Security Bulletin: Vulnerability in IBM® Host Access Beans affects IBM Host Access Transformation Services

Summary There is a vulnerability in IBM Host Access Beans 4 used by Host Access Transformation Services. Host Access Transformation Services has provided a fix for the applicable CVE. The CVE is listed as CVE-2021-38938. Vulnerability Details CVEID:CVE-2021-38938 DESCRIPTION: IBM Host Access...

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283

Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2024-52798

Summary path-to-regexp-0.1.10.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575).

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM i. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS...

Security Bulletin: IBM App Connect Enterprise has multiple vulnerabilities due to IBM Semeru Runtime (CVE-2024-21131, CVE-2024-21144, CVE-2024-21145)

Summary IBM App Connect Enterprise has multiple vulnerabilities due to IBM Semeru Runtime CVE-2024-21131, CVE-2024-21144, CVE-2024-21145. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Vulnerability in Go affect Cloud Pak System [CVE-2023-39323]

Summary Vulnerability in Golang Go affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-39323 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by improper enforcement of line directive restrictions in the "//go:cgo" directives. By...

Security Bulletin: Denial of service vulnerability in Amazon Ion may affect IBM Storage Protect Server

Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to information exposure in a URL (CVE-2023-50954)

Summary An information exposure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-50954 DESCRIPTION: IBM InfoSphere Information Server returns sensitive information in URL information that could be used in further attacks against the system. CVSS...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in t...

AIX is affected by a denial of service due to Python (CVE-2024-0450)

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:07:51 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory10.asc Security Bulletin: AIX is affected by a denial of service due to Python CVE-2024-0450...

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2024 Vulnerability Advisory, plus CVE-2024-3933. For more information please refer to OpenJDK's April 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...

Security Bulletin: CVE-2024-3933 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to SnakeYAML (CVE-2022-38752)

Summary IBM Sterling Partner Engagement Manager uses SnakeYAML. Vulnerability Details CVEID:CVE-2022-38752 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker coul...

Security Bulletin: IBM Transformation Extender Advanced vulnerable to LDAP security bypass due to Apache Derby [CVE-2022-46337]

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, includes and supports Apache Derby as a pre-production database for developers. LDAP for Apache Derby is not supported in production deployment of IBM Transformation Extender Advanced. This bulletin...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system [CVE-2023-46604]

Summary Apache ActiveMQ is used by the IBM Datapower Operations Dashboard in its messaging infrastructure. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could all...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale

Summary There are vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: Windows TCP/IP Denial of Service Vulnerability affect Cloud Pak System [CVE-2023-36602]

Summary Windows TCP/IP Denial of Service Vulnerability affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-36602 DESCRIPTION: Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the TCP/IP component. By sending a specially crafted request, a remote attacker could...

Security Bulletin: Apache commons fileupload vulnerability affect embedded Content Platform Engine in IBM Business Automation Workflow - CVE-2023-24998

Summary The embedded Content Platform Engine in IBM Business Automation Workflow is affected by Apache commons fileupload vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the numb...

Security Bulletin: AIX is vulnerable to denial of service due to AIXWindows (CVE-2023-45172)

Summary A vulnerability in AIXwindows could allow a non-privileged local user to cause a denial of service CVE-2023-45172. Vulnerability Details CVEID:CVE-2023-45172 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in AIXwindows to cause a denial of service...

Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Libxml2

Summary The following vulnerabilites in Libxml2 have been addressed by IBM Flex System switch firmware products. Vulnerability Details CVEID: CVE-2021-3517 DESCRIPTION: GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal in...