Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to GNOME libxml2 denial of service vulnerability [ CVE-2024-25062]

Summary Potential GNOME libxml2 denial of service vulnerability CVE-2024-25062 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-25062...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein, including those in Java, Go, Python and Node.js Vulnerability Details CVEID:CVE-2023-2602 DESCRIPTION: libcap is vulnerable to a denial of service, caused by a memory leak flaw in the error...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Python

Summary Potential vulnerabilities in Python have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-28861 DESCRIPTION: Python could allow a...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)

Summary Potential Gnome ibxml2 arbitrary code execution vulnerabilities CVE-2022-40304, CVE-2022-40303 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-40304 DESCRIPTION: Gnome...

Security Bulletin: CVE-2023-29469 may affect IBM CICS TX Advanced 10.1

Summary CVE-2023-29469 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-29469 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by a double free flaw in the xmlDictComputeFastKey function d...

Security Bulletin: CVE-2023-28484 may affect IBM CICS TX Advanced 10.1

Summary CVE-2023-28484 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-28484 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the...

IBM Cognos Analytics Multiple Vulnerabilities (6986505)

The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x prior to 11.2.4 FP1. It is, therefore, affected by multiple vulnerabilities, including the following: - GNOME libxml2 could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-41903 DESCRIPTION: Git could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when processin...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40304)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 caused by a dict corruption flaw.CVE-2022-40304. Gnome libxml2 is included as part of the Base OS used by our service images. Please read the details for remediati...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40303)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 caused by an integer overflow in the XMLPARSEHUGE function CVE-2022-40303. Gnome libxml2 is included as part of the Base OS used by our service images. Please read...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in GNOME libxml2 (CVE-2016-3709)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in GNOME libxml2 caused by improper validation of user-supplied input by the KippoInput.class.php script. CVE-2016-3709. GNOME libxml2 is included as part of the Base OS used by our servi...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Freedesktop D-Bus is used by IBM Robotic Process Automation as part of container base images CVE-2022-42010, CVE-2022-42011, CVE-2022-42012. GNU Libtasn1 is used by IBM Robotic Process Automation as...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2 (CVE-2022-29824)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2, caused by an integer overflows in several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer CVE-2022-29824. GNOME libxml2 is used as part of the base image...

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By usi...

Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-19126 DESCRIPTION: GNU C Library could allow a local attacker to bypass security restrictions, caused by failing to ignore...

CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...

CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...