63 matches found
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-45105) affects the IBM Performance Management product
Summary The APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44228 and fixed in Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to ...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44832) affects the IBM Performance Management product
Summary The APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44832 and fixed in Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a...
Security Bulletin: Multiple vulnerabilities in IBM Websphere Application Server affect the IBM Performance Management product
Summary Multiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote attacker to exploit them to cause a denial of service condition against services that use Compress' zip package. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product.
Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product.
Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2020-5024 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects the IBM Performance Management product
Summary The APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44228 and fixed in Log4j v2.16. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remot...
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product
Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...
Security Bulletin: Multiple vulnerabilities affect the IBM Performance Management product
Summary Multiple vulnerabilities affect the IBM Performance Management product. Vulnerability Details CVEID: CVE-2020-4726 DESCRIPTION: The IBM Application Performance Monitoring UI allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2601 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the...
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products Q3 2020
Summary IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability Q3 2020 Vulnerability Details CVEID: CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an...
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
Summary CVE-2019-2949 deferred from Oracle Oct 2019 CPU Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product
Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4720)
Summary IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM Performance Management has addressed the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...
Security Bulletin: A vulnerability in Netty affects the IBM Performance Management product (CVE-2019-16869)
Summary Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4305)
Summary A vulnerability in IBM Websphere Application Server - Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM Performance Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4305 DESCRIPTION: IBM...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4304)
Summary A vulnerability in IBM Websphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM Performance Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-11772 DESCRIPTION: In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...
Security Bulletin: A vulnerability in Apache CFX affects the IBM Performance Management product (CVE-2019-12406)
Summary Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this...