Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to multiple vulnerabilities due to DB2 (CVE-2025-33092, CVE-2025-33143)

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-33092 DESCRIPTION: IBM Db2 for Linux...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to stored cross-site scripting (CVE-2024-45073).

Summary The security issue described in CVE-2024-45073 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: CVE-2023-22045, CVE-2023-22049 affects IBM® SDK, Java™ Technology Edition affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition in version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22045...

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to information disclosure (CVE-2023-50315).

Summary The security issue described in CVE-2023-50315 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-50315)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics Installed IBM WebSphere Application Server traditional is vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary The security issue described in CVE-2023-51775 has been identified in the WebSphere Application Server traditional included as part of IBM Tivoli Composite Application Manager for Application Diagnostics Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to an insecure cryptographic algorithm and to information disclosure due to DB2 (CVE-2023-47152)

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle July 2023 CPU (CVE-2023-22045, CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by v4.1.0.4 to v4.1.1.1 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in July 2023. Vulnerability Details Refer to the security bulletins listed...

IBM Tivoli Application Dependency Discovery Manager Elevation of Privilege Vulnerability

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

Design/Logic Flaw

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142

CVE-2023-47142 affects IBM Tivoli Application Dependency Discovery Manager (TADDM) versions 7.3.0.0 through 7.3.0.10. The root cause is unauthorized API access, allowing an attacker on the local network to escalate privileges. Remediation per IBM is to upgrade to FixPack 7.3.0.11 (7.3-TIV-ITADDM-...

CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47143

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,...

CVE-2023-47144

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Cross site scripting

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting,...

Cross site scripting

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2023-47144

CVE-2023-47144 affects IBM Tivoli Application Dependency Discovery Manager (TADDM) versions 7.3.0.0–7.3.0.10. The vulnerability is a cross-site scripting (XSS) issue in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a tr...