35665 matches found
Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)
Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by IBM Engineering Systems Design Rhapsody RDM components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1. Vulnerability...
Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects DS8000 Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argumen...
Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031)
Summary IBM InfoSphere Master Data Management is vulnerable to a Novell NetIQ Sentinel issue and could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVE-ID: CVE-2016-1000031 DESCRIPTION: Novell NetIQ Sentinel could allow a remote attacker to execute...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Python (CVE-2021-3733)
Summary Security Vulnerabilities affect IBM Cloud Private - Python Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class in urllib. By persuading a vict...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Global Name Management (CVE-2019-2769, CVE-2019-2762, CVE-2019-2816).
Summary There are multiple vulnerabilities in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Global Name Management. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224
Summary IBM HTTP Server powered by Apache for i is vulnerable to the issue described in the vulnerability details section. IBM i has addressed the applicable CVE in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to ...
Security Bulletin: Tivoli Netcool/OMNIbus WebGUI is vulnerable to Apache log4j vulnerability (CVE-2021-44228)
Summary Tivoli Netcool/OMNIbus WebGUI may be impacted by the vulnerability Apache Log4j CVE-2021-44228 through the use of Log4j-api. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server WAS component/product which are affected. Vulnerability...
Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).
Summary NTP Network Time Protocol used to synchronize the time on your Power Hardware Management Console HMC with a centralized NTP server. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in...
Security Bulletin: Potential vulnerability with Node.js
Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to remote attacker being able to execute arbitrary code to obtain sensitive information , the failure to restrict the number of message attachments, and disclosing sensitive information...
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13934...
Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)
Summary JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting XSS Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attack...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze
Summary AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...
Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-11358)
Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could...
Security Bulletin: IBM Spectrum Protect Client Web Interface is vulnerable to a clickjacking attack (CVE-2018-1853)
Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage...
Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3060 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, high...
Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH
Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details: CVEID: CVE-2016-10009...
Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics
Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.13.0. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Analytics. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been addressed in IBM GSKit. IBM Cogn...
Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager
Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...
Security Bulletin: Vulnerabilities in Bash affect the IBM Hyper-Scale Manager component of the XIV Management Tools (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Hyper-Scale Manager component of the XIV Management Tools...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on Dec 16, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
Summary Vulnerabilities in Python, rpcbind, SQLite packages affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2014-4650 DESCRIPTION: Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failu...
Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the WebSphere Application Server vulnerability (CVE-2014-0964)
Summary There is a potential denial of service with Tivoli Netcool Service Quality Manager when running a Heartbleed scanning tool. Vulnerability Details CVE ID: CVE-2014-0964 DESCRIPTION: IBM WebSphere Application Server is not vulnerable to the Heartbleed vulnerability CVE-2014-0160 where secur...
Security Bulletin: Vulnerability in IBM Rational ClearQuest with potential for TLS Attack (CVE-2013-0169)
Summary The IBM GSKit component used in Rational ClearQuest is susceptible to a Transport Layer Security protocol vulnerability known as "Lucky Thirteen." The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing dat...
Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423)
Summary Insufficient input validation in IBM Common Cryptographic Architecture CCA may affect Hardware Security Module HSM availability. An affected IBM 4767 or IBM 4769 HSM may be forced into a check-stop condition by specially-crafted requests from HSM users. Recovery from a check-stop conditio...
Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect
Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to the...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2398) and security restrictions bypass (CVE-2024-2466, CVE-2024-2004) due to cURL libcurl
Summary Vulnerabilities in cURL libcurl could allow a remote attacker to cause a denial of servce CVE-2024-2398 or bypass security restrictions CVE-2024-2466, CVE-2024-2004. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HM...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...
Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository
Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.
Summary Db2 Web Query is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-20860 and CVE-2023-20862, a remote attacker...
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in the Kernel
Summary IBM RackSwitch firmware products have addressed the following Kernel vulnerabilities. Vulnerability Details CVEID: CVE-2020-13974 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the drivers/tty/vt/keyboard.c...
Security Bulletin: IBM MQ is affected by a vulnerability in libcURL
Summary An issue was identified within the libcurl library that affects IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality. This is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID: CVE-2023-38039 DESCRIPTION: cURL libcurl ...
Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.10 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace...
Security Bulletin: Vulnerabilities in Certifi, cryptography, python-requests and Tornado can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore [CVE-2023-37920, CVE-2023-38325, CVE-2023-32681, CVE-2023-28370]
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Certifi, cryptography, python-requests and Tornado which include obtaining sensitive information, phishing attacks and weaker security, as described by the CVEs in the "Vulnerability...
Security Bulletin: Vulnerabilities found in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center [CVE-2017-12626 and X-Force ID: 220800]
Summary Multiple vulnerabilities have been identified in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published which addressed the applicable CVE 2017-1262 and X-Force ID: 2208...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js with details below. CVE-2023-30584, CVE-2023-30585,...
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. The applicable CVEs are CVE-2016-7117 CVE-2016-6828 CVE-2016-102...
Security Bulletin: IBM Watson Assistant for Cloud pak for Data is affected by vulnerabilities in Pallets Werkzeug .
Summary Potential vulnerabilities in Pallets Werkzeug has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service,...
Security Bulletin: There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40705)
Summary There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-40705 DESCRIPTION: Apache SOAP is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM SAN b-type Switches
Summary OpenSSL issues from March 2015 containing 12 CVE were disclosed. This bulletin addresses the vulnerabilities that have been referred to as Open SSL used by IBM SAN b-type Switches. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By...
Security Bulletin: IBM b-type SAN switches and directors affected by OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016].
Summary IBM b-type SAN switches and directors addressing OpenSSL Security Advisory 22 Sep 2016 and 26 Sep 2016 vulnerabilities. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation o...
Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154
Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID ...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]
Summary Apache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java...
Security Bulletin: IBM DataPower Gateway affected by vulnerability in Java (CVE-2022-21626)
Summary IBM has addressed the CVE, which potentially affects JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service...
Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC
Summary BIND is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE Vulnerability Details CVEID:CVE-2021-25219 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw in response processing. By abusing a lame cache, an attacker could exploit th...