395 matches found
Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure
Summary IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure. Vulnerability Details IBM X-Force ID: 268195 DESCRIPTION: Presto is vulnerable to server-side request forgery, caused by improper validating the...
Security Bulletin: IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857
Summary IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...
Security Bulletin: IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487
Summary IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. [CVE-2023-39017]
Summary IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: Quartz Job Scheduler could allow a remote attacker to execut...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)
Summary IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. Vulnerability Details CVEID:CVE-2023-29258 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service through a...
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)
Summary IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Vulnerability Details CVEID:CVE-2023-38003 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user with DATAACCESS privileges to execute...
Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804
Summary IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...
Security Bulletin: IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635
Summary IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by...
Security Bulletin: IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920
Summary IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tug...
Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights
Summary IBM Operations Analytics Predictive Insights uses Apache ActiveMQ software, as a core module in processing analytics data. The vulnerability CVE-2023-46604 found in Apache ActiveMQ could be exploited to download and infect Linux systems with the Kinsing malware. This bulletin identifies t...
Security Bulletin: IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010_x86_64.whl which is vulnerable to CVE-2023-41419
Summary IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010x8664.whl which is vulnerable to CVE-2023-41419. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to...
Security Bulletin: Apache Commons Compress component is vulnerable to CVE-2023-42503 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Apache Commons Compress package which is vulnerable to CVE-2023-42503. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to ope...
Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34042 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security, which is vulnerable to CVE-2023-34042. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could...
Security Bulletin: Netty is vulnerable to CVE-2023-4586 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses netty which is vulnerable to CVE-2023-4586. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by th...
Security Bulletin: Tornado is vulnerable to 263690 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses tornado, which is vulnerable to 263690. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 263690 DESCRIPTION: Tornado Web Server is vulnerable to HTTP request smuggling, caus...
Security Bulletin: Babel-traverse is vulnerable to CVE-2023-45133 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses babel-traverse which is vulnerable to CVE-2023-45133. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-38737 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-38737. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application...
Security Bulletin: Urllib3 is vulnerable to CVE-2023-43804 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses urllib3 which is vulnerable to CVE-2023-43804. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obta...
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609)
Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary...
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...