Security Bulletin: IBM Predictive Maintenance and Quality (PMQ) UI: Missing Secure Attribute in Encrypted Session (SSL) Cookie (CVE-2020-4423)

Summary PMQ UI web application sends non-secure cookies over SSL. It may be possible to steal user and session information cookies that was sent during an encrypted session. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2022-21496, 2022-21299)

Summary IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises is bundled with IBM SPSS, IBM Cognos, IBM DB2 and IBM Websphere Application Server. IBM Websphere Application Server is vulnerable to Multiple Vulnerabilities in IBM® Java SDK CVE-2022-21496, 2022-21299...

Security Bulletin: An Unspecified Vulnerability in Java runtime affects Predictive Maintenance and Quality and Predictive Maintenance Insights (CVE-2021-35603)

Summary IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises is bundled with IBM SPSS, IBM Cognos, IBM DB2 and IBM Websphere Application Server Liberty. Some of the component products are vulnerable to unspecified vulnerability in Java runtime CVE-2021-35603. Thi...

Security Bulletin: Security vulnerability in WebSphere Application Server Liberty shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-39031)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. WebSphere Application Server Liberty is vulnerable to Identity Spoofing CVE-2022-22475. Vulnerability Details Refer to the security bulletins...

Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-38931,CVE-2021-20373)

Summary IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below. Interim fix is provided by DB2 for each of the fix pack...

Security Bulletin: Security vulnerability in WebSphere Application Server shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-23450)

Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo CVE-2021-23450. Vulnerability Details Refer to the security bulletin...

Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-38931,CVE-2021-20373)

Summary IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below. The recommended solution is to upgrade to Fix Pack version...

Security Bulletin: Predictive Maintenance and Quality and Predictive Maintenance Insights is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832).

Summary IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises are vulnerable to Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832 due to multiple components using Apache Log4j for logging. This has been addressed in each of the components;...

Security Bulletin: Security vulnerability in WebSphere Application Server Liberty shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-39031)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. WebSphere Application Server Liberty is vulnerable to LDAP Injection. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Security vulnerability in WebSphere Application Server shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-38951)

Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. WebSphere Application Server is vulnerable to a denial of service. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises(CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926)

Summary IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below. The recommended solution is to upgrade to Fix Pack version...

Security Bulletin: Security vulnerability in WebSphere Application Server shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-20517)

Summary IBM WebSphere Application Server ND shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises is vulnerable to a Directory Traversal vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Security vulnerability in WebSphere Application Server shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-29754)

Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises

Summary IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below. The recommended solution is to upgrade to Fix Pack version...

Security Bulletin: Security vulnerability in WebSphere Application Server shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-29736)

Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. This has been addressed. The recommended solution is to manually upgrade to the Interim Fix...

Security Bulletin: Multiple vulnerabilities in the Apache Commons Compress library used by WebSphere Application Server Liberty shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises

Summary There are multiple vulnerabilities in the Apache Commons Compress library that is used by WebSphere Application Server Liberty shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. This has been addressed. The recommended solution is to manually...

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) bundled with Predictive Maintenance and Quality and Predictive Maintenance Insights

Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Vulnerabilities have been identified in Apache Log4j which affect WebSphere Application Server CVE-2021-44228. The recommended solution is to manually...

Security Bulletin: Multiple security vulnerabilities may affect WebSphere Application Server Liberty shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises

Summary IBM WebSphere Application Server Liberty is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about some security vulnerabilities affecting WebSphere Application Server Liberty has been published in below security bulletin...