Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-22455)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-22455 DESCRIPTION: IBM Security Verify Identity Manager performs an operation at a privilege level that is higher than the minimum...

CVE-2021-27760

The CVE-2021-27760 entry concerns HCL Notes 11.0–11.0.1 FP4 Sametime Embedded chat clients, where an authenticated Sametime chat user can trigger Remote Code Execution on another chat client by sending a specially formatted message containing Javascript code. The vulnerability arises in group cha...

Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228)

Summary IBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-44228 vulnerability. Please note that this Security Bulletin has been...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.0.13 FP4. These vulnerabilities have also been addressed in previous versions of IBM Cognos Analytics 11.1.x . Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial...

Insecure TLS Configurations

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1161-1) (Bar Mitzvah) (FREAK)

IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/IBMSecurityUpdat eMay 2015 CVEs addressed: CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458...

Security Bulletin: IBM Cognos Controller is affected by HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)

Summary There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel. Vulnerability Details CVEID: CVE-2015-2017 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could...

SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1138-1) (Bar Mitzvah) (FREAK)

IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/IB MSecurityUpdateMay2015 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-046...

SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-2) (Bar Mitzvah) (FREAK)

IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/IB MSecurityUpdateMay2015 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-046...

SUSE-SU-2015:1161-1 Security update for java-1_6_0-ibm

IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/IBMSecurityUpdateMay2015 CVEs addressed: CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-04...

SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2013:1669-1)

IBM Java 5 SR16-FP4 has been released which fixes lots of bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2013-4041, CVE-2013-5375, CVE-2013-5372, CVE-2013-5843, CVE-2013-5830, CVE-2013-5829, CVE-2013-5842,...

RHEL 6 : java-1.6.0-ibm (RHSA-2015:1006)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1006 advisory. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several...

Important: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CVE-2013-2992

The CVE-2013-2992 entry affects IBM WebSphere Commerce 7.0 (FP4–FP6) in the Search component, where certain search-term association configurations allow a remote attacker to trigger a denial of service via a crafted query. The vulnerability is embedded in the WebSphere Commerce Search functionali...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Basic Services component in IBM Tivoli Monitoring ITM 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business formerly Tivoli Foundations Application Manager 1.2.1...

IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability

The host is running IBM DB2 and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2drdareqdosvuln.nasl 6018 2017-04-24 09:02:24Z teissa $ IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0155)

Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security...

CVE-2010-0920

Cross-site scripting XSS vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...