14 matches found
Security Bulletin: Vulnerablity in Apache Log4j may affect IBM APM Internet Service Monitoring Agent
Summary There is a vulnerability in the Apache log4j library used by IBM APM Internet Service Monitoring Agent. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...
Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-318...
Security Bulletin: Multiple vulnerabilities in The Bouncy Castle Crypto Package For Java affect IBM Application Performance Management products
Summary The Bouncy Castle Crypto Package For Java is used by IBM Application Performance Management. The vulnerabilities below have been addressed. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain...
Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Application Performance Management products
Summary Apache Log4j is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with...
Security Bulletin: Multiple vulnerabilities in Apache POI affect IBM Application Performance Management products
Summary Apache POI is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2017-12626 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG...
Security Bulletin: Multiple vulnerabilities in libthrift affect IBM Application Performance Management products
Summary libthrift jar is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION: Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had...
Security Bulletin: Multiple vulnerabilities in apache batik affect IBM Application Performance Management products.
Summary Apache batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2019-17566 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an...
Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management.
Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM...
Security Bulletin: Multiple vulnerabilities in gson-2.2.4.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in gson-2.2.4.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused b...
Security Bulletin: Vulnerability in Apache Log4j affects some features of Internet Service Monitoring Agent for IBM Application Performance Management(CVE-2021-4104)
Summary Apache Log4j open source library used by "Internet Service Monitoring Agent" ISM Agent is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. ISM Agent has addressed the applicable CVE. As a part of solution log4j has been upgraded to...
Security Bulletin: Multiple vulnerabilities affect the IBM Performance Management product
Summary Multiple vulnerabilities affect the IBM Performance Management product. Vulnerability Details CVEID: CVE-2020-4726 DESCRIPTION: The IBM Application Performance Monitoring UI allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS...
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
Summary CVE-2019-2949 deferred from Oracle Oct 2019 CPU Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...
Security Bulletin: IBM Application Performance Management could allow a remote attacker to hijack the clicking action of the victim (CVE-2019-4086)
Summary IBM Application Performance Management could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attac...
Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.
Summary Multiple browsers could allow a remote attacker to obtain sensitive information, caused by the failure to consider the role of the TCP congestion window in providing information about content length by the HTTPS protocol or by the HTTP/2 protocol. By visiting a Web site owned by a malicio...