Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2024-38827)

Summary A vulnerability in VMware Tanzu Spring Security that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a locale dependent...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

Security Bulletin: IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource

Summary IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could allow a local authenticated attacker to bypass security restrictions, caused...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-39975 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by a double free in KDC TGS processing. By sending a specially crafted request, a remote authenticated attacke...

Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34042 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security, which is vulnerable to CVE-2023-34042. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Security

Summary Multiple vulnerabilities in VMware Tanzu Spring Security used by IBM InfoSphere Information Server were addressed. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Security could allow a...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...

Security Bulletin: IBM Operational Decision Manager August 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-2047...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 and CVE-2023-20862 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2022-31692 and CVE-2023-20862. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions,...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2023-20862)

Summary A vulnerability in VMware Tanzu Spring Security used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by the logout support feature...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. VMware Tanzu Spring Security and Spring Framework could allow a remote attacker to bypass security restrictions. VMware Tanzu Spring...

Security Bulletin: IBM Operational Decision Manager May 2023 - Multiple CVEs

Summary This Security Bulletin addresses the security vulnerabilities that have been fixed within the IBM Operational Decision Manager. This product now includes fixes for the following security vulnerabilities. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...