66 matches found
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to weaker than expected security due to Node.js bcprov-jdk15on (235079)
Summary IBM Sterling Connect:Direct Web Services uses Node.js org.bouncycastle:bcprov-jdk15on module which could provide weaker than expected security. The issue has been addressed. Vulnerability Details IBM X-Force ID: 235079 DESCRIPTION: Node.js org.bouncycastle:bcprov-jdk15on module could...
Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security
Summary FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security, caused by not having entity expansion secured properly CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2022-35255 and CVE-2022-35256
Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands may be vulnerable to HTTP request smuggling and weaker than expected security. This bulletin provides patch...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.5. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker cou...
Security Bulletin: Multiple Vulnerabilities in node.js
Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...
Security Bulletin: Multiple Vulnerabilities in Cloud Pak for Watson AIOPs
Summary 3.5 Fixes the following vulnerabilities: CVE-2022-1154, CVE-2018-25032, CVE-2020-29582, CVE-2022-24329, CVE-2022-29217, CVE-2022-22476, CVE-2022-1271, CVE-2022-0778 Vulnerability Details CVEID:CVE-2022-1154 DESCRIPTION: Vim is vulnerable to a heap-based buffer overflow, caused by a...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
Summary Multiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION:...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...
Security Bulletin: Vulnerabilities in Celery, Golang Go, and Python affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift
Summary Vulnerabilities in Celery, Golang Go, and Python such as execution of arbitrary commands, denial of service, and weaker than expected security might affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and Red Hat OpenShift Vulnerability Details CVEID: CVE-2021-237...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal
Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-13938 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of insufficient...
Security Bulletin: Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Bouncy Castle, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacke...
Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis
Summary There is various type of vulnerabilities in Bouncy Castle that affect Apache Solr. The list can be found at Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute...
Security Bulletin: Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000613, CVE-2017-13098, CVE-2018-1000180)
Summary Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection fl...
Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox
Summary Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown...
Security Bulletin: A Security vulnerability in Apache Tomcat used by Rational Build Forge (CVE-2017-15706)
Summary There is a potential security vulnerability in the Apache Tomcat used by Rational Build Forge. Vulnerability Details CVEID: CVE-2017-15706 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by the incorrect documentation of the CGI search algorithm used by the...
Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics
Summary Expat vulnerabilities were disclosed August and September 2016. Expat is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2012-6702 DESCRIPTION: Expat, when used in a parser that has not called XMLSetHashSalt or passe...
Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities
Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-1137 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive...
Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194)
Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities related to IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1567 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through th...
Security Bulletin: Weaker than expected security in WebSphere Application Server (shipped with Jazz for Service Management) with SP800-131 transition mode (CVE-2018-1996)
Summary There is a potential for weaker than expected security in WebSphere Application Server with SP800-131 transition mode and SSLTLSv2. Vulnerability Details CVEID: CVE-2018-1996 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security, caused by the improper...
Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs...