Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to information disclosure and weaker security (CVE-2022-43901, CVE-2022-43900)

Summary IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2022-43901 DESCRIPTION: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could...

Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation

Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat [CVE-2024-34750]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by a flaw when processing an HTTP/2 stream CVE-2024-34750. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read t...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to systemd denial of service and information disclosure vulnerabilities( CVE-2022-3821, CVE-2022-4415)

Summary Potential systemd denial of service and information disclosure vulnerabilities CVE-2022-3821, CVE-2022-4415 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-3821...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by an OpenSSL vulnerability

Summary There is a vulnerability in OpenSSL used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator havs addressed the applicable CVE, CVE-2020-1971. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products an...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Log4j. Vulnerability Details CVEID: CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appende...