Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP (CVE-2021-40528)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP due to a flaw in GnuPG Libgcrypt. CVE-2021-40528. GnuPG Libgcrypt is used as part of the base image included in our service components. Please read the details for...

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificate...

Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to security restriction bypass due to CVE-2021-40528

Summary GnuPG Libgcrypt is provided as part of the base operating sysem in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to security restriction bypass. This bulletin provides patch information to address the...

Debian DLA-2691-1 : libgcrypt20 - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2691 advisory. An issue has been found in libgcrypt20, a crypto library. Mishandling of ElGamal encryption results in a possible side-channel attack and an interoperability problem with...

Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in OpenSSL. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server duri...

Security Bulletin: A vulnerability in GnuPG libgcrypt affects IBM Security Network Protection (CVE-2016-6313)

Summary A security vulnerability has been discovered in GnuPG libgcrypt, which is used by IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits...

Gnupg Libgcrypt CVE-2018-6829 Information Disclosure Vulnerability

Description Gnupg Libgcrypt is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Gnupg Libgcrypt 1.8.2 and prior are vulnerable. Technologies Affected Gnupg Libgcrypt 1.4.0 Gnupg Libgcrypt 1.4.3 Gnup...

GnuPG / libgcrypt multiple security vulnerabilities

Use-after-free, backside channels information disclosure...