35715 matches found
Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Foundry Migration Runtime (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Cloud Foundry which is a component of IBM Cloud Foundry Migration Runtime. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Network Manager IP Edition (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Network Manager IP Edition to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker...
Security Bulletin: Vulnerabilities in Apache HttpClient and Eclipse Jetty Affect IBM Control Center (CVE-2020-13956, CVE-2020-27218)
Summary Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request. Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is...
Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. CVEs: CVE-2022-22365, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. It also includes Java 8...
Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)
Summary Security vulnerabilities have been discovered in the NTP component of IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2013-5211 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntprequest.c. By sending a...
Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2021-3712)
Summary There is a vulnerability in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker cou...
Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2020-1968, CVE-2020-1971)
Summary There are vulnerabilities in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerabilit...
Security Bulletin:Vulnerability in Diffie-Hellman ciphers affects Rational Synergy (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Synergy Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey ...
Security Bulletin: Vulnerability in SSLv3 affects IBM UrbanCode Deploy (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM UrbanCode Deploy. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follo...
Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7679 CVE-2017-3169 CVE-2017-3167)
Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmim...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: A...
Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis
Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.
Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Security Bulletin: Multiple security vulnerabilities are reported for snakeyaml and jackson-databind in IBM Business Automation Workflow
Summary IBM Business Automation Workflow repackages the snakeyaml and jackson-databind open source libraries in /BPM/Lombardi/lib. Current vulnerabilities in these libraries have been assessed as not applicable in the context how the product uses these libraries. An update is made available to...
Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...
Security Bulletin: A vulnerability in OpenSSL affects IBM InfoSphere Information Server (CVE-2022-0778)
Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted...
Security Bulletin: IBM Content Navigator is vulnerable to missing authorization.
Summary IBM Content Navigator is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. Vulnerability Details CVEID:CVE-2022-43581 DESCRIPTION: IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9,...
Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)
Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...
Security Bulletin: Vulnerabilities in the Linux Kernel affect IBM Spectrum Copy Data Management
Summary Linux Kernel vulnerabilities, such as obtaining sensitive information, bypassing security restrictions, denial of service, elevation of privileges, and execution of arbitrary code on the system, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2022-0850...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Security Access Manager for Enterprise Single Sign-On. Also the same vulnerability affects WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. This vulnerability h...
Security Bulletin: IBM Worklight is affected by a vulnerability in OpenSSL (CVE-2014-0160)
Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL might allow a remote attacker to obtain sensitive information, which is caused by an error in the TLS/DTLS heartbeat functionality. An attacker might exploit this...
Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities
Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities in the OpenSSH libraries used on the appliance. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may terminate under certain conditions (CVE-2025-36009)
Summary IBM® Db2® is vulnerable to a denial of service due to excessive use of a global variable. Vulnerability Details CVEID:CVE-2025-36009 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive...
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Summary Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2023-44487]
Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described ...
Security Bulletin: Vulnerability in sed ( CVE-2023-38280) affects Power HMC
Summary The command sed is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38280 DESCRIPTION: IBM HMC Hardware Management Console could allow a local user to escalate their privileges to root access on a restricted shell...
Security Bulletin: AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)
Summary UPDATED May 4: Corrected the affected upper fileset levels for AIX 7.2 TL5 to show that SP06 is affected. Corrected the affected upper fileset levels for AIX 7.3 TL1 to show that SP02 is affected. Corrected the affected upper fileset levels for VIOS to show that VIOS 3.1.4.21 is affected...
Security Bulletin: Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent
Summary APM Synthetic Playback Agent is vulnerable to Google Guava CVE-2020-8908 and CVE-2018-10237. The fix includes Google Guava upgraded to guava-30.0-jre. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions,...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Apache Log4j CVE-2021-45046
Summary Automation Assets in IBM Cloud Pak for integration is vulnerable to CVE-2021-45046 with details below. Vulnerability Details CVEID:CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default...
Security Bulletin: Vulnerabilities in the Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)
Summary There are vulnerabilities in Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system, cause the application to crash, or cau...
Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]
Summary IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons CVE-2022-42889 and CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: Multiple Vulnerabilities in node.js
Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)
Summary An Apache Log4j CVE-2021-44832 vulnerability impacts IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.1. Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission t...
Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager ITNCM version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...
Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)
Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the WebSphere Application Server WAS component. There is a separate security bulletin linked below that describes vulnerabilities CVE-2021-4104, CVE-2021-45046 in the Apache Log4j library as...
Security Bulletin: Vulnerabilities in Apache log4j2 (CVE-2021-4104, CVE-2021-44228, CVE-2021-45046) affect IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA
Summary There are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA. IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a...
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-13934 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after...
Security Bulletin: IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol
Summary The IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol. Vulnerability Details CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weake...
Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...
Security Bulletin: Vulnerability in httpd (CVE-2024-27316) affects Power HMC
Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that...
Security Bulletin: Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to code execution [CVE-2022-42889]
Summary Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote attacker to execute arbitrary code on the system...
Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833)
Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details CVEID: CVE-2017-17833 Description: OpenSLP, as used in...
Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure (CVE-2021-38924)
Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2021-38924 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to obtain sensitive information whe...
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing
Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server
Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server -- CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. This has been addressed Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP...