35608 matches found
Security Bulletin: IBM Informix Dynamic Server is vulnerable to a stack based buffer overflow, caused by improper bounds checking.
Summary IBM Informix Dynamic Server is vulnerable to a stack based buffer overflow, caused by improper bounds checking. Vulnerability Details CVEID: CVE-2021-20515 DESCRIPTION: IBM Informix Dynamic Server is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local...
Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031)
Summary IBM InfoSphere Master Data Management is vulnerable to a Novell NetIQ Sentinel issue and could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVE-ID: CVE-2016-1000031 DESCRIPTION: Novell NetIQ Sentinel could allow a remote attacker to execute...
Security Bulletin: Netcool Operations Insight is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)
Summary Multiple vulnerabilities were identified within the Apache Log4j library CVE-2021-45046, CVE-2021-45105 that is used by Netcool Operations Insight to provide logging functionality. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...
Security Bulletin: Log4j remote code execution vulnerability in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2021-44228)
Summary IBM Operations Analytics - Log Analysis is bundled with Apache-Solr and Logstash Third-party components which are affected by the "CVE-2021-44228" security vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitra...
Security Bulletin: Vulnerability in Apache Log4j affects Netcool/Omnibus 8.1 (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by Netcool/Omnibus 8.1. This vulnerability is only present when either of the 'Administrator GUI' or 'Operator GUI' features are installed. This vulnerability has been addressed. Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server
Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-34798 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in httpd core. By...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle July 2021 Critical Patch Update, minus CVE-2021-2341. CVE-2021-2341 will be covered in an additional bulletin. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an...
Security Bulletin: Vulnerabilities in psutil, python, and Golang affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
Summary Vulnerabilities in psutil, python and Golang Go may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift. Vulnerability Details CVEID: CVE-2019-18874 DESCRIPTION: psutil is vulnerable to a denial of service, caused by a double free. By using...
Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to remote attacker being able to execute arbitrary code to obtain sensitive information , the failure to restrict the number of message attachments, and disclosing sensitive information...
Security Bulletin: Vulnerabilities CVE-2016-0736, CVE-2016-2161 and CVE-2016-8743 in IBM i HTTP Server
Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypto. By sending specially crafted data, a remo...
Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-11358)
Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could...
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM Cognos Business Intelligence
Summary This bulletin addresses several security vulnerabilities in Apache HTTP Server that are fixed in IBM Cognos Business Intelligence. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in...
Security Bulletin: IBM Spectrum Protect Client Web Interface is vulnerable to a clickjacking attack (CVE-2018-1853)
Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2-ifix1 Vulnerability Details CVEID:CVE-2025-1974 DESCRIPTION: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, two Malicious File Upload vulnerabilities have been addressed. Please...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2002-0080 DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001
Summary The following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization...
Security Bulletin: IBM i Access Client Solutions is vulnerable to remote code execution and failing to secure passwords due to multiple vulnerabilities
Summary IBM i Access Client Solutions is vulnerable to remote code execution due to a flaw which fails to authenticate the origin of a serialized object CVE-2023-45185, and insecurely storing passwords by allowing the password encryption key to be retrieved CVE-2023-45184 or decoded using a brute...
Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.10 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]
Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...
Security Bulletin: Apache Log4j Vulnerability affects Cloud Pak for Data (CVE-2021-44228)
Summary There is a vulnerability in the version of Apache Log4j that was included in Cloud Pak for Data. This issue has been addressed. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2018-14040 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the collapse data-parent attribute. A remote attacker could...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-24998)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...
Security Bulletin: IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities
Summary Multiple vulnerabilites have been identified in the OpenSSL conponent of IBM MQ for HPE NonStop Server. These are CVE-2022-4304 CVE-2023-0215 CVE-2023-0286. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to request smuggling in Go (CVE-2022-41721)
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to request smuggling in Go with details below. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sending a...
Security Bulletin: IBM QRadar SIEM is vulnerable to possible information disclosure [CVE-2023-22875]
Summary IBM QRadar SIEM copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. The key remains within the QRadar deployment. However, if you allow users other than QRadar system administrators to access manag...
Security Bulletin: IBM MQ is affected by FasterXML jackson-databind vulnerabilities (CVE-2022-42003, CVE-2022-42004)
Summary Multiple issues were identified with the Jackson library that is used within the IBM MQ Console to provide REST API functionality. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the...
Security Bulletin: Vulnerabilities in Certifi, Setuptools and Python may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-23491, CVE-2022-40897, CVE-2022-45061)
Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Certifi, Setuptools and Python. Vulnerabilities include error with TurstCor's owenership of certificates and denial of service attacks, as described by the CVEs in the "Vulnerability...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Spark
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Spark. Vulnerability Details CVEID:CVE-2022-31777 DESCRIPTION: Apache Spark is vulnerable to cross-site scripting, caused by improper validation of user-supplied input in the log viewer. A...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-42252
Summary IBM UrbanCode Release is affected by CVE-2022-42252 Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - April 2021 CPU (CVE-2021-2163)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by v4.1.0.4 to 4.1.0.7 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in April 2021. Vulnerability Details Refer to the security...
Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect handling of the argument vectors in the pkexec utility. By crafting...
Security Bulletin: Javadoc vulnerability exists in the IMS Connect API for Java component of IMS Enterprise Suite (CVE-2013-1571)
Abstract The IMSâ„¢ Connect API for Javaâ„¢ component of IMS Enterprise Suite version 2.2 contains a frame injection vulnerability for Javadocâ„¢. Content VULNERABILITY DETAILS CVE ID : CVE-2013-1571 DESCRIPTION HTML documentation generated by the Javadoc tool contains a security vulnerability. The...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-7160 DESCRIPTION: Node.js...
Security Bulletin: IBM Sterling Connect:Direct for UNIX container is vulnerable to obtain sensitive information due to OpenSSL (CVE-2022-2097)
Summary There is a vulnerability in the OpenSSL library used by IBM Sterling Connect:Direct for UNIX container. IBM Sterling Connect:Direct for UNIX Container has addressed the applicable issue by upgrading OpenSSL to 1.1.1k. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could...
Security Bulletin: Due to use of PostgreSQL JDBC Driver, IBM Cloud PAK for Watson AI Ops is vulnerable to SQL Injection (CVE-2022-31197)
Summary PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service...
Security Bulletin: Vulnerabilities in Intel Chipset affect IBM Cloud Pak System (CVE-2021-0060, CVE-2021-0147, CVE-2021-33080)
Summary Vulnerabilities in Intel Chipset affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-0060 DESCRIPTION: Intel SPS could allow a physical attacker to gain elevated privileges on the system, caused by insufficient...
Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Performance Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)
Summary There are vulnerabilities in Eclipse Jetty that affect Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by...
Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.
Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...
Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2016-2107 MITM attack in OpenSSL, CVE-2016-5547 Denial of service in IBM Runtime Environment Javaâ„¢ CVE-2017-1123 Escalation of privilege in the DS8000 HMC Vulnerability Details CVEID: CVE-2016-210...
Security Bulletin: IBM Navigator for i is vulnerable to an SQL injection (CVE-2022-22495)
Summary IBM Navigator for i provides server administration functionality via a robust graphical user interface. IBM Navigator for i is vulnerable to an SQL injection as described in the vulnerability details section. The vulnerabilty is fixed by applying the latest HTTP Server for i group PTF as...
Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged ...
Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)
Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks or execution of arbitrary code to get sensitive information, overflow a buffer causing the application to crash, and other critical problems...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite
Summary There are vulnerabilities in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot for VMware (CVE-2021-44228)
Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apac...
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-45105 and CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. The below fix package includes Log4j 2.17. Vulnerability...
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in Apache Log4j (CVE-2021-45105 & CVE-2021-44832)
Summary A Denial of Service issue was identified within the Log4j fix for CVE-2021-45046 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and...