35608 matches found
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...
Security Bulletin: IBM Sterling B2B Integrator Dashboard UI is vulnerable to XSS (CVE-2021-39035)
Summary IBM Sterling B2B Integrator dashboard UI is vulnerable to cross-site scription XSS. The issue has been addressed. Vulnerability Details CVEID:CVE-2021-39035 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Slowloris HTTP DOS attack (CVE-2022-35639)
Summary IBM Sterling Partner Engagement Manager is vulnerable to Slowloris attack is a type of denial-of-service DoS attack which targets threaded web servers. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-35639 DESCRIPTION: IBM Sterling Partner Engagement Manager do not limi...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.291 Vulnerability Details CVEID:CVE-2021-20293 DESCRIPTION: RESTEasy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit thi...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open-Source Software (OSS) components
Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Workspace by upgrading or removing the vulnerable libraries. Please refer to the table in the Related...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in xstream-1.4.9.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of xstream-1.4.9.jar Vulnerability Details CVEID:CVE-2021-21344 DESCRIPTION: XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshallin...
Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475
Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...
Security Bulletin: Vulnerabilities in requests, setuptools , python-certifi & urllib3 can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore [CVE-2024-35195,CVE-2024-6345,CVE-2024-39689,CVE-2024-37891]
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in requests, setuptools , python-certifi & urllib3 which include bypass security restrictions , by using download functions to inject and execute arbitrary code on the system, weaker...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections
Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-3999]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3999 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by imprope...
Security Bulletin: A vulnerability in glibc affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in glibc affects IBM Storage Virtualize products and could cause impacts to integrity, confidentiality and availability. CVE-2024-2961. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the syste...
Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data
Summary There are multiple CVEs fixed for this Security Bulletin. For the FasterXML jackson-databind CVEs, jackson-databind could allow a remote attacker to execute arbitrary code on the system. For CVE-2017-7525, Apache Struts could also allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2024-5569, CVE-2024-39689)
Summary IBM Security Guardium Insights has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.19 LTS, 12.0.1 LTS and 12.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...
Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF001
Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF001 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitra...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )
Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...
Security Bulletin: Multiple vulnerabilities in Node.js axios affect IBM Cloud Pak System[CVE-2021-3749, CVE-2020-28168]
Summary Multiple vulnerabilities in Node.js axios affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vunerabilities. Vulnerability Details CVEID:CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 275. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...
Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel
Summary TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235. Vulnerability Details CVEID:CVE-2022-42896 DESCRIPTION: Linux Kernel coul...
Security Bulletin: Multiple Linux Kernel vulnerabilities affect IBM Storage Scale System.
Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a local authenticated attacker to gain elevated privileges on the system. Fixes for these vulnerabilities are available. CVE-2023-51043, CVE-2024-1086, CVE-2024-0646, CVE-2023-6932,...
Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-22201...
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2024 Vulnerability Advisory, plus CVE-2024-3933. For more information please refer to OpenJDK's April 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...
Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 272 Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...
Security Bulletin: IBM i is vulnerable to a local privilege escalation due to an unqualified library call in networking and compiler infrastructure [CVE-2024-25050]
Summary IBM i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification in networking and compiler infrastructure as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2024-20952 and CVE-2023-33850)
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. CVE-2023-33850 covers the GSKIT-Crypto ICC package used by IBM Runtime Environment, Java Technology Edition. This is separate to the GSKit-SSL package which is...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-3341]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-3341 Vulnerability Details CVEID:CVE-2023-3341 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a stack exhaustion flaw in contro...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-51775)
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a remote unauthenticated attack due to IBM MQ (CVE-2024-25016)
Summary Features requiring MQ connectivity in IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a remote unauthenticated attack due to IBM MQ. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTIO...
Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Tomcat, Apache Commons FileUpload, and Apache Axis. A remote attacker could exploit these vulnerabilities to cause a denial of service condition, to obtain a session cookie, sensitive and Http11Processor instanc...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details CVEID:CVE-2024-21891 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by improper path traversal sequence sanitization. By using ...
Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)
Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions CVE-2023-46218. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details CVEID:CVE-2023-46218 DESCRIPTION:...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-31122]
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-31122 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...
Security Bulletin: Datapower Operations Dashboard Multiple Vulnerabilities in Apache Tomcat
Summary IBM has addressed the CVEs Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer header, an attacker could exploit this vulnerability...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) may be vulnerable to HTTP request smuggling (CVE-2023-46589)
Summary Due to the use of Apache Tomcat, IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially crafted HTTPS trailer header, an attacker could exploit this vulnerability to poison the we...
Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager
Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE is vulnerable...
Security Bulletin: Vulnerability in IBM SDK affect IBM Cloud Pak System [CVE-2022-40609]
Summary Vulnerability in IBM SDK affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerability. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caus...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)
Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used Vulnerability Details CVEID:CVE-2023-47746 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user with CONNECT privileges to cause a denial of...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)
Summary IBM® Db2® is vulnerable to a denial of service when using a specially crafted query. Vulnerability Details CVEID:CVE-2023-47747 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user with CONNECT privileges to cause a denial of servi...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been...
Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation
Summary java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. CVE-2023-22081, CVE-2023-22067, CVE-2023-5676. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attack...
Security Bulletin: Vulnerability in Eclipse Parsson affects IBM Process Mining CVE-2023-4043
Summary There is a vulnerability in Eclipse Parsson that could allow an remote attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: Vulnerability in httpd (CVE-2023-25690) affects Power HMC
Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of...
Security Bulletin: Multiple vulnerabilities in JQuery Java Script Library Affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Summary Vulnerablities in jquery affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. These are addressed. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplie...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in snappy-java
Summary Multiple vulnerabilities in snappy-java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sendi...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins mentioned below. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)
Summary Vulnerability with GNU glibc - CVE-2023-4911 and libcURL CVE-2023-38545 & CVE-2023-38546 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-4911 DESCRIPTION: glibc could allow a local authenticated attacker to gain elevated privileges...
Security Bulletin: Multiple vulnerabilities in samba affects IBM Storage Scale SMB protocol access method
Summary Multiple samba vulnerabilities affects IBM Storage Scale SMB protocol access method that could allow denial of the service on the system. The fix for this is available. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a type...
Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager
Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request,...
Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.
Summary IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-32007 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to execute arbitrary commands on the...
Security Bulletin: Vulnerability in Golang Go affects IBM Cloud Pak System [CVE-2023-24538]
Summary Golang Go code execution vulnerability affects Cloud Pak System. Cloud Pak System has addressed this vulnerability CVE-2023-24538. In addition it includes CVE-2023-24537. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary...