14 matches found
Security Bulletin: IBM Cloud Pak for Data is vulnerable to installation failure due to opm ( CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2015-3627, CVE-2023-25173, CVE-2023-25153, CVE-2022-23471, CVE-2023-24532 )
Summary Opm is used by IBM Cloud Pak for Data as part of the installation operator catalog. CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2015-3627, CVE-2023-25173, CVE-2023-25153, CVE-2022-23471, CVE-2023-24532. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerabl...
Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data
Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol...
Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]
Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...
Security Bulletin: IBM Cloud Pak for Data is vulnerable due to github.com/golang/net ( CVE-2023-3978, CVE-2023-45288 )
Summary github.com/golang/net is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-3978, CVE-2023-45288. Vulnerability Details CVEID:CVE-2023-3978 DESCRIPTION: Golang html package is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a bypass security (CVE-2024-35195)
Summary There is a security bypass in psf Requests used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to remote authentication attack due to Kubernetes Scheduler code ( CVE-2023-5528 )
Summary Kubernetes Scheduler code is used by IBM Cloud Pak for Data Scheduling as part of the scheduling binaries. CVE-2023-5528. Vulnerability Details CVEID:CVE-2023-5528 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to gain elevated privileges on the system, caused...
Security Bulletin: Vulnerability in babel affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-42771]
Summary The babel package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVECVE-2021-42771 Vulnerability Details CVEID:CVE-2021-42771 DESCRIPTION: Python-Babel Babel could allow a local authenticated attacker to traverse directories o...
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to DOS due to opm ( CVE-2023-25173, CVE-2023-25153 ).
Summary Opm is used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions,...
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to python vulnerability ( CVE-2022-40897 )
Summary Python is used by IBM Cloud Pak for Data as part of the Ansible operator for installation. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular...
Code injection
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034...
Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105)
Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in Openshift Logging. This bulletin provides a remediation for the Apache Log4j vulnerability CVE-2021-45105. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the...
CVE-2021-38899
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575...
CVE-2021-38899
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575...
CVE-2021-20486
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668...