35608 matches found
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...
Security Bulletin: IBM MQ is affected by an issue in IBM WebSphere Application Server Liberty (CVE-2023-24998)
Summary A denial of service issue was identified in IBM WebSphere Application Server Liberty due to Apache Commons FileUpload, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload...
Security Bulletin: Vulnerabilities in IPv6 and MQ affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in the IPv6 and MQ components which affect the IBM FlashSystem™ 840 and IBM FlashSystem 900. An exploit of these vulnerabilities CVE-2016-10142 and CVE-2017-11176 could make the system susceptible to attacks which could allow an attacker to trigger a kernel panic...
Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in modproxyajp. An...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-23477)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...
Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records
Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted reques...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2012-5783)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have...
Security Bulletin: IBM MQ and IBM WebSphere MQ are affected by Side channel attacks on modular exponentiation (CVE-2016-0702)
Summary IBM MQ and WebSphere MQ have addressed CVE-2016-0702 The GSKit cryptographic libraries supplied with MQ are impacted by the same issue described in the OpenSSL disclosure. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive...
Security Bulletin: Vulnerabilities in Bash affect IBM/Cisco Switches and Directors (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM/Cisco switches and directors. Vulnerability Details CVE-ID :...
Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System
Summary Multiple Vulnerabilities have been found in Node.js used by the Common UI Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-7660 DESCRIPTION: serialize-javascript could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Multiple vulnerabilities in the Golang language affect IBM Event Streams
Summary This security vulnerability affects Golang that is used by the IBM Event Streams CLI component Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in...
Security Bulletin: Vulnerablity in Apache Log4j affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2021-44228)
Summary The following security vulnerability has been identified in the WebSphere Application Server. Apache Log4j 2.x is not used by IBM Tivoli Composite Application Manager for Application Diagnostics, but log4j-1.2.4.jar is present in one of the ear files installed on WebSphere Application...
Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)
Summary Apache HTTP Server as used by IBM QRadar SIEM contains multiple vulnerabilities which include buffer overflow and denial of service. Vulnerability Details CVEID: CVE-2021-44790 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the...
Security Bulletin: IBM Cloud Pak for Network Automation is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Cloud Pak for Network Automation as part of its logging functionality. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2021) affects IBM InfoSphere Information Server (CVE-2021-2341 CVE-2021-35578 CVE-2021-35564)
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified...
Security Bulletin: Stored IQ for Legal is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)
Summary Apache Log4j is included in WebSphere Application Server Traditional, which is distributed with Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046 impacting Stored IQ for Legal application. Stored IQ for Legal uses Apache Log4j for logging...
Security Bulletin: Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management
Summary Vulnerabilities in Jackson, jQuery, and Dom4j, such as execution of arbitrary code, cross-site scripting, and obtaining sensitive information, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2020-24616 DESCRIPTION: FasterXML jackson-databind could allow a...
Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)
Summary IBM Sterling B2B Integrator has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker...
Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D
Summary TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-29608 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds and NULL pointer dereference flaw in "RaggedTensorToTensor". By...
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules
Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.103.000.051 and Modules. Vulnerability Details CVEID: CVE-2021-22890 DESCRIPTION: cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a session tickets confusing issue when using a HTT...
Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology
Summary The Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938)
Summary Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code o...
Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS
Summary Vulnerabilities in libcurl and cURL affect Rational DOORS. Vulnerability Details CVEID: CVE-2016-8616 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protoco...
Security Bulletin: Vulnerabilities in Apache Commons Compress
Summary There are vulnerabilities in Appache Commons Compress used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an...
Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784)
Summary Apache Tomcat Publicly disclosed vulnerability Vulnerability Details CVEID: CVE-2018-11784 Description: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability...
Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)
Summary Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Vulnerability Details Abstract Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Content Vulnerability Details: CVE ID: CVE-2011-4362 Description: Integer signedness error i...
Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)
Summary An Apache Struts vulnerability of arbitrary code execution was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts...
Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.
Summary IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details...
Security Bulletin: IBM Cognos TM1 is affected by multiple vulnerabilities
Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos TM1, These were disclosed in the 02/09/2015, 04/09/2015 and 05/14/2015 X-Force Reports. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version...
Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)
Summary There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open Source Software OSS components used by IBM Cognos Analytics. Additionally, Cognos Analytics is vulnerable to an XML External Entity Injection XXE. For more information about the vulnerability impact, refer to t...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 9 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a...
Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...
Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities
Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details CVEID:CVE-2023-38371 DESCRIPTION: IBM Security Access Manager uses weaker than expected cryptographic algorithms that could...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193, CVE-2023-50308, 268195)
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746,...
Security Bulletin: IBM Spectrum Symphony provides upgraded software packages to address known CVEs
IBM Spectrum Symphony Fix 601860 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601860. IBM Spectrum Symphony 7.3.2 with Fix 601860 is a security fix that provides upgraded versions of software packages included with IBM Spectrum...
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.
Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker...
Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server
Summary IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server Vulnerability Details CVEID:CVE-2023-27522 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header b...
Security Bulletin: IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011)
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. IBM Cognos Analytics is vulnerable to an Arbitrary File Write via Archive Extraction Zip Slip in JSZip CVE-2022-48285. This has been addressed by upgrading JZIP to a non-vulnerable version. A Server-Side Request Forgery...
Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)
Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...
Security Bulletin: A vulnerability has been identified in the IBM Spectrum Scale GUI where a remote authenticated user can execute commands [CVE-2022-45047]
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI that could allow a remote authenticated user to execute commands. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Apache MINA SSHD could allow a remote...
Security Bulletin: There are several vulnerabilities in AntiSamy used by BM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-28367, CVE-2022-29577)
Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading...
Security Bulletin: IBM Aspera Faspex 5.0.4 can be vulnerable to improperly unauthorized password changes
Summary IBM Aspera Faspex could allow an unauthenticated user to change another user's credentials. The unauthenticated user can get a token that then lets them change another user's password. This issue has been resolved. Vulnerability Details CVEID:CVE-2023-27875 DESCRIPTION: IBM Aspera Faspex...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager IDRM 2.0.6.15, which is the only supported version, is impacted by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.16. Please see the remediation steps below to apply the fix. All customers are encouraged to act...
Security Bulletin: Vulnerability in http2-common affects IBM Process Mining (Multiple CVEs)
Summary There is a vulnerability in http2-common that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-9517 DESCRIPTION: Multiple vendors...
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated...
Security Bulletin: A vulnerability in Apache Log4j affects IBM InfoSphere Information Server (CVE-2021-44228)
Summary A vulnerability Log4Shell in Apache Log4j used by IBM InfoSphere Information Server was addressed. Various components in Information Server use Log4j to log messages for diagnostics. The fix upgrades log4j to version 2.16.0. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache...
Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)
Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachment...
Security Bulletin: IBM Content Manager Enterprise Edition is is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)
Summary Apache Log4j is used by IBM Content Manager Enterprise Edition, as part of is logging infrastructure. This fix includes Apache Log4j V2.17.1. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused b...