Security Bulletin: XML External Entity Injection vulnerability affects IBM Financial Transaction Manager for SWIFT Services (CVE-2023-35892)

Summary XML External Entity Injection vulnerability affects IBM Financial Transaction Manager for SWIFT Services. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-35892 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services is vulnerable to an XML External Entity...

Security Bulletin: Polkit as used by IBM® QRadar SIEM is vulnerable to privilege escalation (CVE-2021-4034)

Summary There is a privilege escalation vulnerability in Polkit which is used by IBM® QRadar SIEM indirectly as a dependency. Vulnerability Details CVEID: CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect...

Security Bulletin: Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-30468)

Summary Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service Vulnerability Details CVEID: CVE-2021-30468 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by an infinite loop flaw in the JsonMapObjectReaderWriter function. By sending a specially-crafted JSON...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by Rational Functional Tester RFT versions 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related ...

Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager (CVE-2020-1954).

Summary Apache CXF is shipped with IBM Tivoli Network Manager version 4.2; Information about a security vulnerability affecting IBM WebSphere Application Server is published in this bulletin. Vulnerability Details CVEID: CVE-2020-1954 DESCRIPTION: Apache CXF is vulnerable to a man-in-the-middle...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2020:1685-1)

This update for java-180-ibm fixes the following issues : java-180-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 bsc1172277,bsc1169511,bsc1160968 CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service CVE-2020-2754: Forward...

A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2019-4442)

Summary WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-4442 DESCRIPTION: I...

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2012-5351)

Summary IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability. Vulnerability Details CVEID: CVE-2012-5351 DESCRIPTION: Apache Axis2 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using a SAML...

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4399)

Summary IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability. Vulnerability Details CVEID: CVE-2019-4399 DESCRIPTION: IBM Cloud Orchestrator uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4459)

Summary IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability. Vulnerability Details CVEID: CVE-2019-4459 DESCRIPTION: IBM Cloud Orchestrator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1996)

Summary WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-1996 DESCRIPTION: I...

Security Bulletin: A security vulnerability has been identified in IBM Rational ClearQuest (CVE-2015-4996)

Summary A vulnerability was discovered in IBM Rational ClearQuest that allows an attacker to obtain the database login credentials. Vulnerability Details CVEID: CVE-2015-4996 DESCRIPTION: IBM ClearQuest could allow an attacker to trick it into connecting to a fake database server which would be...

Security Bulletin: IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2015-1920)

Summary The following security issue has been identified in WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2015-1920 DESCRIPTION: WebSphere Application Server could allow a remote attacker to execute arbitrary code by...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run Java code using the IBM runtim...

Security Bulletin: IBM MQIPT is affected by multiple vulnerabilities in IBM SDK, Java™ Technology Edition, Version 7 (CVE-2015-0488, CVE-2015-0478. CVE-2015-2808, CVE-2015-1916, CVE-2015-0204, CVE-2015-2613, CVE-2015-2601, CVE-2015-1931, CVE-2015-2625)

Summary Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM WebSphere MQ Internet Pass-Thru MQIPT. Patches for these are available in IBM SDK, Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 10 7.0.9.10 Vulnerability Details CVEID:...

IBM Security Access Manager Clickjacking Vulnerability

IBM Security Access Manager software is a highly scalable user authentication, authorization and Web SSO solution for implementing security policies on a variety of Web and application resources, centralized management of online portals. A clickjacking vulnerability exists in IBM Security Access...

IBM DB2 9.7 < Fix Pack 10 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is affected by the following vulnerabilities : - An input-validation error exists related to handling the 'ALTER MODULE' statement that allows buffer overflows. CVE-2014-3094 - An error exists related to handling...

IBM DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.5 running on the remote host is affected by one or more of the following issues : - An unspecified information disclosure error exists related to the XML feature that can allow improper access to arbitrary XML files. IC81461, CVE-2012-0713 -...

IBM DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.1 running on the remote host is prior to Fix Pack 10. It is, therefore, affected by one or more of the following issues : - It is possible to execute non-DDL statements even after an user's DBADM authority has been revoked. IC66811 - Multipl...

IBM DB2 9.1 < 9.1 Fix Pack 10 Multiple Vulnerabilities

Binary data 5749.prm...