Security Bulletin: IBM InfoSphere Information Server Suite: Source disclosure in InfoSphere information Server’s Help System (CVE-2013-0467)

Abstract Security Bulletin: IBM InfoSphere Information Server Suite: Source disclosure in InfoSphere information Server’s Help System CVE-2013-0467 Content SUMMARY: This bulletin addresses potential source disclosures in InfoSphere Information Server’s Help System VULNERABILITY DETAILS: CVE ID:...

Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44228

Summary IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44228. Log4j is used by various microservices either directly or indirectly through dependent open source software for logging messages to files. Vulnerability Details CVEID: CVE-2021-4422...

Security Bulletin: Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-30468)

Summary Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service Vulnerability Details CVEID: CVE-2021-30468 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by an infinite loop flaw in the JsonMapObjectReaderWriter function. By sending a specially-crafted JSON...

Security Bulletin: Apache PDFBox as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-31811, CVE-2021-31812)

Summary Apache PDFBox as used by IBM QRadar SIEM is vulnerable to denial of service Vulnerability Details CVEID: CVE-2021-31811 DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception while loading a file. By persuading a victim to open a...

Security Bulletin: PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-32028, CVE-2021-32027)

Summary PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT …...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Information disclosure (CVE-2021-38887)

Summary An Information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-38887 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information from application response requests that...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Business Service Manager (CVE-2020-14577)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: An unspecified vulnerability in Ja...

Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams

Summary Websphere Application Server Liberty vulnerability CVE-2020-4421 affecting IBM Streams. Vulnerability Details CVEID: CVE-2020-4421 DESCRIPTION: IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify...

Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams

Summary Websphere Application Server Liberty vulnerability CVE-2020-4329 affecting IBM Streams Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain...

Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry (CVE-2015-1819)

Summary IBM SmartCloud Entry is vulnerable to several libxml2 vulnerabilities. Remote attackers can exploit them to consume all available memory resources. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injecti...

Security Bulletin: GSKit and Hash Selection Vulnerability (CVE-2016-0201 )

Summary IBM Cloud Manager with OpenStack is vulnerable to a GSKit vulnerability, which allows the attackers to exploit this vulnerability to obtain authentication credentials. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive...

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4057, CVE-2013-4058 and CVE-2013-4059)

Summary Security vulnerabilities exist in various versions of IBM InfoSphere Information Server or constituent products. See the individual descriptions for details. Vulnerability Details CVE ID: CVE-2013-4057 DESCRIPTION: Due to insufficient safeguards against cross-site request forgery in...

Security Bulletin: A vulnerability in the GSKit component of IBM Cognos Controller (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Cognos Controller. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to...

IBM Domino 9.0.x < 9.0.1 Fix Pack 3 Interim Fix 2 GIF Code Execution

According to its banner, the version of IBM Domino formerly IBM Lotus Domino running on the remote host is 9.0.x prior to 9.0.1 Fix Pack 3 FP3 Interim Fix 2 IF2. It is, therefore, potentially affected by an integer truncation error when processing GIF files. A remote attacker, using a crafted GIF...

IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.1 running on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow error exists related to input validation in the Audit facility and could lead to privilege escalation and denial of service attacks...

IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 3 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - Unspecified cross-site scripting issues exist related to the administrative console. PM52274, PM53132 - An issue related to the weak...

IBM Lotus Symphony < 3.0 Fix Pack 3 Multiple Vulnerabilities

The version of IBM Lotus Symphony was found to be less than 3.0 Fix Pack 3. Such versions are affected by multiple vulnerabilities: - Multiple unspecified vulnerabilities. CVE-2011-2884 - Opening a .doc document with a user defined toolbar can cause an application crash. CVE-2011-2885 - Opening a...

IBM DB2 9.7 < 9.7 Fix Pack 3 Multiple Vulnerabilities

Binary data 5751.prm...

IBM DB2 9.7 < Fix Pack 3 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is prior Fix Pack 3. It is, therefore, affected by one or more of the following issues : - When privileges on a database object are revoked from PUBLIC, the dependent functions are not marked INVALID. As a result...

IBM WebSphere Application Server 7.0 < Fix Pack 3 Multiple Vulnerabilities

Binary data 4991.prm...