Security Bulletin: Content Manager Enterprise Edition for March 2024 - CVE-2023-3894

Summary Content Manager Enterprise Edition is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-389...

Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused ...

Security Bulletin: IBM InfoSphere Information Server Suite: Source disclosure in InfoSphere information Server’s Help System (CVE-2013-0467)

Abstract Security Bulletin: IBM InfoSphere Information Server Suite: Source disclosure in InfoSphere information Server’s Help System CVE-2013-0467 Content SUMMARY: This bulletin addresses potential source disclosures in InfoSphere Information Server’s Help System VULNERABILITY DETAILS: CVE ID:...

Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in Java SE related to the JSSE component

Summary Vulnerability found in Java SE related to the JSSE component used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: Apache PDFBox as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-31811, CVE-2021-31812)

Summary Apache PDFBox as used by IBM QRadar SIEM is vulnerable to denial of service Vulnerability Details CVEID: CVE-2021-31811 DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception while loading a file. By persuading a victim to open a...

Security Bulletin: PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-32028, CVE-2021-32027)

Summary PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT …...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoringhas applied security fixes for its use of Mozilla Firefox

Summary IBM Cloud Pak for Multicloud Management Monitoringhas applied security fixes for its use of Mozilla Firefox. Vulnerability Details CVEID: CVE-2021-29976 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within...

Security Bulletin: A security vulnerability in PostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management.

Summary A security vulnerability in PostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2021-32027 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer...

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on...

Security Bulletin: A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-32804 DESCRIPTION: Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient absolute...

Security Bulletin: A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-32803 DESCRIPTION: Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient symlink...

Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-36221 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a...

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix f...

Security Bulletin: A security vulnerability in Node.js axios module affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Node.js axios module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim...

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. If the https API was used...

Security Bulletin: Multiple vulnerabilities in InfoSphere BigInsights (CVE-2013-3998, CVE-2013-3997)

Summary InfoSphere BigInsights is vulnerable to HTTP response splitting and allows open redirects. Vulnerability Details CVE ID: CVE-2013-3998 DESCRIPTION: The InfoSphere BigInsights Web Application Enterprise Console does not prevent HTTP response splitting. HTTP response splitting can be used t...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM UrbanCode Build (CVE-2014-0227)

Summary Apache Tomcat is vulnerable to HTTP request smuggling. Apache Tomcat is used by IBM UrbanCode Build. Vulnerability Details CVE-ID: CVE-2014-0227 Description: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed...

Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects Rational Reporting for Development Intelligence (CVE-2017-1681)

Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the IBM WebSphere Application Server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application...

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4057, CVE-2013-4058 and CVE-2013-4059)

Summary Security vulnerabilities exist in various versions of IBM InfoSphere Information Server or constituent products. See the individual descriptions for details. Vulnerability Details CVE ID: CVE-2013-4057 DESCRIPTION: Due to insufficient safeguards against cross-site request forgery in...

Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI

Summary Vulnerabilities have been addressed in the open source zlib library component of IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointe...