35608 matches found
Security Bulletin: Vulnerabilities in OpenSSH affects Power Hardware Management Console
Summary OpenSSH is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the...
Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy
Summary There are multiple vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources causing a denial of service due to a resource leak...
Security Bulletin: IBM MQ is vulnerable to an issue within OpenSSL (CVE-2021-23840)
Summary An issue was identified with OpenSSL which is shipped on IBM MQ for IBM i platforms and used within the Advanced Messaging Security component. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in...
Security Bulletin: A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237)
Summary A vulnerability on unbounded memory allocation was addressed by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and...
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in libcurl (CVE-2019-5436)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in libcurl. Vulnerability Details CVEID: CVE-2019-5436 DESCRIPTION: cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftpreceivepacket function. By...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)
Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)
Summary jQuery security vulnerabilities affect IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-10086)
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has...
Security Bulletin: IBM Netezza Host Management NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296)
Summary Multiple vulnerabilities were found in the Linux NTP component. RedHat released a patch to address these vulnerabilities. Vulnerability Details CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weaker than expected security, caused by the...
Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance
Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-10915 DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security restrictions, caused by an issue with improperly resting internal state in between...
Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM
Summary PowerKVM is affected by several vulnerabilities in qemu. These vulnerabilities have been addressed by IBM. Vulnerability Details CVEID: CVE-2016-5338 DESCRIPTION: Qemu, built with the ESP/NCR53C9x controller emulation support, is vulnerable to a denial of service, caused by an out of boun...
Security Bulletin: Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 and Gen2 (CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM XIV Storage System has addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: IBM DS8870 Release 7.2 is affected by an additional vulnerability in OpenSSL (CVE-2014-0160)
Summary Security vulnerabilities have been discovered in OpenSSL which have an impact on the IBM Power Servers incorporated in the IBM DS8870. While another IBM security bulletin addresses this vulnerability in these IBM Power servers generally...
Security Bulletin: Vulnerabilities in httpd affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance
Summary Vulnerabilities have been identified for httpd packages in Open Source Apache HTTP Server that affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance CVE-2014-0118, CVE-2014-0226, CVE-2014-0231. Vulnerability Details CVE-ID: CVE-2014-0118 DESCRIPTION: The deflateinfilter...
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's
Summary Apache Tomcat prior to version 6.0.48 is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specifie...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is...
Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.
Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. B...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...
Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...
Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.
Summary Mulitple vulnerabilities have been addressed in IBM Cloud Pak System 2.3.4.0 and IBM Cloud Pak System 2.3.5.0. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the...
Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.
Summary IBM has released the following IBM i PTFs in response to CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. This security bulletin has been updated, on October 16, 2018, as additional IBM i PTFs are now available to mitigate the Spectre and Meltdown vulnerabilities...
Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002
Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite...
Security Bulletin: Vulnerability in Apache ActiveMQ affects App Connect Professional.
Summary App Connect Professional has addressed the following vulnerability reported in Apache ActiveMQ. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-43804, CVE-2023-37920)
Summary Vulnerabilities in Python could allow a remote authenticated attacker to obtain sensitive information CVE-2023-43804. AIX's Python packaging also includes Certifi, which is vulnerable to CVE-2023-37920. Python is used by AIX as part of Ansible node management automation. Vulnerability...
Security Bulletin: Mutiple Vulnerabilties Affecting Watson Machine Learning Accelerator on Cloud Pak for Data version
Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data version 2.6.0 is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2022-29361 DESCRIPTION: Pallets Werkzeug is vulnerable to HTTP request smuggling, caus...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary...
Security Bulletin: Addressing the Security vulnerability CVE-2022-23437,CVE-2009-2625,CVE-2012-0881,CVE-2013-4002 found in xercesImpl-2.9.1.jar and its previous versions affects ITCAM for Transactions
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following xercesImpl-2.9.1.jar vulnerability and updated xercesImpl.jar from version 2.5.0 to 2.12.2 and its dependency xml-apis.jar to version 2.5.0 Vulnerability Details...
Security Bulletin: Multiple vulnerabilities of Apache Ant (ant-1.7.0.jar, ant-1.8.4.jar) have affected APM JBoss, APM WebLogic and APM SAP NetWeaver Java™ Stack Agents.
Summary APM JBoss, APM WebLogic and APM SAP NetWeaver Java™ Stack Agents are vulnerable to Apache Antant-1.7.0.jar, ant-1.8.4.jar CVE-2021-36373, CVE-2020-1945, CVE-2012-2098, CVE-2020-11979, CVE-2021-36374. The fix includes ant jar upgraded to ant-1.10.13.jar. Vulnerability Details...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC
Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI
Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2021-46848 DESCRIPTION: GNU Libtasn1 could allow a remote attacker to obtain sensitive information, caused by an out-of-bound access flaw in ETYPEOK. By sending a...
Security Bulletin: There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management (CVE-2022-21681, CVE-2022-21680)
Summary There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in inline.reflinkSearch. By...
Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem 840 and V840 (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem 840 and V840 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID : CVE-2013-1740...
Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack...
Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM InfoSphere Global Name Management (CVE-2022-22475, CVE-2022-22476)
Summary The IBM WebSphere Liberty used in IBM InfoSphere Global Name Management is vulnerable to identity spoofing by an authenticated user. This issue only affects ENS, a part of GNM 6 installed by a small minority of GNM customers. For GNM customers not using ENS, there is no vulnerability...
Security Bulletin: Multiple Vulnerabilities in node.js
Summary Security Vulnerabilities in node.js affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information.. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected security, caused by the failure to check the return...
Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics
Summary Multiple vulnerabilities exist in Spark, which is used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Spark and packages that are associated with Spark that resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)
Summary Apache Commons Fileupload is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastucture. Information about security vulnerabilities affecting Apache Commons Fileupload has been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-2186...
Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)
Summary There is a vulnerability that allows redirecting of HTTP traffic with CGI applications that may affect IBM HTTP Server IHS. This vulnerability is known as "HTTPOXY". Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest (CVE-2021-35561, CVE-2022-21299, CVE-2022-21496)
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in April 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by IBM WebSphere Cast Iron Solution & App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Apr 2022, IBM WebSphere Cast Iron Solution & App Connect Professional have addressed the...
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
Summary Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4155 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by data leak flaw in the wa...
Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)
Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by IBM Engineering Systems Design Rhapsody RDM components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1. Vulnerability...
Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects DS8000 Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argumen...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Python (CVE-2021-3733)
Summary Security Vulnerabilities affect IBM Cloud Private - Python Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class in urllib. By persuading a vict...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Global Name Management (CVE-2019-2769, CVE-2019-2762, CVE-2019-2816).
Summary There are multiple vulnerabilities in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Global Name Management. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224
Summary IBM HTTP Server powered by Apache for i is vulnerable to the issue described in the vulnerability details section. IBM i has addressed the applicable CVE in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to ...
Security Bulletin: Tivoli Netcool/OMNIbus WebGUI is vulnerable to Apache log4j vulnerability (CVE-2021-44228)
Summary Tivoli Netcool/OMNIbus WebGUI may be impacted by the vulnerability Apache Log4j CVE-2021-44228 through the use of Log4j-api. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server WAS component/product which are affected. Vulnerability...
Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).
Summary NTP Network Time Protocol used to synchronize the time on your Power Hardware Management Console HMC with a centralized NTP server. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in...