Security Bulletin: Due to use of Scala, IBM Cloud Pak for Multicloud Management Monitoring could allow a remote authenticated attacker to execute arbitrary code on the system. [CVE-2022-36944]

Summary Scala is used by IBM Cloud Pak for Multicloud Management Monitoring, to process large amounts of data smoothly and efficiently. The vulnerability has been addresssed. Vulnerability Details CVEID:CVE-2022-36944 DESCRIPTION: Scala could allow a remote authenticated attacker to execute...

Security Bulletin: Due to use of Apache Cassandra , IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to an authenticated attacker to gaining elevated privileges.

Summary Apache cassandra is used by IBM Cloud Pak for Multicloud Management Monitoring as part of saving data on several components. Vulnerability Details CVEID:CVE-2023-30601 DESCRIPTION: Apache Cassandra could allow a local authenticated attacker to gain elevated privileges on the system, cause...

Security Bulletin: Due to use of FasterXML Jackson-databind, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial of service.

Summary Jackson-databind is used by IBM Cloud Pak for Multicloud Management Monitoring, as part of converting serializing/deserializing data formats from XML/JSON. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a...

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker...

Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826).

Abstract Vulnerability in IBM DB2 could allow an authenticated user to cause a stack-based buffer overflow and possibly attain remote code execution. Content VULNERABILITY DETAILS CVE ID: CVE-2012-4826 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allo...

Security Bulletin: Authentication bypass in IBM Tivoli Monitoring Service console

Summary The following security issues has been identified in the IBM Tivoli Monitoring Service console. Vulnerability Details CVEID: CVE-2019-4592 DESCRIPTION: IBM Tivoli Monitoring Service could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possib...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539, )

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in July 2018. An Open Source OpenSSL vulnerability has also been addressed. Vulnerability Details If you run your own...

Security Bulletin: Content Manager OnDemand for Multiplatforms is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729)

Summary Content Manager OnDemand for Multiplatforms is affected by Open Source Apache Xerces-C XML parser Vulnerabilities. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during...

Security Bulletin: ClearQuest Cross-Site Scripting (XSS) Vulnerability (CVE-2012-2169)

Summary IBM Rational ClearQuest Web client contains a Cross-Site Scripting vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVE ID:...

Security Bulletin: An unspecified vulnerability related to the Security component in IBM Java Runtime affects IBM Cognos Planning (CVE-2015-4872)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 SR16 FP7 that is used by IBM Cognos Planning. This issue was disclosed as part of the IBM Java SDK updates for October 2015 Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified...

IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities

Binary data 9200.prm...

IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (Logjam)

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, exists due to the support of...

IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, exists due to the support of...

IBM DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by one or more of the following issues : - An error exists related to the stored procedure 'SQLJ.DB2INSTALLJAR' that can allow 'JAR' files to be overwritten. Not...

IBM DB2 9.5 < 9.5 Fix Pack 7 Multiple Vulnerabilities

Binary data 5750.prm...

IBM DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.5 running on the remote host is prior Fix Pack 7. It is, therefore, affected by the following vulnerabilities : - The 'db2dasrrm' component included with such versions fails to perform sufficient bounds checks on user- supplied input, which ...

IBM WebSphere Application Server 7.0 < Fix Pack 7

IBM WebSphere Application Server 7.0 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the administrative console...

IBM DB2 9.1 < Fix Pack 7 Multiple Vulnerabilities

According to its version, the IBM DB2 server running on the remote host is prior to 9.1 Fix Pack 7. It is, therefore, affected by multiple vulnerabilities : - In certain situations an INNER JOIN predicate is applied before the OUTER JOIN predicate, which could result in disclosure of sensitive...

IBM DB2 9.1 < 9.1 Fix Pack 7 Information Disclosure

Binary data 5006.prm...