35743 matches found
Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common
Summary IBM Storage Protect Server uses the http2-server and http2-common components and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2019-9511 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC
Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI
Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: Vulnerabilities in Libxml2 affect System x Integrated Management Module (IMM) (CVE-2014-0191, CVE-2014-3660)
Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details CVE-ID:...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. The applicable CVEs are CVE-2016-7117 CVE-2016-6828 CVE-2016-102...
Security Bulletin: Multiple vulnerabilities in IPv6 and MQ affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products
Summary Vulnerabilities in the IPv6 and MQ components affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products. Applicable CVEs are CVE-2016-10142 and CVE-2017-11176. Vulnerability Details CVEID: CVE-2016-10142 DESCRIPTION: The IETF IPv6 protocol is vulnerable to a denial of...
Security Bulletin: There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40705)
Summary There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-40705 DESCRIPTION: Apache SOAP is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM SAN b-type Switches
Summary OpenSSL issues from March 2015 containing 12 CVE were disclosed. This bulletin addresses the vulnerabilities that have been referred to as Open SSL used by IBM SAN b-type Switches. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By...
Security Bulletin: IBM MQ Operator and Queue Manager container images are vulnerable to vulnerabilities from libksba and sqlite (CVE-2022-47629 and CVE-2022-35737)
Summary Issues were identified in Red Hat UBI packages libksba and sqlite that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-47629 DESCRIPTION: Libksba could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.
Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2020-28852 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while...
Security Bulletin: Multiple Vulnerabilities in node.js
Summary Security Vulnerabilities in node.js affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information.. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected security, caused by the failure to check the return...
Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)
Summary There is a vulnerability that allows redirecting of HTTP traffic with CGI applications that may affect IBM HTTP Server IHS. This vulnerability is known as "HTTPOXY". Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP...
Security Bulletin: Vulnerabilities in Intel Chipset affect IBM Cloud Pak System (CVE-2021-0060, CVE-2021-0147, CVE-2021-33080)
Summary Vulnerabilities in Intel Chipset affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-0060 DESCRIPTION: Intel SPS could allow a physical attacker to gain elevated privileges on the system, caused by insufficient...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest (CVE-2021-35561, CVE-2022-21299, CVE-2022-21496)
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in April 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by IBM WebSphere Cast Iron Solution & App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Apr 2022, IBM WebSphere Cast Iron Solution & App Connect Professional have addressed the...
Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)
Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by IBM Engineering Systems Design Rhapsody RDM components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1. Vulnerability...
Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects DS8000 Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argumen...
Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031)
Summary IBM InfoSphere Master Data Management is vulnerable to a Novell NetIQ Sentinel issue and could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVE-ID: CVE-2016-1000031 DESCRIPTION: Novell NetIQ Sentinel could allow a remote attacker to execute...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Python (CVE-2021-3733)
Summary Security Vulnerabilities affect IBM Cloud Private - Python Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class in urllib. By persuading a vict...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Global Name Management (CVE-2019-2769, CVE-2019-2762, CVE-2019-2816).
Summary There are multiple vulnerabilities in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Global Name Management. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: Netcool Operations Insight is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)
Summary Multiple vulnerabilities were identified within the Apache Log4j library CVE-2021-45046, CVE-2021-45105 that is used by Netcool Operations Insight to provide logging functionality. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle July 2021 Critical Patch Update, minus CVE-2021-2341. CVE-2021-2341 will be covered in an additional bulletin. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an...
Security Bulletin: Potential vulnerability with Node.js
Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to remote attacker being able to execute arbitrary code to obtain sensitive information , the failure to restrict the number of message attachments, and disclosing sensitive information...
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13934...
Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)
Summary JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting XSS Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attack...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze
Summary AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...
Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-11358)
Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could...
Security Bulletin: IBM Spectrum Protect Client Web Interface is vulnerable to a clickjacking attack (CVE-2018-1853)
Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage...
Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3060 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, high...
Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH
Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details: CVEID: CVE-2016-10009...
Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics
Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.13.0. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Analytics. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been addressed in IBM GSKit. IBM Cogn...
Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager
Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...
Security Bulletin: Vulnerabilities in Bash affect the IBM Hyper-Scale Manager component of the XIV Management Tools (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Hyper-Scale Manager component of the XIV Management Tools...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on Dec 16, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
Summary Vulnerabilities in Python, rpcbind, SQLite packages affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2014-4650 DESCRIPTION: Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failu...
Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the WebSphere Application Server vulnerability (CVE-2014-0964)
Summary There is a potential denial of service with Tivoli Netcool Service Quality Manager when running a Heartbleed scanning tool. Vulnerability Details CVE ID: CVE-2014-0964 DESCRIPTION: IBM WebSphere Application Server is not vulnerable to the Heartbleed vulnerability CVE-2014-0160 where secur...
Security Bulletin: Vulnerability in IBM Rational ClearQuest with potential for TLS Attack (CVE-2013-0169)
Summary The IBM GSKit component used in Rational ClearQuest is susceptible to a Transport Layer Security protocol vulnerability known as "Lucky Thirteen." The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing dat...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2002-0080 DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...
Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect
Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.
Summary Db2 Web Query is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-20860 and CVE-2023-20862, a remote attacker...
Security Bulletin: IBM i Access Client Solutions is vulnerable to remote code execution and failing to secure passwords due to multiple vulnerabilities
Summary IBM i Access Client Solutions is vulnerable to remote code execution due to a flaw which fails to authenticate the origin of a serialized object CVE-2023-45185, and insecurely storing passwords by allowing the password encryption key to be retrieved CVE-2023-45184 or decoded using a brute...
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in the Kernel
Summary IBM RackSwitch firmware products have addressed the following Kernel vulnerabilities. Vulnerability Details CVEID: CVE-2020-13974 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the drivers/tty/vt/keyboard.c...
Security Bulletin: IBM MQ is affected by a vulnerability in libcURL
Summary An issue was identified within the libcurl library that affects IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality. This is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID: CVE-2023-38039 DESCRIPTION: cURL libcurl ...