35715 matches found
Security Bulletin: IBM WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to remote code execution due to Dojo (CVE-2021-23450)
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the...
Security Bulletin: IBM Informix Dynamic Server is vulnerable to denial of service (CVE-2021-45105) and remote code execution (CVE-2021-45046) due to Apache Log4j
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. IBM Informix Dynamic Server is vulnerable to denial of service CVE-2021-45105 and remote code execution CVE-2021-45046 due to Apache Log4j. The fix is included in Apac...
Security Bulletin: IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)
Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which affect the Knowledge Center Component KCCI which may optionally be installed by IBM Engineering Requirements Management DOORS. This fix upgrades the Knowlege Center component to a...
Security Bulletin: A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-45046)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed. Vulnerability Details...
Security Bulletin: GSKit Sweet32 Birthday attacks on 64-bit block ciphers in TLS affects the Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-2183)
Summary GSKit is vulnerable to Sweet32 Birthday attacks on 64-bit block ciphers in TLS which affects the Tivoli Storage Manager IBM Spectrum Protect Server. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: An error in the DES/3DES cipher, used as a part of the SSL/TLS protocol, could allow...
Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities
Summary There are multiple vulnerabilities in IBM® WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.1 Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when using DNS forwarders. An attacker could exploit this...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...
Security Bulletin: IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls (CVE-2023-32333)
Summary IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls CVE-2023-32333. This only impacts environments using native Maximo security when security options have been incorrectly applied to the MAXREG user. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2023 CPU plus deferred CVE-2022-21426
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...
Security Bulletin: AIX is vulnerable to a buffer overflow due to X11 (CVE-2022-47990)
Summary A vulnerability in X11 on AIX could allow a non-privileged local user to cause a buffer overflow that could result in a denial of service or arbitrary code execution CVE-2022-47990. Vulnerability Details CVEID:CVE-2022-47990 DESCRIPTION: IBM AIX could allow a non-privileged local user to...
Security Bulletin: IBM MQ is affected by a vulnerability in libcurl (CVE-2022-32206)
Summary An issue was identified in libcurl that affects IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2022-32206 DESCRIPTION: cURL libcurl is vulnerable to ...
Security Bulletin: Multiple vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315)
Summary Multiple vulnerabilities have been identified in DB2 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty
Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages Golang Go, libxml2, curl, expat ,libgcrypt and IBM WebSphere Application Server Liberty that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details...
Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2015-5621)
Summary The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol SNMP.One security vulnerability has been discovered in net-snmp used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Archive Enterprise Edition (CVE-2021-44228)
Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Archive Enterprise Edition EE. The below fix package includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44832) affects the IBM Performance Management product
Summary The APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44832 and fixed in Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a...
Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2021-29682 DESCRIPTION: IBM Security Identity Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message ...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2018-1288 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually created fetch request interfering with data replication, an attacker cou...
Security Bulletin: IBM MaaS360 Cloud Extender has security vulnerabilities (CVE-2020-1155, CVE-2020-1156)
Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Vulnerability Details CVEID: CVE-2020-11656 DESCRIPTION: SQLite could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the ALTER TABLE implementation. By sending a special...
Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358)
Summary jQuery used by IBM Tririga Application Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the...
Security Bulletin: IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in OpenSSL
Summary The IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2014-3511 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the negotiation of TLS 1.0 instead of higher...
Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251)
Summary IBM Cloud Private is vulnerable to a security vulnerability Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-24806 DESCRIPTION: libuv is vulnerable to server-side request forgery, caused...
Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)
Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2024-25062. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. Whe...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
Security Bulletin: AIX is vulnerable to a denial of service due to NTP (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554)
Summary Multiple vulnerabilities in NTP could allow a remote attacker to cause a denial of service CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554. Vulnerability Details CVEID:CVE-2023-26551 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bounds write in...
Security Bulletin: There is a vulnerability in moment.js used by IBM Jazz Reporting Service (CVE-2022-24785)
Summary There is a vulnerability in moment.js used by IBM Jazz Reporting Service JRS. This vulnerabiliity is addressed in JRS by upgrading to a version of moment.js that resolves the issue. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse...
Security Bulletin: Vulnerabilities in Springfox swagger affect IBM Rational ClearQuest
Summary Springfox swagger used by IBM Rational ClearQuest v10.0 had multiple vulnerabilities. IBM Rational ClearQuest has addressed the applicable CVEs by replacing Springfox swagger with spring doc. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker ...
Security Bulletin: IBM QRadar WinCollect Agent is vulnerable to a local escalation of privilege attack in some configurations (CVE-2023-38736)
Summary IBM QRadar WinCollect Agent when installed to run as Admin or System, or with Admin or System privileges, is vulnerable to a local escalation of privilege attack that a non-privileged user could utilize to gain System permissions. IBM has addressed the relevant vulnerability. Vulnerabilit...
Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are...
Security Bulletin: IBM Aspera Orchestrator was vulnerable to cross-site scripting due to multiple JQuery vulnerabilities (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)
Summary The following vulnerabilities has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position function. A remote...
Security Bulletin: A vulnerability in PostgreSQL JDBC Driver (PgJDBC) affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-21724)
Summary A vulnerability in PostgreSQL JDBC Driver PgJDBC affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2022-21724. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could...
Security Bulletin: AIX is vulnerable to a denial of service due to the AIX SMB client (CVE-2022-43381)
Summary A vulnerability in the AIX SMB client daemon could allow a non-privileged local user to cause a denial of service CVE-2022-43381. AIX uses the SMB client daemon to access files on SMB servers. Vulnerability Details CVEID:CVE-2022-43381 DESCRIPTION: IBM AIX could allow a non-privileged loc...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Google Gson (CVE-2022-25647)
Summary IBM Sterling B2B Integrator has addressed a denial of service vulnerability in Google Gson. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote...
Security Bulletin: Multiple vulnerabilities in IBM Cognos BI 8.4.1,10.1, 10.1.1 and 10.2 (CVE-2011-3026, CVE-2011-4858, CVE-2012-0498, CVE-2012-2177, CVE-2012-2193, CVE-2012-4835, CVE-2012-4836, CVE-2012-4837, CVE-2012-4840, CVE-2012-4858, CVE-2012-5081)
Summary Several security vulnerabilities have been identified in IBM Cognos BI which may allowing remote attackers to: - Cause a denial of service condition via excessive CPU consumption, - Inject arbitrary JavaScript code into the victim's web browser, - Download arbitrary XML files from the...
Security Bulletin: Vulnerability in SSLv3 affects IBM/Cisco switches and directors (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM/Cisco switches and directors. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obtain...
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities.
Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2018-11782 DESCRIPTION: Apache Subversion svnserve servers is vulnerable to a denial of service, caused by an error in the svnserve 'get-deleted-rev' process. By sending a...
Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects Power HMC
Summary OpenSSL is used by IBM Power Hardware Management Console HMC for cryptography toolkit implementing the Secure Sockets Layer SSL and Transport Layer Security TLS network protocols and related cryptography standards required by them. This bulletin provides a remediation for the impacted...
Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
Summary Cloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-44790, CVE-2021-44224)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.2 To 4.2.0.14. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)
Summary There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Security Network Intrusion Prevention System (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-44228)
Summary A Remote Code Execution issue was identified within the Log4j library that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ 9.1.4 and later to provide connection capability between IBM MQ queue managers...
Security Bulletin: IBM MQ is vulnerable to multiple issues within the IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 8 shipped with IBM MQ (CVE-2021-2432, CVE-2021-2388)
Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and versions 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID: CVE-2021-2432 DESCRIPTION: An unspecified vulnerability in Java SE...
Startup issues for both IBM Sterling B2B Integrator and IBM Sterling File Gateway caused by Microsoft® Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066
Abstract Applying Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066 could prevent startup of both IBM Sterling B2B Integrator and IBM Sterling File Gateway. Content IBM Support has received several production down calls from IBM Sterling B2B Integrator and IBM Sterling File Gatewa...
Security Bulletin: Vulnerabilities in GNU C library (glibc), OpenSSL and BIND affect IBM Netezza Host Management
Summary Vulnerabilites in GNU C library glibc, OpenSSL and BIND affects IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by...