81 matches found
Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack
Summary IBM Workload Scheduler is vulnerable to XML External Entity Injection XXE exploitation while handling uploaded XML configuration files. Vulnerability Details CVEID:CVE-2022-38389 DESCRIPTION: IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injectio...
Security Bulletin: There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management (CVE-2022-21681, CVE-2022-21680)
Summary There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in inline.reflinkSearch. By...
Security Bulletin: IBM Workload Scheduler potentially affected by jsoup XSS attacks (CVE-2022-36033)
Summary IBM Workload Scheduler is vulnerable to XSS attacks caused by jsoup, which may incorrectly sanitize HTML including javascript: URL expressions. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-suppli...
Security Bulletin: IBM Workload Scheduler potentially affected by vulnerability in Eclipse Openj9 (CVE-2021-41041)
Summary Eclipse Openj9 is vulnerable to attacks bypassing security restrictions that can potentially affect IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...
Security Bulletin: IBM Workload Scheduler potentially affected by cross-site scripting vulnerability in jQuery UI (CVE-2022-31160)
Summary jQuery UI is vulnerable to cross-site scripting attack that can potentially affect IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle April 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect App Connect Professional.
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Jul pr 2022, App Connect Professional have addressed the applicable CVEs. These vulnerabilities are addressed in App connec...
Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server Liberty shipped with Cloud Pak System (CVE-2022-22393, CVE-2022-22475)
Summary Vulnerabilities have been identified in WebSsphere Application Server Liberty shipped wioth Cloud Pak System. IBM Cloud Pak System ship with optional Single- Sign-On SSO feature. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty have been...
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956
Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...
Security Bulletin: IBM TRIRIGA Application Platform discloses CVE-2020-13956
Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2021-23926
Summary IBM TRIRIGA Application Platform discloses CVE-2021-23926 Vulnerability Details CVEID:CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML data. By sending a specially-crafted XML request, a remote...
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2016-3093
Summary IBM TRIRIGA Application Platform discloses CVE-2016-3093 Vulnerability Details CVEID:CVE-2016-3093 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker...
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-11987
Summary IBM TRIRIGA Application Platform discloses CVE-2020-11987 Vulnerability Details CVEID:CVE-2020-11987 DESCRIPTION: Apache XML Graphics Batik is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an...
Security Bulletin: Power Systems Firmware affected by vulnerability in OpenSSL (CVE-2016-0797)
Summary Power Systems Firmware affected by vulnerability in OpenSSL CVE-2016-0797 Vulnerability Details CVEID: CVE-2016-0797 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BNhex2bn/BNdec2bn function. An attacker could exploit this...
Security Bulletin: OpenSSL vulnerability affects App Connect professional v7.5.4.
Summary OpenSSL vulnerability is addressed in ACP v7.5.5.0, customer can migrate to this version without incurring any additional cost. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused b...
Security Bulletin: Clickjacking vulnerability in IBM WebSphere Application Server affects Cloud Pak System
Summary A Clickjacking vulnerability has been identified in IBM WebSphere Application Server, a supporting product which is shipped as pattern type with Cloud Pak System. This Security bulletin applies to Cloud Pak System Software and Cloud Pak System Software Suite. Vulnerability Details Refer t...
Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by verbose error message (CVE-2020-4357)
Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4357 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitiv...
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which is packaged in IBM ESS (CVE-2022-22368)
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale which is packagaed in IBM ESS that could allow an attacker to decrypt highly sensitive information. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2022-22368 DESCRIPTION: IBM...
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unauthorized user can send arbitrary data to the CLI commands and daemon (CVE-2020-4926)
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale where an unauthorized user can send arbitrary data to the CLI commands and daemon. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4926 DESCRIPTION: A vulnerability in the...
Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2021-39038)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Spectrum Scale, which could allow a remote attacker to hijack the victim's click actions and possibly launch further attacks against the victim. Vulnerability Details CVEID: CVE-2021-39038 DESCRIPTION: IBM...