420 matches found
Security Bulletin: Denial of service vulnerability affects IBM Business Automation Workflow Event Emitters - CVE-2023-43642
Summary IBM Business Automation Workflow Event Emitters package a copy of snappy with a known vulnerability. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafte...
Security Bulletin: Multipe vulnerabilities in DITA may affect IBM Business Automation Workflow Case Management docGenerator feature (CVE-2023-2976, CVE-2022-44729, CVE-2022-44730)
Summary IBM Business Automation Workflow provides a feature for generating "solution description documents" building upon an open source framework DITA. Vulnerabilities have been reported for open-source libraries repackaged by DITA. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google...
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to server-side request forgery due to Eclipse Jetty (261776)
Summary IBM Sterling Connect:Direct Browser User Interface uses Eclipse Jetty server. Vulnerability Details IBM X-Force ID: 261776 DESCRIPTION: Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity XXE declarations by the XmlParser. By...
Security Bulletin: Due to use of Netty, IBM® MobileFirst Platform is vulnerable to a denial of service.
Summary Netty is used by IBM® MobileFirst Platform. CVE-2023-34462 Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a...
Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Jazz Reporting Services.
Summary IBM Jazz Reporting Service Application Suite uses Google Guava package which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation...
Security Bulletin: There is a vulnerability in ICU used by IBM Jazz Reporting Service (CVE-2018-18928)
Summary There is a vulnerability in ICU used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of ICU that resolves the issue. Vulnerability Details CVEID: CVE-2018-18928 DESCRIPTION: International Components for Unicode ICU is vulnerable to a...
Security Bulletin: Vulnerability in Apache Jena-arq library affects IBM Engineering Lifecycle Optimization - Publishing
Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena-arq Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of user querie...
Security Bulletin: Vulnerabilities in CKEditor library affects IBM Engineering Test Management (ETM) (CVE-2021-32809, CVE-2021-37695)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-32809 DESCRIPTION: CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML...
Security Bulletin: ITCAM for Transactions affect by the Security vulnerability CVE-2020-10683 found in dom4j-1.6.1.jar
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following dom4j-1.6.1.jar vulnerability and updated dom4j-1.6.1.jar to version 2.1.4 Vulnerability Details CVEID:CVE-2020-10683 DESCRIPTION: dom4j could allow a remote authenticated...
Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2016-5725 found in jsch-0.1.40.jar
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following jsch-0.1.40.jar vulnerability and updated jsch.jar from version 0.1.40 to 0.1.55 Vulnerability Details CVEID:CVE-2016-5725 DESCRIPTION: JSch could allow a remote attacker to...
Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2018-1000632 found in dom4j-1.6.1.jar
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following dom4j-1.6.1.jar vulnerability and updated dom4j.jar file from version 1.6.1 to 2.1.4 Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote...
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty.
Summary There are multiple vulnerabilities in Jetty Server. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...
Security Bulletin: IBM Jazz for Service Management is vulnerable to commons-fileupload-1.4.jar (Publicly disclosed vulnerability found by Mend) (CVE-2023-24998)
Summary IBM Jazz for Service Management is vulnerable to commons-fileupload-1.4.jar Publicly disclosed vulnerability found by Mend. The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipar file upload functionality to servlets and web application...
Security Bulletin: Daeja ViewONE may be affected by Bouncy Castle Vulnerability (CVE-2023-33201)
Summary ViewONE has a bundled version of Bouncy Castle containing a known security issue. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 nam...
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit th...
Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper preserve of system...
Security Bulletin: A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in the toNumber, trim and...
Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js node-fetch module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2020-15168 DESCRIPTION: Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor the size option after following a redirect. By...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2021-39239 due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0. Apache Jena is used by IBM Engineering Requirements Management DOORS Next for working with RDF models. The fix disables...