Security Bulletin: IBM Db2® Graph is vulnerable to remote execution of arbitrary commands due to Node.js CVE-2022-43548

Summary Node.js open source library used by IBM Db2® Graph is affected by vulnerability CVE-2022-43548. The fix updates Node.js to 18.12.1 Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an...

Security Bulletin: MFA may be bypassed for LDAP users in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary LDAP users which are configured to require Multifactor Authentication MFA can still authenticate to the Common Information Model CIM interface using only username and password, which will allow them to perform a subset of configuration actions described here:...

Security Bulletin: Vulnerabilities in the GNU C Libraries (glibc) affect IBM Flex System Manager(FSM) (CVE-2013-2207, CVE-2014-8121, CVE-2015-1781)

Summary Multiple security vulnerabilities have been discovered in the GNU C Library glibc that is embedded in the IBM FSM. These vulnerabilities are addressed in this bulletin. Vulnerability Details CVEID: CVE-2013-2207 DESCRIPTION: The GNU C Library glibc could allow a local attacker to bypass...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)

Summary There are multiple vulnerabilities in IBM SDK for Java Technology Edition that is used by IBM Business Process Manager and WebSphere Lombardi Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues wer...