35608 matches found
Security Bulletin: Vulnerability in Linux Kernel affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-5696)
Summary Vulnerability CVE-2016-5696 in the Linux kernel affects SAN Volume Controller, Storwize family and FlashSystem V9000 products' IP interface. Vulnerability Details CVEID: CVE-2016-5696 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors and IBM Network Advisor (CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704, CVE-2016-0704, CVE-2016-2842).
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors and IBM Network Advisor. IBM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705DESCRIPTION: OpenSSL is vulnerable to a denial...
Security Bulletin: IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses
Summary Docker CLI CVE-2021-41092 is vulnerable to attacks to obtain sensitive information. Docker CLI is used by IBM Spectrum Discover as part to the infrastructure to manage the images and containers in the system. Apache Log4j CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 is...
Security Bulletin: Vulnerability in Golang Go affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29526)
Summary Golang Go is vulnerable to allowing a remote attacker to obtain sensitive information which may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift. Vulnerability Details CVEID:CVE-2022-29526 DESCRIPTION: Golang Go could allow a remote attack...
Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2021-35550, CVE-2021-35603)
Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual...
Security Bulletin: IBM Spectrum Conductor is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Spectrum Conductor is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Bo...
Security Bulletin: IBM DataPower Gateway: Update Redis to remediate two CVEs
Summary IBM has addressed the CVEs Vulnerability Details CVEID: CVE-2021-32626 DESCRIPTION: Redis is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By executing specially-crafted Lua scripts, a remote authenticated attacker could overflow a buffer and execute...
Security Bulletin: IBM OpenPages with Watson is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-17571)
Summary There is a vulnerability in the Apache Log4j open source library CVE-2019-17571 used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. The remediation fix includes Apache Log4j v2.17. Vulnerability Details CVEID:CVE-2019-17571 DESCRIPTION: Apache Log4j could...
Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) bundled with Predictive Maintenance and Quality and Predictive Maintenance Insights
Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Vulnerabilities have been identified in Apache Log4j which affect WebSphere Application Server CVE-2021-44228. The recommended solution is to manually...
Security Bulletin: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832) in IBM WebSphere Application Server impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology
Summary There are multiple vulnerabilities from Apache Log4j CVE-2021-45105, CVE-2021-44832 that affect IBM WebSphere Application Server that affect IBM Engineering Products based on IBM Jazz technology. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Security SiteProtector System is NOT Affected by CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 & CVE-2021-4104 Exploit
Summary IBM Security SiteProtector System is NOT Affected by CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 & CVE-2021-4104 Exploit IBM SiteProtector System uses log4j-1.2.8 binary. Hence SiteProtector System is not affected by vulnerabilities impacting log4j-2.x versions. Exploiting log4j 1.x...
Security Bulletin: IBM Telco Network Cloud Manager - Performance: Apache log4j Vulnerability (CVE-2021-44228)
Summary The IBM Telco Network Cloud Manager - Performance is affected by a security vulnerability. Apache Log4j is used by IBM Telco Network Cloud Manager - Performance as part of its UI service. This bulletin provides remediation for the vulnerability, CVE-2021-44228 by upgrading UI service of I...
Security Bulletin: Vulnerabilities in OpenSSL including ClientHello DoS affect Multiple N series Products
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. This includes OpenSSL ClientHello sigalgs DoS CVE-2015-0291. OpenSSL is used by Multiple N series Products. Multiple N series Products have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error in ngxresolvercopy while processing DNS responses. By sending a...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.9.0 ESR +Â CVE-2020-26974) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF13 + CP4MCM2.2
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-26974, CVE-2020-35111, CVE-2020-26973, CVE-2020-26978, CVE-2020-26971, CVE-2020-35112, CVE-2020-35113 Vulnerability Details CVEID: CVE-2020-26974 DESCRIPTION: Mozilla Firefox could allow a remote attacker to...
Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)
Summary This bulletin relates to several security vulnerabilities that have been reported against Apache Struts 2 through October 2013. IBM Platform Symphony includes a version of Struts 2 that is vulnerable to these issues. Vulnerability Details Several security vulnerabilities have been reporte...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may terminate under certain conditions (CVE-2025-36009)
Summary IBM® Db2® is vulnerable to a denial of service due to excessive use of a global variable. Vulnerability Details CVEID:CVE-2025-36009 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive...
Security Bulletin: Mutiple vulnerabilties affecting Watson Machine Learning Accelerator on Cloud Pak for Data
Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data versions 2.2.0 - 4.3.0 is vulnerable to several security vulnerabilities in Node.js and other open source software packages. These vulnerabilities are addressed below. Vulnerability Details CVEID:CVE-2017-16137 DESCRIPTION:...
Security Bulletin: IBM Security Guardium is affected by several vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-24903 DESCRIPTION: rsyslog is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the TCP syslog server receiver components. By sending a specially-crafted...
Security Bulletin: Vulnerability in SnakeYaml affects IBM Process Mining . CVE-2022-1471
Summary There is a vulnerability in SnakeYaml that could allow a remote authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to spoofing when using Web Server Plug-ins CVE-2022-39161 Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Four (4) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems ( CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, and CVE-2014-3568)
Summary OpenSSL is a toolkit that implements the Secure Sockets Layer SSL, Transport Layer Security TLS, and Datagram Transport Layer Security DTLS protocols which is used by IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems. OpenSSL had a vulnerability which allowed forceful downgrad...
Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site...
Security Bulletin: IBM Intelligent Operations Center 1.5 WebSphere Application Server - Oracle Java CPU April 2013
Abstract The Java vulnerabilities identified in the April 2013 Oracle Java security alert need to be fixed in IBM Intelligent Operations Center 1.5. The procedures in this security bulletin identify appropriate IBM patches for these Java vulnerabilities and directs how to apply them. No reference...
Security Bulletin: IBM QRadar Network Security is affected by Vulnerability in Cyrus SASL.(CVE-2022-24407)
Summary IBM QRadar Network Security has addressed a vulnerability in Cyrus SASL. The issue could allow remote authenticated attacker could send a specially-crafted SQL statements to view, add, modify or delete information in the back-end database. Vulnerability Details CVEID: CVE-2022-24407...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - OpenSSL (CVE-2021-3712)
Summary Security Vulnerabilities affect IBM Cloud Private - OpenSSL Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an...
Security Bulletin: September 2021 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE .These vulnerabilities have been fixed in GDE 4.0.0.3. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2019-4697 DESCRIPTION: IBM Guardium Data Encryption GDE stores user...
Security Bulletin: Vulnerability in Network Security Services (NSS) affects IBM MQ Appliance (CVE-2016-1950)
Summary A vulnerability in Network Security Services NSS was addressed by IBM MQ Appliance. Vulnerability Details CVEID: CVE-2016-1950 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox and Firefox ESR, is vulnerable to a heap-based buffer overflow, caused by improper...
Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update
Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile WLP to version 26.0.0.4 for security update in WLP. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...
Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1
Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...
Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2023-26119 DESCRIPTION: HtmlUnit coul...
Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ Version 11, Apache ActiveMQ and Microsoft .Net MVC Framework for ASP.Net
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11, Apache ActiveMQ and Microsoft .Net MVC Framework for ASP.Net used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF1 has addressed the applicable CVEs by upgrading to non-vulnerable versions of these libraries...
Security Bulletin: IBM Flex System switch firmware products are affected by TCP denial of service vulnerabilities
Summary IBM Flex System switch firmware products have addressed the following TCP denial of service vulnerabilities. Vulnerability Details CVEID: CVE-2019-11478 DESCRIPTION: Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be...
Security Bulletin: IBM Aspera Faspex 5.0.6 has addressed multiple vulnerabilities (CVE-2023-22870, CVE-2023-35906, CVE-2022-22405, CVE-2023-24965, CVE-2023-30995, CVE-2022-22409, CVE-2022-22401, CVE-2022-22402)
Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.6 Vulnerability Details CVEID:CVE-2023-22870 DESCRIPTION: IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in t...
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities Vulnerability Details CVEID:CVE-2023-28319 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a use-after-free...
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2023
Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF019 and 22.0.2-IF003. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...
Security Bulletin: IBM b-type SAN Network/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227).
Summary IBM b-type SAN Network/Storage switches has addressed the following vulnerability. Fabric OS is vulnerable to a denial of service, caused by a CPU consumption in the IPv6 stack. By sending-crafted Router Advertisement RA messages, a remote attacker could exploit this vulnerability to caus...
Security Bulletin: IBM CICS TX Advanced is vulnerable to an attacker decrypting highly sensitive information . (CVE-2022-34310) .
Summary IBM CICS TX Advanced could allow an attacker to decrypt highly sensitive information . The fix removes this vulnerability CVE-2022-34310 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34310 DESCRIPTION: IBM CICS TX uses weaker than expected cryptographic algorithms that...
Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)
Summary There are multiple vulnerabilities in JQuery that could allow an attacker to launch cross-site scripting. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuer...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to CVE-2022-29404, CVE-2022-30522, CVE-2022-30556 and CVE-2022-31813
Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to denial of service due to CVE-2022-29404 and CVE-2022-30522, loss ...
Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2020-15187 DESCRIPTION: Helm could allow a remote...
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2019-12086 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to obtain...
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2022 Vulnerability Advisory. For more information please refer to OpenJDK's April 2022 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:...
Security Bulletin: IBM WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to remote code execution due to Dojo (CVE-2021-23450)
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the...
Security Bulletin: IBM Informix Dynamic Server is vulnerable to denial of service (CVE-2021-45105) and remote code execution (CVE-2021-45046) due to Apache Log4j
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. IBM Informix Dynamic Server is vulnerable to denial of service CVE-2021-45105 and remote code execution CVE-2021-45046 due to Apache Log4j. The fix is included in Apac...
Security Bulletin: IBM Security Network Intrusion Prevention System is affected by a vulnerability in Apache (CVE-2007-6750)
Summary A security vulnerability have been discovered in Apache used with IBM Security Intrusion Prevention System. Vulnerability Details CVEID:CVE-2007-6750 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By sending specially crafted partial HTTP requests, a remote attacker...
Security Bulletin: IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)
Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which affect the Knowledge Center Component KCCI which may optionally be installed by IBM Engineering Requirements Management DOORS. This fix upgrades the Knowlege Center component to a...
Security Bulletin: A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-45046)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed. Vulnerability Details...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System
Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2019-6109 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by missing character encoding in th...