Security Bulletin: Multiple Vulnerabilities in IBM Events Operator

Summary Multiple vulnerabilities were addressed in IBM Events Operator version 5.1.0 Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By...

Security Bulletin: IBM Events Operator is affected by an openssl vulnerability

Summary Openssl is used by IBM Events Operator as part of the Operating System CVE-2022-4304. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-base...

Security Bulletin: IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2022-4450).

Summary OpenSSL is used by IBM Events Operator as part of the Operating System CVE-2022-4450. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioe...

Security Bulletin: IBM Events Operator is vulnerable to a denial of service in OpenSSL (CVE-2023-0286)

Summary OpenSSL used by IBM Events Operator as part of the Operating System CVE-2023-0286. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By...

Security Bulletin: IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2023-0215).

Summary OpenSSL is used by IBM Events Operator as part of its Operating System CVE-2023-0215. Vulnerability Details CVEID:CVE-2023-0215 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a use-after-free error related to the incorrect handling of streaming ASN.1 data by the...

Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)

Summary The IBM Cloud Platform Common Services Events Operator is potentially vulnerable to a data integrity issue Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly...

Security Bulletin: Vulnerability in Apache Log4j affects IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM CloudPak foundational services which is a dependency of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could all...