35702 matches found
Security Bulletin:Vulnerability in Apache Struts affects Storwize V7000 Unified (CVE-2017-5638)
Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of Storwize V7000 Unified allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to...
Security Bulletin: Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool
Summary IBM Informix Dynamic Server is vulnerable to Sweet32: Birthday attacks on 64-bit block ciphers in TLS. Both IBM Informix Dynamic Server and IBM Informix Server Open Admin Tool are vulnerable to a Remote Code Execution Vulnerability. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION:...
Security Bulletin: A vulnerability in OpenSSL affects IBM DataPower Gateways (CVE-2016-2183)
Summary A vulnerability in the SSL/TLS protocol affects the ISAM Access Manager client and JMS. IBM DataPower Gateways has fully addressed the applicable CVE in version 7.5.2, and in earlier releases it was addressed with a combination of a code fix and a workaround. Vulnerability Details CVEID:...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details CVEID:CVE-2023-49569 DESCRIPTION: go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the ChrootOS...
Security Bulletin: Apache Tomcat is vulnerable to CVE-2024-24549 and CVE-2024-23672 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Apache Tomcat which is vulnerable to CVE-2024-24549 and CVE-2024-23672. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...
Security Bulletin: IBM Security Verify Privilege On-Premise is affected by multiple security vulnerabilities
Summary IBM Security Verify Privilege On-Premise has addressed several security issues. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2022-43891 DESCRIPTION: IBM Security Verify Privilege On-Premises could allow a remote attacker to obtain sensitive information when a...
Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)
Summary Vulnerabilities in AIX's OpenSSH could allow a non-privileged local user file access outside of those allowed CVE-2023-40371 or allow a remote attacker to execute arbitrary code CVE-2023-38408. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2023-40371 DESCRIPTION...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471]
Summary SnakeYaml is a YAML Ain't Markup Language parser used by Db2 Web Query in the underlying WebFOCUS base product. SnakeYaml could allow arbitrary code execution as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability as described in the...
Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...
Security Bulletin: Apache Tomcat vulnerabilities affect IBM SAN Volume Controller and Storwize Family (CVE-2014-0227 CVE-2014-0230)
Summary Apache Tomcat DoS and unauthorized access vulnerabilities Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected. CVEID: CVE-2014-0227 DESCRIPTION: Apache Tomcat i...
Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in Java SE affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are CVE-2019-2989...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial service (CVE-2020-36518)
Summary IBM Sterling B2B Integrator has addressed the denial service vulnerability Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote...
Security Bulletin: IBM MQ Appliance is affected by a Kernel vulnerability (CVE-2020-25705)
Summary IBM MQ Appliance has resolved a Kernel vulnerability. Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an...
Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)
Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...
Security Bulletin: IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j and issues in other open source components (CVE-2021-4104)
Summary IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used by IBM Security Identity Manager virtual appliance as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1, as well as...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP requst smuggling and a buffer overflow attack as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes...
Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to privilege escalation (CVE-2022-22441)
Summary A privilege escalation vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2022-22441 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to view information of higher privileged users and groups due to a privilege...
Security Bulletin: Vulnerabilities in Dojo and dom4j libraries affect Tivoli Netcool/OMNIbus WebGUI (CVE-2020-10683, CVE-2021-23450)
Summary Fix is available for vulnerabilities in Dojo and dom4j libraries affecting Tivoli Netcool/OMNIbus WebGUI CVE-2020-10683, CVE-2021-23450. Dojo is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. dom4j was required by Tivoli Netcool/OMNIbus WebGUI as part of Apache...
Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996)
Summary There are multiple vulnerabilities in AIX CAA. Vulnerability Details CVEID: CVE-2022-22350 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...
Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is affected by critical vulnerability in Log4j (CVE-2021-44228)
Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Data Virtualization on Cloud Pak for Data Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data has addressed Apache Log4j vulnerability (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages for IBM Cloud Pak for Data. This affects the IBM OpenPages logging framework. This vulnerability CVE-2021-44228 has been addressed. Customers are encouraged to take action and upgrade. Vulnerability...
Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server which is bundled in IBM WebSphere Hybrid Edition (CVE-2021-44228)
Summary Vulnerability in Apache Log4j affects WebSphere Application Server which is bundled in IBM WebSphere Hybrid Edition CVE-2021-44228 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Principal Products and Versions...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-40438, CVE-2021-34798)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.1.1.x and 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Log Analysis Security Bulletin List
Question Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis? Answer Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various components in Log Analysis, listed by...
Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2020-1968)
Summary IBM MQ Appliance has resolved and OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.0.13 FP4. These vulnerabilities have also been addressed in previous versions of IBM Cognos Analytics 11.1.x . Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial...
Security Bulletin: Multiple Security vulnerabilities in WebSphere Application Server Community Edition
Summary There are multiple security vulnerabilies in WebSphere Application Server Community Edition. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload...
Security Bulletin: IBM XIV is affected by a vulnerability in OpenSSL (CVE-2014-0160)
Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...
Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in Network Security Services (NSS) (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)
Summary Vulnerabilities have been identified in the Network Security Services NSS libraries. IBM Security Access Manager appliances use NSS and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2834 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla...
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially crafte...
Security Bulletin: IBM DataPower Gateway vulnerable to XML Entity Expansion attack in Web UI (CVE-2022-31775)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-31775 DESCRIPTION: IBM DataPower Gateway is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-22081, CVE-2023-5676)
Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset
Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227, CVE-2023-2453...
Security Bulletin: A CVE-2023-26049 vulnerability in Eclipse Jetty affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow
Summary A vulnerability exists in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could all...
Security Bulletin: Multiple vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. OpenSSH is used in the Command Line Interface. The applicable CVEs are...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products
Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-33037...
Security Bulletin: Multiple Vulnerabilities (CVE-2022-45693, CVE-2022-4568) affects CICS Transaction Gateway for Multiplatforms.
Summary Multiple Vulnerabilities CVE-2022-45693, CVE-2022-4568 affects CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerabilities. Please note: PSIRT fixes for CICS Transaction Gateway for Multiplatforms 9.0 will be provided only for extended support customers with reque...
Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)
Summary There is a vulnerability in jackson-databind that could allow a local attacker to launch a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36182 DESCRIPTION:...
Security Bulletin: Potential Denial of Service in IBM DataPower Gateway (CVE-2022-23806)
Summary IBM has addressed the CVE, which may have affected DataPower Operator Vulnerability Details CVEID: CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785)
Summary The IBM Db2 Mirror for i GUI uses Chart.js for data presentation and charting features. The version of Chart.js used by IBM Db2 Mirror for i depends upon Moment.js which is vulnerable to CVE-2022-24785 as described in the vulnerability details section. IBM has addressed the vulnerability...
Security Bulletin: Vulnerability in json4j - CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
Summary Json4j is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-3918 by upgrading addressable to latest version. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execu...
Security Bulletin: Vulnerability in Apache Log4j affects Netcool Operation Insight (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by Netcool Operation Insight to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Drupal dated modernizr library
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sendi...
Security Bulletin: Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000613, CVE-2017-13098, CVE-2018-1000180)
Summary Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection fl...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z
Summary AT&T has released versions 1801-z for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches Vulnerabili...
Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2017-5638)
Summary A Security vulnerability relating to remote code execution CVE-2017-5638 S2-045 has been reported against Apache Struts 2, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Struts 2 package version that is vulnerable to these issues is included in several past...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown
Summary IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEID:...