35665 matches found
Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged ...
Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)
Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks or execution of arbitrary code to get sensitive information, overflow a buffer causing the application to crash, and other critical problems...
Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects IBM Security Network Intrusion Prevention System (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused b...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite
Summary There are vulnerabilities in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large...
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-45105 and CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. The below fix package includes Log4j 2.17. Vulnerability...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot for VMware (CVE-2021-44228)
Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apac...
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in Apache Log4j (CVE-2021-45105 & CVE-2021-44832)
Summary A Denial of Service issue was identified within the Log4j fix for CVE-2021-45046 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and...
Security Bulletin: IBM N Series Data ONTAP SMI-S Agent is affected by vulnerability in OpenSSL
Summary IBM N Series Data ONTAP SMI-S Agent is affected by vulnerability in OpenSSL CVE-2014-0160 Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker...
Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateway appliances (CVE-2014-3570, CVE-2015-0204)
Summary SSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM DataPower Gateway has addressed the corresponding applicable CVEs. Vulnerability Details CVEID: CVE-2014-35...
Security Bulletin: Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-26116)
Summary A Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2020-26116 Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserti...
Security Bulletin: Vulnerabilities in XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js affect IBM Spectrum Control
Summary Multiple vulnerabiilities in XStream, Apache HTTP components, FasterXML Jackson Databind, OpenSSL, and Node.js may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when unmarshallin...
Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-8169 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to...
Security Bulletin: Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
Summary Vulnerabilities in Java are affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...
Security Bulletin: IBM QRadar Network Security is affected by Network Time Protocol (NTP) vulnerabilities (CVE-2020-11868, CVE-2020-13817)
Summary IBM QRadar Network Security is affected by Network Time Protocol NTP vulnerabilities of denial of service by flaw in ntpd, relying on unauthenticated IPv4 time sources in ntpd. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a...
Security Bulletin: Vulnerability in OpenSSH affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-5600)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in OpenSSH. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in OpenSSH. Vulnerability Details: CVE-ID: CVE-2015-5600 Description:...
Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023)
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this...
Security Bulletin: IBM Cognos Controller 2020Q1 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller
Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller 10.4.1 IF4, 10.4.0 IF7, 10.3.1 IF13 and 10.3.0 FP1 IF14. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and the IBM® Runtime Environment Jav...
Security Bulletin: Multiple Vulnerabilities in OpenSSH affect IBM i
Summary OpenSSH is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-10009 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading of a specially crafted PKCS11 module across a...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on APR 16, 2018 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only mode. A remote...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2014-0114, CVE-2016-1181, CVE-2016-1182, CVE-2012-1007)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...
Security Bulletin: Vulnerabilities in Bash affect IBM InfoSphere Guardium Database Activity Monitoring (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM InfoSphere Guardium Database Activity Monitoring. Vulnerability...
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.0.0 to 1.5.2.5 of IBM SONAS Vulnerability Details IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of...
Security Bulletin: IBM Security Access Manager for Web is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)
Summary Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. IBM Security Access Manager for Web...
Security Bulletin: zlib vulnerability may affect IBM® SDK, Java™ Technology Edition
Summary zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVE IDs: CVE-2016-984...
Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.
Summary IBM OpenPages GRC Platform has addressed potential security exposure due to multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVEID: CVE-2017-6056 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A...
Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect WebSphere DataPower XC10 Appliance
Summary There are multiple vulnerabilities in Network Time Protocol NTP implementation that is used by WebSphere DataPower XC10 Appliance. These vulnerabilities addressed include the ability to crash application and disable ntp service. Vulnerability Details CVEID: CVE-2016-7426 DESCRIPTION: NTP ...
Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability due to invscout (CVE-2022-36768)
Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to obtain root privileges CVE-2022-36768. Vulnerability Details CVEID:CVE-2022-36768 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtai...
Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime
Summary The IBM SPSS Collaboration and Deployment Services using IBM Semeru Runtime Quarterly CPU - Jan 2023 - Includes OpenJDK January 2023 CPU plus CVE-2022-4304. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Vulnerabilty in the .NET Core Framework may affect IBM Robotic Process Automation and could allow an attacker to remotely execute arbitrary code.
Summary There is a vulnerability in System.Drawing.Comman used by IBM Robotic Process Automation as part of the .NET Core framework. CVE-2021-24112. The vulnerability could allow an attacker to remotely execute arbitrary code. This bulletin identifies the security fixes to apply to address this...
Security Bulletin: Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 (CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325).
Summary Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325. IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 have addressed the applicable issues. Vulnerability Details CVEID:CVE-2023-3978 DESCRIPTION:...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...
Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)
Summary IBM Security Guardium has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2023-0041 DESCRIPTION: IBM Security Guardium could allow a user to take over another user's session due to insufficient session expiration. CVSS Base score: 6.3 CVSS Temporal Score: See:...
Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect
Summary IBM Storage Defender – Data Protect is vulnerable and that can result in runtime errors, denial of service attacks, remote code execution, or remote access authentication bypass. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2018-17142 DESCRIPTION: Golang Go is...
Security Bulletin: IBM MQ as used by IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM MQ as used by IBM QRadar SIEM contains multiple vulnerabilities. IBM QRadar SIEM has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2020-4682 DESCRIPTION: IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code ...
Security Bulletin: IBM Integration Bus is vulnerable to a remote attack due to Apache Jena (CVE-2021-39239, CVE-2022-28890, CVE-2023-22665).
Summary IBM Integration Bus is vulnerable to a remote attack due to Apache Jena CVE-2021-39239, CVE-2022-28890, CVE-2023-22665. Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of...
Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities
Summary IBM Security Directory Integrator has addressed several security issues in open source packages. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2018-1270 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-31047 DESCRIPTION: Django could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker...
Security Bulletin: cURL as used by IBM QRadar WinCollect Agent contains multiple vulnerabilities
Summary cURL as used by IBM QRadar WinCollect Agent contains multiple vulnerabilities. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2023-27533 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a TELNET option IAC...
Security Bulletin: OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities.
Summary OpenSSL for IBM i is vulnerable to a denial of service caused by error in certificate verification CVE-2023-0464, a denial of service caused by arbitrary pointers to memcmp CVE-2023-0286, denial of service caused by a double-free error CVE-2022-4450, denial of service caused by...
Security Bulletin: Vulnerability in the Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-6214)
Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems have addressed the following vulnerability in the Linux Kernel. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems have addressed the followin...
Security Bulletin: CVE-2022-27664, CVE-2022-21698, CVE-2021-43565 and CVE-2022-27191 may affect IBM CICS TX Standard
Summary Multiple CVEs CVE-2022-27664, CVE-2022-21698, CVE-2021-43565 and CVE-2022-27191 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Relevant Go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is...
Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461)
Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a remote...
Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2023-25921, CVE-2023-25926, CVE-2023-25685, CVE-2023-25922, CVE-2023-25925)
Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 and v4.1.1.7. Please upgrade to GKLM v4.2 or apply the latest fix packs 4.1.1 FP 7 for the fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to server-side request forgery due to Apache CXF CVE-2022-46364 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to SnakeYAML
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from SnakeYAML. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...
Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)
Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could...
Security Bulletin: Apache POI up to 4.1.0 allows an attacker while converting user-provided document to XML
Summary In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker. Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Planning Analytics Workspace is affected by a vulnerability [CVE-2022-31129]
Summary IBM Planning Analytics Workspace is affected by a vulnerability. Moment.js is a library used to parse, validate, manipulate, and display dates and times in JavaScript. This vulnerability has been addressed. CVE-2022-31129 Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...