35608 matches found
Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager
Summary IBM WebSphere Application Server WAS is shipped with IBM Security Identity Manager ISIM. Information about security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Dojo vulnerability in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2021-23450)
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Switches and Directors.
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cisco Switches and Directors has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By connecting to a...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access
Summary Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access product. Vulnerability Details CVEID: CVE-2021-3520 DESCRIPTION: lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted fil...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-45105, CVE-2021-44832)
Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-45105, CVE-2021-45046)
Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log...
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-3541 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack whic...
Security Bulletin: Vulnerabilities in IBM Java Runtime and libxml2 affecting Tivoli Netcool/OMNIbus (Multiple CVEs)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition Version 8, as well as a vulnerability in GNOME libxml2 version 2.7.8. Both components are used by Tivoli Netcool/OMNIbus. The JRE vulnerability was disclosed as part of the IBM Java SDK updates in April 2021. Th...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons IO
Summary A vulnerability in Apache Commons IO that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the...
Security Bulletin: Steps to update Java - QMF for Workstation & QMF Vision
Summary An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in...
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)
Summary An Apache ActiveMQ man-in-the-middle vulnerability was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI...
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product
Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2179 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Netezza PureData System for Analytics (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Netezza PureData System for Analytics. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Security Privileged Identity Manager ISPIM. These issues were disclosed as part of the IBM Java SDK updates in July 2018, April 2018, January 2018, October 2017. Vulnerability Details July 2018 CVEID:...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with OpenPages GRC Platform (CVE-2018-10237)
Summary IBM WebSphere Application Server is shipped as a component of OpenPages GRC Platform. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM WebSphere...
Security Bulletin: Rational Directory Server and Rational Directory Administrator can be affected by vulnerabilities (CVE-2015-0138 and CVE-2014-0227)
Summary This security bulletin is a notice of security vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and in Apache Tomcat server, version 6, which impacts IBM Rational Directory Server 5.2.x, 5.1.1.x and Rational Directory Administrator 6.x Vulnerability Details...
Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)
Summary DS8900F and DS8A00 updates have been released to address following vulnerabilities. Review the Vulnerability Details section below for additional information. CVE-2023-40547 CVSS Base Score:8.3, CVE-2024-5564 CVSS Base Score:8.1, CVE-2022-48624 CVSS Base Score:7.8, CVE-2022-48624 CVSS Bas...
Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.
Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details CVEID:CVE-2022-2923 DESCRIPTION: Vim is vulnerable t...
Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...
Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-34054...
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)
Summary UPDATED 4/10: The included README was updated for clarity. Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2024-56346, CVE-2024-56347. Vulnerability Details CVEID:CVE-2024-56346 DESCRIPTION: IBM AIX nimesis NIM master service could allow a remote...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2023-0044 DESCRIPTION: Quarkus could allow a remote attacker to obtain sensitive information, caused by a flaw when the Form Authentication session cookie Path attribute is se...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM i (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...
Security Bulletin: IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253.
Summary IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .
Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: glibc is vulnerable to a...
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities
Summary Vulnerabilities contained within Open VPN a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent and VPN Modules. Vulnerabilities contained within Eclipse Jetty and Netty a 3rd party component were addressed in the IBM MaaS360 Mobile Enterprise Gateway...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3
Summary OpenSSL, go-yaml, GnuTLS , OpenTelemetry-Go and urllib3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerabl...
Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.11 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...
Security Bulletin: There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453)
Summary There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk...
Security Bulletin: Multiple vulnerabilities of Apache Groovy (groovy-all-2.3.11.jar) have affected APM JBoss and APM WebLogic Agent [CVE-202-17521, CVE-2016-6814, CVE-2015-3253]
Summary APM JBoss and APM WebLogic Agents are vulnerable to Apache Groovygroovy-all-2.3.11.jar. CVE-2020-17521, CVE-2016-6814, CVE-2015-3253 The fix includes groovy-all-2.3.11.jar upgraded to groovy-all-2.5.21.jar. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow ...
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities
Summary IBM MQ Appliance has resolved multiple open source vulnerabilities CVE-2022-40303, CVE-2022-40304, CVE-2021-46848 and CVE-2022-43680. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: IBM MQ is affected by issues in IBM WebSphere Application Server Liberty (CVE-2022-3509, CVE-2022-3171)
Summary Issues were identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges due to [CVE-2022-42919]
Summary Python is used by IBM App Connect Enterprise Certified Container for providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges. This bulletin provides patch information to...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX
Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a buffer overflow CVE-2022-3602, cause a denial of service CVE-2022-3786, or obtain sensitive information CVE-2022-3358. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to local information disclosure due to Postgresql JDBC (CVE-2022-41946)
Summary The Postgresql JDBC driver is used by IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...
Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)
Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-43680_CVE-2013-0340_CVE-2017-9233)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Potential vulnerability in Apache Commons IO affect IBM Operations Analytics - Log Analysis (CVE-2021-29425)
Summary Prior to version 2.7 vulnerability in Apache Commons IO allow remote attacker to traverse directories on the system to view arbitrary files Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused...
Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.
Summary The SANnav Management Portal and Global View products are vulnerable due to an OpenSSL issue. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)
Summary There is a vulnerability in Apache log4j used by Spark and Zookeeper that is affecting QRadar User Behavior AnalyticsUBA. This has been addressed in both dependencies and UBA has been updated to the patched versions. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j coul...
Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to use of Apache HTTP server CVE-2022-22720
Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-22720 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104)
Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Elastic Storage System due to its use of Log4j for logging and this fix upgrades to Apache Log4j V2.17.1. Vulnerability Details CVEID: CVE-2021-4104...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.74. Vulnerability Details CVEID: CVE-2021-39047 DESCRIPTION: Some IBM products are vulnerable to cross-site scripting. This vulnerability allows users to embed...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-45105, CVE-2021-44832)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: Vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift
Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift may be affected by vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka such as bypass of security restrictions, denial of service, execution of arbitrary code, elevation of privileges, buffer...
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-28374 DESCRIPTION: Linux Kernel could allow a remote authenticated attacker to traverse directories on the system, caused by insufficient identifier checking in the LIO SCSI target code. An attacker...
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs
Summary Cloud Pak for Security CP4S v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions. Vulnerability Details CVEID: CVE-2020-24332 DESCRIPTION: TrouSerS could allow a remote...