35705 matches found
Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown
Summary IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEID:...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 279. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivate, IsLoopback, etc did not work as expected for...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...
Security Bulletin: IBM API Connect is impacted by host header injection vulnerability (CVE-2021-38997)
Summary IBM API Connect is impacted by host header injection vulnerability. The fix addresses the host header injection CVE-2021-38997. Vulnerability Details CVEID:CVE-2021-38997 DESCRIPTION: IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOS...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial o...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 270. Vulnerability Details CVEID:CVE-2024-29133 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by ...
Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in the Kernel
Summary IBM Flex System switch firmware products have addressed the following Kernel vulnerabilities. Vulnerability Details CVEID: CVE-2020-13974 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-44487)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability that exploits HTTP/2 protocol by allowing a denial of service because request cancellation can reset many streams quickly CVE-2023-44487. Vulnerability Details CVE-2023-44487 Description: Th...
Security Bulletin: IBM i is vulnerable to a local privilege escalation (CVE-2023-40375).
Summary IBM i is vulnerable to a local privilege escalation due to a flaw in the base operating system code related to the Integrated application server for IBM i as described in the vulnerability details section. The vulnerability exists even when the Integrated application server is not...
Security Bulletin: Multiple vulnerabilities in The Bouncy Castle Crypto Package For Java affect IBM Application Performance Management products
Summary The Bouncy Castle Crypto Package For Java is used by IBM Application Performance Management. The vulnerabilities below have been addressed. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain...
Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)
Summary Multiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass securit...
Security Bulletin: Vulnerability in IBM Java (CVE-2022-3676) affects Power HMC
Summary IBM Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface call...
Security Bulletin: Zlib for IBM i is vulnerable to a buffer overflow issue during inflate (CVE-2022-37434)
Summary Zlib for IBM i is vulnerable to a heap-based buffer overflow during inflate as described in the vulnerability details section. IBM i has addressed the vulnerability in Zlib with a fix as described in the remediation/fixes section. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zl...
Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-34165)
Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Standard contains a component called EDB Failover Manager EFM and uses a version of Apache Log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID:...
Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-4104)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker t...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-4104, CVE-2021-45046)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: Multiple vulnerabilities in IBM SANnav software used by IBM b-type SAN directors and switches (CVE-2021-45105 and CV-2021-45046)
Summary The IBM SANnav Management Portal and Global View products do not directly use Apache Log4j2, but other modules used by IBM SANnav contain Apache Log4j2 code. IBM SANnav does not expose direct access to these services. The fix removes the Apache Log4j library. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
Summary Vulnerabilities in the Linux Kernel such as execution of arbitrary code, denial of service, bypassing security restrictions, and obtaining or disclosing of information may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25212 DESCRIPTION: Linux Kernel could allow a...
Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about a security vulnerability affecting WebSphere Application Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-2974 DESCRIPTION: An unspecified vulnerability in product related to the Server Oracle MySQL component could allow an...
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-2991 DESCRIPTION: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.017 and prior. Easily exploitable...
Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000004 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sound system. A remote attacker could exploit this vulnerability to caus...
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities
Summary IBM Security Guardium is affected by Using Components with Known Vulnerabilities. IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2014-3584 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received...
Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read
Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-30203 DESCRIPTION: GNU Emacs could provide weaker than expected security,...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-4527 DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function. By...
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930)
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. Vulnerability Details CVEID:CVE-2022-43930 DESCRIPTION: IBM Db2 is vulernable to an Information Disclosure as sensitive information may be included in a log file. CVS...
Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796 could allow a remote attacker to obtain sensitive information, cause an application to...
Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676)
Summary There are vulnerabilities in IBM® Semeru Runtime Open Edition 11 used by SPSS Collaboration and Deployment Services. These issues have been addressed. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID:CVE-2022-41910 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the MakeGrapplerFunctionItem function i...
Security Bulletin: IBM Security Guardium is affected by a jsoup vulnerability (CVE-2021-37714)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause th...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...
Security Bulletin: Security Vulnerability in Apache Tika used by Content Collector for Email in Content Search Services container (affected, not vulnerable)
Summary In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a...
Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.0.1
Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.0.1 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-3304 PM54356 DESCRIPTION: WebSphere Application Server could allow a remote attacker to hijack a valid user’s session, caused by an...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-1788)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...
Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.
Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...
Security Bulletin: Vulnerabilities in the Open Source Node.js runtime affect IBM Event Streams (CVE-2021-44533, CVE-2022-21824, CVE-2021-44531, CVE-2021-44532)
Summary Node.js is used by Event Streams as the runtime for the UI component. This fix updates the Node.js runtime to 16.15.0. Vulnerability Details CVEID: CVE-2021-44533 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of...
Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)
Summary In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. dojox/grid/Builder.js and dojox/grid/cells/base.js, providing the class dojox/Grid/DataGrid, are affected by CVE-2018-15494, an unescaped string injection vulnerability. Vulnerability Details CVEID:...
Security Bulletin: June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed a CVE that could allow an unauthenticated attacker to cause a denial of service and two CVEs that could allow an...
Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...
Security Bulletin: IBM Planning Analytics is affected by security vulnerabilities.
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.75. Vulnerability Details CVEID: CVE-2021-39040 DESCRIPTION: IBM Planning Analytics could be vulnerable to malicious file upload by not validating the file types or...
Security Bulletin: IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass (CVE-2019-4591)
Summary IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass. Vulnerability Details CVEID: CVE-2019-4591 DESCRIPTION: IBM Maximo Asset Management does not invalidate session after logout which could allow a local user to impersonate another user on the system. CVSS Base...
Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment updates deferred from Oracle Oct 2021 CPU CVE-2021-35550...
Security Bulletin: A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager
Summary A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has...
Security Bulletin: A vulnerability in sudo affects IBM Security Network Intrusion Prevention System (CVE-2014-9680)
Summary A security vulnerability has been discovered in sudo used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-9680 DESCRIPTION: Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ...