CVE-2019-4243

CVE-2019-4243 affects IBM Operations Analytics - Log Analysis (Solr component) for versions 1.3.1–1.3.5. The vulnerability allows unauthorized disclosure by enabling access to files such as solrconfig.xml and could enable disruptive administrator actions due to unrestricted access. IBM's remediat...

CVE-2019-4216

CVE-2019-4216 affects IBM Operations Analytics - Log Analysis (formerly SmartCloud/Log Analysis) versions 1.3.1–1.3.5. The vulnerability is a host header injection in HTTP requests, which could lead to HTTP cache poisoning or firewall bypass. The IBM security bulletin confirms the affected versio...

CVE-2019-4214

CVE-2019-4214 affects IBM SmartCloud Analytics / IBM Operations Analytics - Log Analysis versions 1.3.1–1.3.5. The issue is that authorization tokens and session cookies lack the Secure attribute, potentially allowing sensitive information to be exposed via MITM attacks. The NVD/NVD-derived data ...

CVE-2019-4214

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...

CVE-2019-4215

CVE-2019-4215 affects IBM Operations Analytics - Log Analysis versions 1.3.1 through 1.3.5 and is a clickjacking vulnerability. The IBM Security Bulletin details a vulnerability in Log Analysis that could allow a remote attacker to hijack the victim’s click actions by persuading them to visit a m...

CVE-2019-4215

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2019-4216

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187...

IBM Maximo Asset Management CVE-2019-4512 Information Disclosure Vulnerability

Description IBM Maximo Asset Management is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected IBM Control Desk IBM Maximo Asset Management 7.6.1.1 IBM Maximo for Aviation IBM...

A security vulnerability has been identified in IBM DB2 shipped with IBM Maximo Asset Management (CVE-2019-4094)

Summary IBM DB2 is shipped as a component of IBM Maximo Asset Management. Information about the security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-4094 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Serv...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.15 and Version 7.0.9.20 these are used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as...

Security Bulletin: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-3025)

Summary Cross-site scripting security vulnerability on webclient/utility/.jsp in Maximo Asset Mgmt, Tivoli Asset Mgmt for IT, Tivoli Service Request Mgr, Change and Configuration Mgmt Database, and SmartCloud Control Desk. Vulnerability Details DESCRIPTION: Customers who have Maximo Asset...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management (CVE-2017-1380)

Summary There is a potential security vulnerability in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consul...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management (CVE-2017-1382)

Summary There is a potential security vulnerability in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consul...

Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2016-8919)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. Information about a security vulnerability affecting IBM WebSphere Application...

Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2017-1121)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. Information about a security vulnerability affecting IBM WebSphere Application...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2016-8934)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. Information about a security vulnerability affecting IBM WebSphere Application...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2016-0377)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. Information about a security vulnerability affecting IBM WebSphere Application...

Security Bulletin: A security vulnerability has been identified in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise edition (CVE-2015-0254)

Summary IBM WebSphere Application Server is shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. Additionally, IBM Business Process Manager is shipped with IBM Cloud Orchestrator. The IBM SmartCloud Cost Management and IBM Tivoli Monitoring are shipped with Cloud Orchestrator...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-0385)

Summary IBM WebSphere Application Server and IBM Business Process Manage are shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Detail...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server shipped with SmartCloud Provisioning (CVE-2016-5573, CVE-2016-5597)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition 6 that affect WebSphere Application Server shipped with SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in October 2016. SmartCloud Provisioning product software reached suppor...