35608 matches found
Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)
Summary Vulnerabilities in AIX's OpenSSH could allow a non-privileged local user file access outside of those allowed CVE-2023-40371 or allow a remote attacker to execute arbitrary code CVE-2023-38408. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2023-40371 DESCRIPTION...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471]
Summary SnakeYaml is a YAML Ain't Markup Language parser used by Db2 Web Query in the underlying WebFOCUS base product. SnakeYaml could allow arbitrary code execution as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability as described in the...
Security Bulletin: Apache Tomcat vulnerabilities affect IBM SAN Volume Controller and Storwize Family (CVE-2014-0227 CVE-2014-0230)
Summary Apache Tomcat DoS and unauthorized access vulnerabilities Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected. CVEID: CVE-2014-0227 DESCRIPTION: Apache Tomcat i...
Security Bulletin: A vulnerability in PostgreSQL JDBC Driver (PgJDBC) affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-21724)
Summary A vulnerability in PostgreSQL JDBC Driver PgJDBC affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2022-21724. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial service (CVE-2020-36518)
Summary IBM Sterling B2B Integrator has addressed the denial service vulnerability Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote...
Security Bulletin: IBM MQ Appliance is affected by a Kernel vulnerability (CVE-2020-25705)
Summary IBM MQ Appliance has resolved a Kernel vulnerability. Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an...
Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)
Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...
Security Bulletin: IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j and issues in other open source components (CVE-2021-4104)
Summary IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used by IBM Security Identity Manager virtual appliance as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1, as well as...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP requst smuggling and a buffer overflow attack as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes...
Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to privilege escalation (CVE-2022-22441)
Summary A privilege escalation vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2022-22441 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to view information of higher privileged users and groups due to a privilege...
Security Bulletin: Vulnerabilities in Dojo and dom4j libraries affect Tivoli Netcool/OMNIbus WebGUI (CVE-2020-10683, CVE-2021-23450)
Summary Fix is available for vulnerabilities in Dojo and dom4j libraries affecting Tivoli Netcool/OMNIbus WebGUI CVE-2020-10683, CVE-2021-23450. Dojo is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. dom4j was required by Tivoli Netcool/OMNIbus WebGUI as part of Apache...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)
Summary There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a...
Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996)
Summary There are multiple vulnerabilities in AIX CAA. Vulnerability Details CVEID: CVE-2022-22350 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Security Network Intrusion Prevention System (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...
Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is affected by critical vulnerability in Log4j (CVE-2021-44228)
Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Data Virtualization on Cloud Pak for Data Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data has addressed Apache Log4j vulnerability (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages for IBM Cloud Pak for Data. This affects the IBM OpenPages logging framework. This vulnerability CVE-2021-44228 has been addressed. Customers are encouraged to take action and upgrade. Vulnerability...
Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server which is bundled in IBM WebSphere Hybrid Edition (CVE-2021-44228)
Summary Vulnerability in Apache Log4j affects WebSphere Application Server which is bundled in IBM WebSphere Hybrid Edition CVE-2021-44228 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Principal Products and Versions...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-40438, CVE-2021-34798)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.1.1.x and 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Log Analysis Security Bulletin List
Question Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis? Answer Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various components in Log Analysis, listed by...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.0.13 FP4. These vulnerabilities have also been addressed in previous versions of IBM Cognos Analytics 11.1.x . Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial...
Startup issues for both IBM Sterling B2B Integrator and IBM Sterling File Gateway caused by Microsoft® Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066
Abstract Applying Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066 could prevent startup of both IBM Sterling B2B Integrator and IBM Sterling File Gateway. Content IBM Support has received several production down calls from IBM Sterling B2B Integrator and IBM Sterling File Gatewa...
Security Bulletin: Multiple Security vulnerabilities in WebSphere Application Server Community Edition
Summary There are multiple security vulnerabilies in WebSphere Application Server Community Edition. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload...
Security Bulletin: IBM XIV is affected by a vulnerability in OpenSSL (CVE-2014-0160)
Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...
Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in Network Security Services (NSS) (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)
Summary Vulnerabilities have been identified in the Network Security Services NSS libraries. IBM Security Access Manager appliances use NSS and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2834 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla...
Security Bulletin: IBM DataPower Gateway vulnerable to XML Entity Expansion attack in Web UI (CVE-2022-31775)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-31775 DESCRIPTION: IBM DataPower Gateway is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...
Security Bulletin: Apache Tomcat is vulnerable to CVE-2024-24549 and CVE-2024-23672 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Apache Tomcat which is vulnerable to CVE-2024-24549 and CVE-2024-23672. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-22081, CVE-2023-5676)
Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset
Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227, CVE-2023-2453...
Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...
Security Bulletin: A CVE-2023-26049 vulnerability in Eclipse Jetty affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow
Summary A vulnerability exists in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could all...
Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in Java SE affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are CVE-2019-2989...
Security Bulletin: Multiple vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. OpenSSH is used in the Command Line Interface. The applicable CVEs are...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products
Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-33037...
Security Bulletin: Multiple Vulnerabilities (CVE-2022-45693, CVE-2022-4568) affects CICS Transaction Gateway for Multiplatforms.
Summary Multiple Vulnerabilities CVE-2022-45693, CVE-2022-4568 affects CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerabilities. Please note: PSIRT fixes for CICS Transaction Gateway for Multiplatforms 9.0 will be provided only for extended support customers with reque...
Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)
Summary There is a vulnerability in jackson-databind that could allow a local attacker to launch a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36182 DESCRIPTION:...
Security Bulletin: Potential Denial of Service in IBM DataPower Gateway (CVE-2022-23806)
Summary IBM has addressed the CVE, which may have affected DataPower Operator Vulnerability Details CVEID: CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785)
Summary The IBM Db2 Mirror for i GUI uses Chart.js for data presentation and charting features. The version of Chart.js used by IBM Db2 Mirror for i depends upon Moment.js which is vulnerable to CVE-2022-24785 as described in the vulnerability details section. IBM has addressed the vulnerability...
Security Bulletin: Vulnerability in json4j - CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
Summary Json4j is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-3918 by upgrading addressable to latest version. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execu...
Security Bulletin: Vulnerability in Apache Log4j affects Netcool Operation Insight (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by Netcool Operation Insight to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Drupal dated modernizr library
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sendi...
Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2020-1968)
Summary IBM MQ Appliance has resolved and OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections...
Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2017-5638)
Summary A Security vulnerability relating to remote code execution CVE-2017-5638 S2-045 has been reported against Apache Struts 2, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Struts 2 package version that is vulnerable to these issues is included in several past...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...
Security Bulletin: IBM API Connect is impacted by host header injection vulnerability (CVE-2021-38997)
Summary IBM API Connect is impacted by host header injection vulnerability. The fix addresses the host header injection CVE-2021-38997. Vulnerability Details CVEID:CVE-2021-38997 DESCRIPTION: IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOS...
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially crafte...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial o...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 270. Vulnerability Details CVEID:CVE-2024-29133 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by ...