Security Bulletin: Due to use of International Components for Unicode, IBM Rational ClearQuest is vulnerable to buffer overflow.

Summary Multiple vulnerabilities in International Components for Unicode used within IBM Rational ClearQuest have been addressed CVE-2020-10531, CVE-2011-4599, CVE-2014-8146 Vulnerability Details CVEID:CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C++ is vulnerable to...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when...

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service attacks due to snakeYAML

Summary SnakeYAML is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service attacks. CVE-2022-25857, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749, CVE-2022-38750 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package...

CVE-2013-0589

IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371...

CVE-2013-0594

The affected software is IBM iNotes (formerly IBM Lotus iNotes). Affected versions are IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1. The vulnerability is an open redirect that allows remote attackers to redirect users to arbitrary websites and potentially conduct phishing. The exact ro...

CVE-2013-0594

Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383...

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities

Summary IBM Cloud Orchestrator has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2013-0340 DESCRIPTION: expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. By persuading a victim to open a specially crafted XML...

Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to unsafe third-party links.

Summary Atlas eDiscovery Process Management has addressed the following vulnerability: An authenticated attacker could obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. The third-party links with target="blank" attribute and no rel="noopener noreferrer"...

Security Bulletin: Rational Change can be affected by vulnerabilities in the IBM Eclipse Help System (CVE-2013-0464 and CVE-2013-0467)

Summary IBM Rational Change can be affected by two vulnerabilities Cross-site scripting and Help system's source code disclosure by using a specially crafted URL in the IBM Eclipse Help System IEHS, which is used to display the IBM Rational Change help content. Vulnerability Details | Subscribe t...

IBM DB2 Connect 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (Windows)

According to its version, the installation of IBM DB2 Connect on the remote Windows host is either 9.7 prior to Fix Pack 11 Special Build 36621, 10.1 prior to Fix Pack 6 Special Build 36610, 10.5 prior to Fix Pack 8 Special Build 36605, or 11.1.2 prior to Fix Pack 2. It is, therefore, affected by...

IBM DB2 10.1 < Fix Pack 5 / 10.5 < Fix Pack 6 Multiple Vulnerabilities

Binary data 9199.prm...

IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 6. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the IBM Global Security Kit GSKit when handling RSA temporary keys in a non-export RSA key exchange...

IBM DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities

According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 6. It is, therefore, affected by multiple vulnerabilities : - A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent ITMA to escalate their privileges. CVE-2011-4061 ...

IBM DB2 9.1 < 9.1 Fix Pack 6 Multiple Vulnerabilities

Binary data 4721.prm...

IBM DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.1 running on the remote host is affected by one or more of the following issues : - An unspecified error in 'SQLNLSUNPADDEDCHARLEN' may lead to a segmentation fault in the DB2 server. LI73364 - DB2 does not mark inoperative or drop views and...