35608 matches found
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Sterling Connect:Direct Browser (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Sterling Connect:Direct Browser. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure...
Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925
Summary Multiple vulnerabilities in the Linux Kernel such as denial of service, elevation of privileges, execution of arbitrary code on the system, and the ability to obtain sensitive information affect IBM Spectrum Protect Plus. UPDATED: 11 September 2019 to add CVE-2019-15925 Vulnerability...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...
Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)
Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-24795 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by a flaw in multip...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2023-44487]
Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described ...
Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Spectre variants 4 and 3a (CVE-2018-3639 CVE-2018-3640)
Summary IBM has released the following Unified Extensible Firmware Interface UEFI fixes for System x, Flex and BladeCenter systems in response to the vulnerabilities referred to as Spectre variants 4 and 3a. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU''s could allow...
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)
Summary IBM has addressed both CVEs. Vulnerability Details CVEID: CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2023
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF024 and 23.0.1-IF002. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service,...
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server,...
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)
Summary IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. Vulnerability Details CVEID:CVE-2022-22483 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.9
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.9 and IBM WebSphere Application Server Hypervisor 8.0.0.9 Vulnerability Details CVE ID:CVE-2013-6323 PI04777 and PI04880 DESCRIPTION: The Administration Console of IBM WebSphere Application...
Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1788)
Summary Denial of service in GSKit may affect IBM HTTP Server, if using SSL with IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processi...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server
Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server -- CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. This has been addressed Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP...
Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Control (CVE-2022-1292)
Summary A vulnerability in OpenSSL could allow an attacker to execute arbitrary commands on the system. This vulnerability may affect IBM Spectrum Control due to its use of OpenSSL in the Storage Resource Agent component and XIV storage probe. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTIO...
Security Bulletin: IBM DataPower Gateway affected by vulnerability in JRE
Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors...
Security Bulletin: Log4j vulnerability affects IBM Cloud Pak for Data System 2.0
Summary Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerability, CVE-2021-44228. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitra...
Security Bulletin: Vulnerability in IBM HTTP Server used by WebSphere Application Server
Summary There is a vulnerability in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function...
Security Bulletin: Vulnerability in SSL affects IBM DataPower Gateways (CVE-2016-8610)
Summary An SSL vulnerability was disclosed by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL...
Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1
Summary This interim fix provides instructions on upgrading third parity libraries in IBM Spectrum Symphony 7.3.1 in order to address security vulnerabilities CVE-2015-6420, CVE-2019-1311, CVE-2015-4852, CVE-2017-15708, CVE-2015-7501, CVE-2017-18214, CVE-2016-1000027, CVE-2019-8331, CVE-2016-7103...
Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling Connect:Direct for UNIX (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...
Security Bulletin: IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management web user interface vulnerable to authentication bypass and clickjacking (CVE-2020-4494, CVE-2020-4406)
Summary The web user interface provided by the IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management is vulnerable to authentication bypass and a clickjacking attack. Vulnerability Details CVEID: CVE-2020-4494 DESCRIPTION: The IBM Spectrum Protect Backup-Archive Client web use...
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
Summary Multiple vulnerabilities in bundled software packages affect IBM StoredIQ. IBM StoredIQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2009-0217 DESCRIPTION: The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products...
Security Bulletin: Vulnerability in RC4 stream cipher affects TS4500 (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects TS4500. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...
Security Bulletin: Vulnerability in SSLv3 affects IBM eDiscovery Analyzer (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM eDiscovery Analyzer Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
Summary IBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following vulnerabilities in NTP. Vulnerability Details Summary IBM Flex...
Security Bulletin: There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-36033)
Summary There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...
Security Bulletin: IBM Aspera Faspex 5.0.3 and earlier versions were vulnerable to denial of service due to a zlib vulnerability (CVE-2018-25032)
Summary The following vulnerability has been addressed in IBM Aspera Faspex V5.0.4. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could...
Security Bulletin: Four (4) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems ( CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, and CVE-2014-3568)
Summary OpenSSL is a toolkit that implements the Secure Sockets Layer SSL, Transport Layer Security TLS, and Datagram Transport Layer Security DTLS protocols which is used by IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems. OpenSSL had a vulnerability which allowed forceful downgrad...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2022-43929, CVE-2022-43927, CVE-2014-3577, CVE-2022-43930 Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2022
Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF016 and 22.0.1-IF006. Vulnerability Details CVEID:CVE-2017-10355 DESCRIPTION: An unspecified vulnerability in Oracle Java S...
Security Bulletin: CVE-2020-8203
Summary Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20. Vulnerability Details CVEID: CVE-2020-8203 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability usi...
Security Bulletin: IBM Copy Services Manager is vulnerable to remote attack vulnerabilities due to IBM WebSphere Application Server Liberty multiple vulnerabilities.
Summary IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Websphere Application Server Liberty. IBM Websphere Application Server Liberty is used by IBM Copy Services Manager to serve application content. The following vulnerabilities have been...
Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation
Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2017-0247 DESCRIPTION: Microsoft ASP.NET Core is vulnerable to a denial of service, caused by improper validation of web requests in the TextEncoder.EncodeCore function. ...
Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Conductor is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary Apache Log4j is used by IBM Spectrum Conductor for generating logs in some of its components such as ELK, ascd, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution CVE-2021-44832 and CVE-2021-45046 and denial of service...
Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)
Summary Apache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial ...
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple perl vulnerabilities (CVE-2016-1238, CVE-2016-2381, CVE-2015-8853)
Summary Multiple vulnerabilities have been identified in perl that is embedded in the IBM FSM. This fix addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2016-1238 DESCRIPTION: Perl could allow a local attacker to gain elevated privileges on the system, caused by an error when...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary IBM Cognos Analytics is affected by vulnerabilities in IBM WebSphere Application Server Liberty and Open-Source Software OSS. Issues related to these components have been addressed by upgrading or removing the vulnerable libraries. Additionally, a cross-site scripting XSS vulnerability ha...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in t...
Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH and Linux. Vulnerabilities include, causing a denial-of-service condition, the elevation of privileges, remote execution of arbitrary code, HTTP header injection, HTML injection,...
Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2024-27260. Vulnerability Details CVEID:CVE-2024-27260 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...
Security Bulletin: AIX is vulnerable to denial of service vulnerabilities
Summary UPDATED: Additional iFixes are now available for AIX 7.2 TL5 SP5, 7.3 TL0 SP2, 7.3 TL0 SP3, 7.3 TL1 SP1, and VIOS 3.1.3.21, 3.1.3.30, and 3.1.4.10. Both the original and new iFixes address the kernel security vulnerabilities mentioned in the bulletin, but the new iFixes also address the...
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]
Summary Vulnerability in Apache Commons Collections library shipped with IBM Sterling Global Mailbox has been addressed. CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID:CVE-2015-6420 DESCRIPTION: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint...
Security Bulletin: Python Packaging Authority (PyPA) Wheel is vulnerable to CVE-2022-40898 used in IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Python Packaging Authority PyPA Wheel which is vulnerable to CVE-2022-40898. Vulnerability Details CVEID:CVE-2022-40898 DESCRIPTION: Python Packaging Authority PyPA Wheel is vulnerable to a denial of service. A remote attacker could exploit this...
Security Bulletin: Multiple Vulnerabilities in Json4j Affects Watson Machine Learning Accelerator
Summary Watson Machine Learning Accelerator is affected by multiple json4j CVEs CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541, CVE-2022-45690, CVE-2022-46175, CVE-2022-4742. We fixed by removing json4j. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Aspera Orchestrator affected by vulnerability ( CVE-2022-31813)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded- headers to the origin...
Security Bulletin: IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]
Summary Synthetic Playback Agent version 8.1.4 IF17 has addressed the following vulnerability: CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation...
Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)
Summary A buffer overflow issue was identified with OpenSSL, which IBM MQ 9.3.0 LTS on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which i...
Security Bulletin: IBM Security Network Intrusion Prevention System is affected by multiple vulnerabilities
Summary Multiple security vulnerabilities CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, CVE-2017-3736, CVE-2017-3732, CVE-2016-0705, and CVE-2018-1447 have been discovered in GSKit used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION:...
Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the...