35608 matches found
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes.
Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a remote attacker to obtain sensitive information, caused by storin...
Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104
Summary Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-4104. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...
Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2021-3712)
Summary There is a vulnerability in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker cou...
Security Bulletin: IBM Watson Machine Learning Accelerator is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-4104, CVE-2021-44228, CVE-2021-45046)
Summary Apache Log4j CVE-2021-45105, CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 is used by IBM Watson Machine Learning Accelerator as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2020-1968, CVE-2020-1971)
Summary There are vulnerabilities in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerabilit...
Security Bulletin:Vulnerability in Diffie-Hellman ciphers affects Rational Synergy (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Synergy Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey ...
Security Bulletin: Vulnerability in SSLv3 affects IBM UrbanCode Deploy (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM UrbanCode Deploy. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follo...
Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7679 CVE-2017-3169 CVE-2017-3167)
Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmim...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.
Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2021-29469, CVE-2022-39160, CVE-2022-38708, CVE-2022-42003, CVE-2022-42004, CVE-2022-43883, CVE-2022-43887, CVE-2022-25647, CVE-2022-36364)
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP6 where applicable. The following 3rd party components are used by IBM Cognos Analytics: Apache Calcite is a Java-based...
Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...
Security Bulletin: A vulnerability in OpenSSL affects IBM InfoSphere Information Server (CVE-2022-0778)
Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted...
Security Bulletin: IBM Content Navigator is vulnerable to missing authorization.
Summary IBM Content Navigator is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. Vulnerability Details CVEID:CVE-2022-43581 DESCRIPTION: IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9,...
Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)
Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...
Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go
Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages: openssl, pcre2 and Golang Go, that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-1962 DESCRIPTION: Golang Go is vulnerable to a denial of...
Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 )
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-27780 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...
Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)
Summary Security vulnerabilities have been discovered in the NTP component of IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2013-5211 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntprequest.c. By sending a...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Security Access Manager for Enterprise Single Sign-On. Also the same vulnerability affects WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. This vulnerability h...
Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities
Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities in the OpenSSH libraries used on the appliance. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for...
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Summary Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: A...
Security Bulletin: Vulnerability in sed ( CVE-2023-38280) affects Power HMC
Summary The command sed is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38280 DESCRIPTION: IBM HMC Hardware Management Console could allow a local user to escalate their privileges to root access on a restricted shell...
Security Bulletin: AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)
Summary UPDATED May 4: Corrected the affected upper fileset levels for AIX 7.2 TL5 to show that SP06 is affected. Corrected the affected upper fileset levels for AIX 7.3 TL1 to show that SP02 is affected. Corrected the affected upper fileset levels for VIOS to show that VIOS 3.1.4.21 is affected...
Security Bulletin: Multiple security vulnerabilities are reported for snakeyaml and jackson-databind in IBM Business Automation Workflow
Summary IBM Business Automation Workflow repackages the snakeyaml and jackson-databind open source libraries in /BPM/Lombardi/lib. Current vulnerabilities in these libraries have been assessed as not applicable in the context how the product uses these libraries. An update is made available to...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Apache Log4j CVE-2021-45046
Summary Automation Assets in IBM Cloud Pak for integration is vulnerable to CVE-2021-45046 with details below. Vulnerability Details CVEID:CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. CVEs: CVE-2022-22365, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. It also includes Java 8...
Security Bulletin: Multiple Vulnerabilities in node.js
Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)
Summary An Apache Log4j CVE-2021-44832 vulnerability impacts IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.1. Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission t...
Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager ITNCM version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...
Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)
Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the WebSphere Application Server WAS component. There is a separate security bulletin linked below that describes vulnerabilities CVE-2021-4104, CVE-2021-45046 in the Apache Log4j library as...
Security Bulletin: Vulnerabilities in Apache log4j2 (CVE-2021-4104, CVE-2021-44228, CVE-2021-45046) affect IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA
Summary There are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA. IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a...
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-13934 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after...
Security Bulletin: IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol
Summary The IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol. Vulnerability Details CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weake...
Security Bulletin: IBM Worklight is affected by a vulnerability in OpenSSL (CVE-2014-0160)
Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL might allow a remote attacker to obtain sensitive information, which is caused by an error in the TLS/DTLS heartbeat functionality. An attacker might exploit this...
Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...
Security Bulletin: Vulnerability in httpd (CVE-2024-27316) affects Power HMC
Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that...
Security Bulletin: Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to code execution [CVE-2022-42889]
Summary Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote attacker to execute arbitrary code on the system...
Security Bulletin: Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent
Summary APM Synthetic Playback Agent is vulnerable to Google Guava CVE-2020-8908 and CVE-2018-10237. The fix includes Google Guava upgraded to guava-30.0-jre. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions,...
Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833)
Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details CVEID: CVE-2017-17833 Description: OpenSLP, as used in...
Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis
Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of...
Security Bulletin: Vulnerabilities in the Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)
Summary There are vulnerabilities in Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system, cause the application to crash, or cau...
Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure (CVE-2021-38924)
Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2021-38924 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to obtain sensitive information whe...
Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]
Summary IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons CVE-2022-42889 and CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing
Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...
Security Bulletin: Vulnerabilities in the Linux Kernel affect IBM Spectrum Copy Data Management
Summary Linux Kernel vulnerabilities, such as obtaining sensitive information, bypassing security restrictions, denial of service, elevation of privileges, and execution of arbitrary code on the system, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2022-0850...
Security Bulletin: IBM Content Integrator is not affected by multiple vulnerabilities in Log4j
Summary There are multiple vulnerabilities in Log4j used by IBM Content Integrator. IBM Content Integrator is not affected by these vulnerabilities. However, the team has addressed vulnerabilities by removing references. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...
Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)
Summary IBM Rational Build Forge version 8.0 - 8.0.0.20 is affected by CVE-2021-44790 Vulnerability Details CVEID: CVE-2021-44790 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the modlua multipart parser called from Lua scripts. By sendi...
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling Connect:Direct File Agent (CVE-2021-45046, CVE-2021-45105)
Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a...