35608 matches found
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.53 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-1938, CVE-2020-1935 and CVE-2019-17569 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apach...
Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator
Summary There are multiple security vulnerabilities in ActiveMQ that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2011-4905 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when handling an openwire connection...
Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.
Summary Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities. Vulnerability Details CVE-ID: CVE-2019-9516 Description: Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By...
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities
Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click...
Security Bulletin: Vulnerabilities in Bash affect certain IBM N Series products (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM N Series products using certain versions of the following: Data...
Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade
Summary Apache HTTPD, Apache Tomcat and OpenSSL have security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details tha...
Security Bulletin: Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities.
Summary The vulnerabilities addressed include access control, sensitive information disclosure, cross site scripting and directory traversal. Vulnerability Details CVEID:CVE-2020-5002 DESCRIPTION: IBM Financial Transaction Manager could allow an authenticated user to perform unauthorized actions...
Security Bulletin: IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377)
Summary IBM QRadar SIEM is vulnerable to AJP Smuggling to Response Queue Poisoning. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of...
Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms offered,...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products (CVE-2023-45648, CVE-2023-42795, CVE-2023-46589, CVE-2024-21733)
Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing HTTP request smuggling and the obtaining of sensitive information. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to...
Security Bulletin: A Python Vulnerability Affects IBM Cloud Pak for Data Scheduling ( CVE-2023-27043 )
Summary Python is used by IBM Cloud Pak for Data Scheduling, to install the Scheduler for IBM Cloud Pak for Data. A reported parsing flaw in Python is addressed. Vulnerability Details CVEID:CVE-2023-27043 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by...
Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.
Summary Unbound is used by IBM Robotic Process Automation for Cloud Pak as part of antivirus functionality. CVE-2019-25033. ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. CVE-2022-3094. GNU Binutils is used by IBM Robotic Process Automation for Cloud Pak a...
Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)
Summary IBM Personal Communications is susceptible to unauthorized access vulnerability when running on a compromised system by the victim opening a mail with a malicious attachment or visiting a malicious website. Malware could run with user privileges but not necessarily having access to the...
Security Bulletin: A VMWare Tanzu Spring Vulerability Affects IBM OpenPages with Watson (CVE-2022-22950)
Summary There is a vulnerability in the Spring Framework open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages application server. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMware Tanzu Spring Framework is...
Security Bulletin: Multiple vulnerabilities in Redis may affect IBM Robotic Process Automation for Cloud Pak
Summary Redis is used by IBM Robotic Process Automation for Cloud Pak as a performance accelerator for the IBM Robotic Process Automation server Vulnerability Details CVEID:CVE-2021-21309 DESCRIPTION: Redis could allow a remote authenticated attacker to execute arbitrary code on the system, cause...
Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Advisor With Watson App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by...
Security Bulletin: IBM Event Streams is affected by vulnerabilities in the jsonwebtoken package (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541)
Summary These security vulnerabilities affect jsonwebtoken that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementati...
Security Bulletin: Multiple vulnerabilities identified in VMWare ESXi shipped with IBM Cloud Pak System
Summary Vulnerabilties in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2022-26373 DESCRIPTION: VMware ESXi could allow a local authenticated attacker to obtain sensitive information, caused by a...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)
Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Tomcat is vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload function. By sending a specially-crafted request with a series of uploads, a...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in OpenSSH which the IBM FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-6515 and CVE-2016-6210 could make the system susceptible to attacks which could allow an attacker to consume all available CPU resources or to enumerate users ...
Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: Spring Framework CVE-2022-22965, OpenSSL vulnerabilities CVE-2022-0778, Apache HTTP Server CVE-2021-26691, CVE-2021-40438, CVE-2021-44790, and CVE-2021-20325. Vulnerability Details CVEID:CVE-2022-0778...
Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-1587)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-1587 DESCRIPTION: PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the getrecursedatalength function in the...
Security Bulletin: OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786
Summary OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml and jackson-databind
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml CVE-2022-38751, CVE-2022-38752, CVE-2022-38750, CVE-2022-25857, CVE-2022-38749, CVE-2022-41854 and jackson-databind CVE-2022-42003, CVE-2022-42004. The resolving fi...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of "Arrays.equals" to validate a password or key. By...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-25313
Summary libexpat is not used directly by IBM App Connect Enterprise Certified Container but is present in the operand images as part of the base operating system. Use of libexpat within IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service. This bulletin...
Security Bulletin: IBM SPSS Modeler is vulnerable to Apache Commons Text [CVE-2022-42889]
Summary Apache Commons Text is used by IBM SPSS Modeler as part of the spark function. This vulnerability is addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.
Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...
Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2022-21496)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow...
Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)
Summary IBM Business Process Manager and IBM Business Automation Workflow are affected by multiple security vulnerabilities found in Swagger UI. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput functio...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server cou...
Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)
Summary A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities have been identified in Elasticsearch shipped with IBM Tivoli Netcool Impact
Summary Elasticsearch is shipped with IBM Tivoli Netcool Impact, Information about multiple security vulnerabilities affecting elasticsearch has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-7020 DESCRIPTION: Elastic Enterprise Search could allow a remote...
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2021-4160)
Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...
Security Bulletin: IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104)
Summary IBM Security Guardium has resolved CVE-2021-4104 with an appliance patch. Apache log4j is used as part of its logging infrastructure. The patch removes log4j 1.x from the Guardium system and replaces it with log4j2 V2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Global Name Management 5.0 (CVE-2014-4263) and (CVE-2014-4244)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Global Name Management. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEI...
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library (CVE-2022-23852 and CVE-2022-23990)
Summary IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library. This fix provides an upgrade to the Expat library. Vulnerability Details CVEID: CVE-2022-23852 DESCRIPTION: Expat aka libexpat could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2022-21741 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero condition in the implementation of depthwise convolutions in...
Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35578).
Summary IBM License Metric Tool is vulnerable to attacks related to Java TLS vulnerability. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system...
Security Bulletin: Apache Log4j vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2021-44228)
Summary IBM Watson Knowledge Catalog in Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-44228 and is used for logging. Customers are encouraged to take quick action to update their systems to Apache Log4j 2.15.0. Vulnerability Details CVEID: CVE-2021-4422...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Nov 2021 CPU (CVE-2021-41035, CVE-2021-35578, CVE-2021-35586, CVE-2021-35564, CVE-2021-35561, CVE-2021-35565, CVE-2021-35567)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Nov 2021. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...
Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)
Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2369 DESCRIPTION: An unspecified vulnerability in Java SE related to the Library component could allow an...
Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By...
Security Bulletin: Vulnerabilities in OpenSSH affect Power Hardware Management Console
Summary OpenSSH is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2015-6563 DESCRIPTION: OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in...
Security Bulletin: Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI
Summary Fixes are available for vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI CVE-2021-23926, CVE-2018-15494, CVE-2020-5258, CVE-2021-29425 and CVE-2020-11988. Vulnerability Details CVEID: CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of...
Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified
Summary OpenSSL is used by IBM Storwize V7000 Unified. IBM Storwize V7000 Unified has addressed the applicable CVEs. Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unfied for providing communication security by encrypting data being transmitted. CVEID: CVE-2017-3731 DESCRIPTION:...
Security Bulletin: IBM OpenPages GRC Platform Web Applications are not vulnerable to (CVE-2017-5638)
Summary IBM OpenPages GRC Platform Web Applications are not vulnerable to the Apache Struts 2 vulnerability CVE-2017-5638 Vulnerability Details IBM OpenPages GRC Platform Web Applications are NOT vulnerable to the Apache Struts 2 vulnerability CVE-2017-5638. Please refer to...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 279. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivate, IsLoopback, etc did not work as expected for...