35702 matches found
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2016-8743)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products and...
Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)
Summary There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive...
Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM PureApplication System.
Summary Nine OpenSSL vulnerabilities were disclosed in August 2014. This bulletin addresses the two vulnerabilities that are applicable to virtual machines which are deployed by IBM PureApplication System using the IBM OS Image for Red Hat Linux Systems and the IBM OS Image for AIX Systems...
Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Bash is available in Red Hat Linux virtual machine images that can be deployed by using IBM Workload Deployer. Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases
Summary IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases. This bulletin identifies the steps required to address these...
Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary The certificate for a remote system in a policy-based replication partnership is not correctly validated in the GUI on IBM Storage Virtualize products. Vulnerability Details CVEID:CVE-2023-47700 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtuali...
Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable to CVE-2023-42282. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to...
Security Bulletin: IBM Spectrum Symphony provides upgraded software packages to address known CVEs
IBM Spectrum Symphony Fix 601860 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601860. IBM Spectrum Symphony 7.3.2 with Fix 601860 is a security fix that provides upgraded versions of software packages included with IBM Spectrum...
Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)
Summary UPDATED May 17 Corrected the affected fileset levels for AIX 7.2 TL5 and removed bos.net.tcp.bind 7.2.5.200.: A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795. AIX uses ISC BIND as part of i...
Security Bulletin: IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011)
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. IBM Cognos Analytics is vulnerable to an Arbitrary File Write via Archive Extraction Zip Slip in JSZip CVE-2022-48285. This has been addressed by upgrading JZIP to a non-vulnerable version. A Server-Side Request Forgery...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...
Security Bulletin: IBM MQ is affected by an issue in IBM WebSphere Application Server Liberty (CVE-2023-24998)
Summary A denial of service issue was identified in IBM WebSphere Application Server Liberty due to Apache Commons FileUpload, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-23477)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...
Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records
Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted reques...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2012-5783)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have...
Security Bulletin: IBM MQ and IBM WebSphere MQ are affected by Side channel attacks on modular exponentiation (CVE-2016-0702)
Summary IBM MQ and WebSphere MQ have addressed CVE-2016-0702 The GSKit cryptographic libraries supplied with MQ are impacted by the same issue described in the OpenSSL disclosure. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive...
Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System
Summary Multiple Vulnerabilities have been found in Node.js used by the Common UI Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-7660 DESCRIPTION: serialize-javascript could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Multiple vulnerabilities in the Golang language affect IBM Event Streams
Summary This security vulnerability affects Golang that is used by the IBM Event Streams CLI component Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in...
Security Bulletin: Vulnerablity in Apache Log4j affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2021-44228)
Summary The following security vulnerability has been identified in the WebSphere Application Server. Apache Log4j 2.x is not used by IBM Tivoli Composite Application Manager for Application Diagnostics, but log4j-1.2.4.jar is present in one of the ear files installed on WebSphere Application...
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93
Summary IBM Sterling Connect:Direct for UNIX Certified Container is hosted by Red Hat Universal Base Image. Due to use of Red Hat Universal Base Image and binutils package, IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to the following: buffer overflow CVE-2019-20838,...
Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)
Summary Apache HTTP Server as used by IBM QRadar SIEM contains multiple vulnerabilities which include buffer overflow and denial of service. Vulnerability Details CVEID: CVE-2021-44790 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the...
Security Bulletin: IBM Cloud Pak for Network Automation is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Cloud Pak for Network Automation as part of its logging functionality. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2021) affects IBM InfoSphere Information Server (CVE-2021-2341 CVE-2021-35578 CVE-2021-35564)
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerability in Linux Kernel affects IBM Spectrum Copy Data Management (CVE-2021-29650)
Summary A denial of service vulnerability in the Linux Kernel may affect IBM Spectrum Copy Data Management Vulnerability Details CVEID: CVE-2021-29650 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table val...
Security Bulletin: Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management
Summary Vulnerabilities in Jackson, jQuery, and Dom4j, such as execution of arbitrary code, cross-site scripting, and obtaining sensitive information, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2020-24616 DESCRIPTION: FasterXML jackson-databind could allow a...
Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)
Summary IBM Sterling B2B Integrator has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker...
Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D
Summary TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-29608 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds and NULL pointer dereference flaw in "RaggedTensorToTensor". By...
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules
Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.103.000.051 and Modules. Vulnerability Details CVEID: CVE-2021-22890 DESCRIPTION: cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a session tickets confusing issue when using a HTT...
Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology
Summary The Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...
Security Bulletin: OpenSSL vulnerabilities affect IBM Rational Team Concert (CVE-2016-1240, CVE-2016-6797, etc)
Summary OpenSSL vulnerabilities were disclosed recently by the OpenSSL Project. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1240 DESCRIPTION: Apache Tomcat could...
Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management
Summary Samba is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-1472 DESCRIPTION: Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by an error when establishing a...
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938)
Summary Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code o...
Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS
Summary Vulnerabilities in libcurl and cURL affect Rational DOORS. Vulnerability Details CVEID: CVE-2016-8616 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protoco...
Security Bulletin: Vulnerabilities in Apache Commons Compress
Summary There are vulnerabilities in Appache Commons Compress used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an...
Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111)
Summary Vulnerabilities in OpenSSH affect AIX. Vulnerability Details CVEID: CVE-2019-6109 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by missing character encoding in the progress display. A man-in-the-middle attacker could exploit this vulnerability to...
Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784)
Summary Apache Tomcat Publicly disclosed vulnerability Vulnerability Details CVEID: CVE-2018-11784 Description: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability...
Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)
Summary Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Vulnerability Details Abstract Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Content Vulnerability Details: CVE ID: CVE-2011-4362 Description: Integer signedness error i...
Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)
Summary An Apache Struts vulnerability of arbitrary code execution was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts...
Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.
Summary IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details...
Security Bulletin: IBM Cognos TM1 is affected by multiple vulnerabilities
Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos TM1, These were disclosed in the 02/09/2015, 04/09/2015 and 05/14/2015 X-Force Reports. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version...
Security Bulletin: Multiple vulnerabilities fixed in IBM HTTP Server (APAR PI22070)
Summary IBM HTTP Server is affected by multiple vulnerabilities. Vulnerability Details CVE ID: CVE-2014-0226 Description: The IBM HTTP server is vulnerable to a heap-based buffer overflow, caused by a race condition in the modstatus module when handling the scoreboard. By sending a...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 9 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a...
Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193, CVE-2023-50308, 268195)
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746,...
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.
Summary Vulnerabilities in Puma and Amazon Ion were remediated in IBM Observability with Instana build 266. Vulnerability Details CVEID:CVE-2024-21647 DESCRIPTION: Puma is vulnerable to a denial of service, caused by incorrect behavior when parsing chunked transfer encoding bodies. By sending a...
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.
Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker...
Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server
Summary IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server Vulnerability Details CVEID:CVE-2023-27522 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header b...
Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)
Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...
Security Bulletin: A vulnerability has been identified in the IBM Spectrum Scale GUI where a remote authenticated user can execute commands [CVE-2022-45047]
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI that could allow a remote authenticated user to execute commands. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Apache MINA SSHD could allow a remote...