35608 matches found
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...
Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in the Kernel
Summary IBM Flex System switch firmware products have addressed the following Kernel vulnerabilities. Vulnerability Details CVEID: CVE-2020-13974 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-44487)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability that exploits HTTP/2 protocol by allowing a denial of service because request cancellation can reset many streams quickly CVE-2023-44487. Vulnerability Details CVE-2023-44487 Description: Th...
Security Bulletin: IBM Security Verify Privilege On-Premise is affected by multiple security vulnerabilities
Summary IBM Security Verify Privilege On-Premise has addressed several security issues. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2022-43891 DESCRIPTION: IBM Security Verify Privilege On-Premises could allow a remote attacker to obtain sensitive information when a...
Security Bulletin: IBM i is vulnerable to a local privilege escalation (CVE-2023-40375).
Summary IBM i is vulnerable to a local privilege escalation due to a flaw in the base operating system code related to the Integrated application server for IBM i as described in the vulnerability details section. The vulnerability exists even when the Integrated application server is not...
Security Bulletin: Multiple vulnerabilities in The Bouncy Castle Crypto Package For Java affect IBM Application Performance Management products
Summary The Bouncy Castle Crypto Package For Java is used by IBM Application Performance Management. The vulnerabilities below have been addressed. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain...
Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)
Summary Multiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Vulnerability in IBM Java (CVE-2022-3676) affects Power HMC
Summary IBM Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface call...
Security Bulletin: Zlib for IBM i is vulnerable to a buffer overflow issue during inflate (CVE-2022-37434)
Summary Zlib for IBM i is vulnerable to a heap-based buffer overflow during inflate as described in the vulnerability details section. IBM i has addressed the vulnerability in Zlib with a fix as described in the remediation/fixes section. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zl...
Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-34165)
Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Standard contains a component called EDB Failover Manager EFM and uses a version of Apache Log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID:...
Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-4104)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker t...
Security Bulletin: Multiple vulnerabilities in IBM SANnav software used by IBM b-type SAN directors and switches (CVE-2021-45105 and CV-2021-45046)
Summary The IBM SANnav Management Portal and Global View products do not directly use Apache Log4j2, but other modules used by IBM SANnav contain Apache Log4j2 code. IBM SANnav does not expose direct access to these services. The fix removes the Apache Log4j library. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
Summary Vulnerabilities in the Linux Kernel such as execution of arbitrary code, denial of service, bypassing security restrictions, and obtaining or disclosing of information may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25212 DESCRIPTION: Linux Kernel could allow a...
Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about a security vulnerability affecting WebSphere Application Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000613, CVE-2017-13098, CVE-2018-1000180)
Summary Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection fl...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-2974 DESCRIPTION: An unspecified vulnerability in product related to the Server Oracle MySQL component could allow an...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z
Summary AT&T has released versions 1801-z for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches Vulnerabili...
Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000004 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sound system. A remote attacker could exploit this vulnerability to caus...
Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown
Summary IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEID:...
Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read
Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-4527 DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function. By...
Security Bulletin: IBM Operational Decision Manager November 2023 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2023-3404...
Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass securit...
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930)
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. Vulnerability Details CVEID:CVE-2022-43930 DESCRIPTION: IBM Db2 is vulernable to an Information Disclosure as sensitive information may be included in a log file. CVS...
Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676)
Summary There are vulnerabilities in IBM® Semeru Runtime Open Edition 11 used by SPSS Collaboration and Deployment Services. These issues have been addressed. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID:CVE-2022-41910 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the MakeGrapplerFunctionItem function i...
Security Bulletin: IBM Security Guardium is affected by a jsoup vulnerability (CVE-2021-37714)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause th...
Security Bulletin: Security Vulnerability in Apache Tika used by Content Collector for Email in Content Search Services container (affected, not vulnerable)
Summary In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a...
Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.0.1
Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.0.1 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-3304 PM54356 DESCRIPTION: WebSphere Application Server could allow a remote attacker to hijack a valid user’s session, caused by an...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-1788)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...
Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.
Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...
Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)
Summary In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. dojox/grid/Builder.js and dojox/grid/cells/base.js, providing the class dojox/Grid/DataGrid, are affected by CVE-2018-15494, an unescaped string injection vulnerability. Vulnerability Details CVEID:...
Security Bulletin: June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed a CVE that could allow an unauthenticated attacker to cause a denial of service and two CVEs that could allow an...
Security Bulletin: IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass (CVE-2019-4591)
Summary IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass. Vulnerability Details CVEID: CVE-2019-4591 DESCRIPTION: IBM Maximo Asset Management does not invalidate session after logout which could allow a local user to impersonate another user on the system. CVSS Base...
Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment updates deferred from Oracle Oct 2021 CPU CVE-2021-35550...
Security Bulletin: A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager
Summary A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has...
Security Bulletin: A vulnerability in sudo affects IBM Security Network Intrusion Prevention System (CVE-2014-9680)
Summary A security vulnerability has been discovered in sudo used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-9680 DESCRIPTION: Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ...
Security Bulletin: IBM Spectrum LSF is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Spectrum LSF as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM Db2® Warehouse is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Apache Log4j open source library used by IBM® Db2® Warehouse is affected by multiple vulnerabilitiies CVE-2021-45105 and CVE-2021-45046. This library is used by the Db2 Federation, Spark, Livy and IBM Spectrum Protect as part of its logging infrastructure. The fix includes includes Apache...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-4104, CVE-2021-45046)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager
Summary Vulnerabilities exist in IBM Netcool Agile Service Manager, these have been addressed. Vulnerability Details CVEID: CVE-2021-21290 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sendin...
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-2991 DESCRIPTION: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.017 and prior. Easily exploitable...
Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Using Components with Known Vulnerabilities vulnerability
Summary IBM Security Guardium is aware of the following vulnerability Vulnerability Details CVEID: CVE-2016-1000342 DESCRIPTION: Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the ECDSA. A remote attacker cou...
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities
Summary IBM Security Guardium is affected by Using Components with Known Vulnerabilities. IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2014-3584 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received...
Security Bulletin: Logjam vulnerability in TLS affects IBM CICS Transaction Gateway (CVE-2015-4000)
Summary The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher...
Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID:CVE-2016-8735 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially...
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...