-of-service due to use of Apache Commons File Upload within IBM WebSphere Application Server Liberty

Summary This security bulletin addresses the vulnerabilitiy in IBM Tivoli Application Dependency Discovery Manager due to Apache Commons File Upload used in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976...

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache Commons FileUpload

Summary This security bulletin addresses the vulnerabilitiy in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...

Security Bulletin: WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2022-46364. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation. Vulnerability...

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to HTTP header injection, caused by improper validation (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2022-34165 Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...

Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-3733)

Summary A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2021-3733 Vulnerability Details CVEID:CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS fla...

Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)

Summary A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2022-0391 Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the...

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager. (CVE-2021-31805)

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2021-31805 Vulnerability Details CVEID:CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag...

Security Bulletin: TADDM 7.2.2.0: Apache Xerces-J XML parser Denial of Service attack.

Abstract The Apache Xerces-J XML parser is vulnerable to a denial of service attack, triggered by malformed XML data, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. Content VULNERABILITY DETAILS: CVEID: CVE-2013-4002 CVSS 7.1 Description: The Apache Xerces-J...

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to Identity Spoofing (CVE-2022-22475 CVE-2022-22476)

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2022-22475, CVE-2022-22476 Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Elastic Storage System due to its use of Log4j for logging and this fix upgrades to Apache Log4j V2.17.1. Vulnerability Details CVEID: CVE-2021-4104...

Security Bulletin: Vulnerability in Apache Struts affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-17530)

Summary Vulnerability in Apache Struts affects IBM Tivoli Application Dependency Discovery Manager CVE-2020-17530. Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluatio...

Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-5421).

Summary A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2020-5421. Vulnerability Details CVEID:CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input...

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale for logging which is bundled in IBM Elastic Storage System. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale for IBM Elastic Storage Server (CVE-2021-45105,CVE-2021-45046)

Summary Multiple vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system. These vulnerabilities may affect IBM Spectrum Scale For IBM Elastic Storage Server because the library is used by the Graphical User Interface GUI of IBM Spectru...

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale (CVE-2021-45105, CVE-2021-45046)

Summary Multiple vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system because the library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-44228)

Summary A vulnerability in Apache Log4j CVE-2021-44228 could allow an attacker to execute arbitrary code on the system. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale for logging and it is bundled in IBM Elastic Storage System ESS. This vulnerability may affect IBM...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Scale (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale for logging. This vulnerability may affect IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2021-44228...