35608 matches found
Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j
Summary There are vulnerabilities in the version of Apache Log4j that is used by IBM Data Virtualization on Cloud Pak for Data CVE-2021-45046 and CVE-2021-45105 which is used for logging. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...
Security Bulletin: Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)
Summary There are multiple vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307 as described in the vulnerability details section. Apache Log4j v1 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM h...
Security Bulletin: Apache commons-compress security vulnerabilities in IBM Content Manager
Summary Apache commons-compress security vulnerabilities in IBM Content Navigator ICN toolkit affecting Administration Console for Content Platform Engine ACCE Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...
Security Bulletin: IBM Security Directory Integrator NOT Affected by CVE-2021-44228 Exploit
Summary IBM Security Directory Integrator NOT Affected by CVE-2021-44228 Exploit. Vulnerability Details After conducting extensive research on product code base, it is determined that all versions of IBM Security Directory Integrator are not vulnerable to Java library Apache log4j v2 with JNDI...
Security Bulletin: IBM Application Navigator is vulnerable to an remote attacker exploitation of Apache Log4j (CVE-2021-44228)
Summary The IBM Application Navigator contains a copy of Apache Log4j which is not used by the IBM Application Navigator function. Out of an abundance of caution this update removes the unused copy of Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow ...
Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime
Summary There are multiple Ruby vulnerabilities that affect IBM Cloud Foundry Migration Runtime that could cause a denial of service, HTTP response splitting, a remote attacker to bypass security restrictions, a remote attacker to obtain sensitive information, a local attacker to gain unauthorize...
Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications
Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Axis.jar V1.x Vulnerability Details CVEID: CVE-2018-8032 DESCRIPTION: Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default...
Security Bulletin: Vulnerabilities in XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js affect IBM Spectrum Control
Summary Multiple vulnerabiilities in XStream, Apache HTTP components, FasterXML Jackson Databind, OpenSSL, and Node.js may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when unmarshallin...
Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January 2020, April 2020 and July 2020. IBM Cognos Business Intelligence has addressed the applicable...
Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-8169 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to...
Security Bulletin: Vulnerability in OpenSSH affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-5600)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in OpenSSH. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in OpenSSH. Vulnerability Details: CVE-ID: CVE-2015-5600 Description:...
Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via HTTP/2.
Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has...
Security Bulletin: Java CVE-2015-2590
Summary An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact and affects IBM i java. Vulnerability Details CVEID: CVE-2015-2590 DESCRIPTION: An unspecified vulnerability and Java SE Embedde...
Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities
Summary IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities Vulnerability Details CVEID: CVE-2019-9500 DESCRIPTION: CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159642 for the current score. CVSS Vector:...
Security Bulletin: Potential denial of service in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2018-10237)
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...
Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module
Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on TLS 1.2, affect IBM Flex System Chassis Management Module. Vulnerability Details Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to...
Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)
Summary An OpenSSL vulnerability was disclosed on June 12 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused b...
Security Bulletin: Vulnerabilities in Apache HTTPD affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in Apache HTTPD. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-9788 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by the failure to properly initialize memory used to process ''Digest''...
Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - April 2015
Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 5, 6 and 7, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses the RC4 Bar Mitzvah Attack for...
Security Bulletin: Vulnerability in SSLv3 affects TS4500 (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in TS4500. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused ...
Security Bulletin: Vulnerabilities in Bash affect IBM System Storage Storwize V7000 Unified (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM System Storage Storwize V7000 Unified. Vulnerability Details The following vulnerabilities are only exploitable by users who already ha...
Security Bulletin: A security vulnerability has been identified in the IBM HTTP server component of IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2017-12618)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Please consult the security...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.7.0. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8. These issues were disclosed as part of the IBM Java SDK updates in July 2016, October 2016, January 201...
IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6
Abstract Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR13FP1 and earlier. Content VULNERABILITY DETAILS There are multiple security vulnerabilities in the IBM Java Runtime Environment used in WebSphere Cast Iron. CVE...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware
Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...
Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)
Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...
Security Bulletin: IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly consider...
Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425, CVE-2023-52426, CVE-2023-6597)
Summary Vulnerabilities in Python could allow a remote or local attacker to cause a denial of service CVE-2023-52425, CVE-2023-52426 or launch further attacks on the system CVE-2023-6597. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2023-524...
Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities (CVE-2024-1597, CVE-2023-26159)
Summary IBM Security Verify Information Queue ISIQ v10.0.8 has addressed vulnerabilities in the third-party libraries with an update. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted...
Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)
Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections caus...
Security Bulletin: urllib3-1.26.16-py2.py3-none-any.whl (Publicly disclosed vulnerability found by Mend) was vulnerable to this CVE-2023-43804
Summary Security Bulletin: urllib3-1.26.16-py2.py3-none-any.whl Publicly disclosed vulnerability found by Mend was vulnerable to this CVE-2023-43804 : This bulltetin identifies the vulnerability and it's solution. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remot...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.
Summary The following vulnerability in PHP has been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2018-19518 DESCRIPTION: University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by...
Security Bulletin: Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 (CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325).
Summary Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325. IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 have addressed the applicable issues. Vulnerability Details CVEID:CVE-2023-3978 DESCRIPTION:...
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty
Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...
Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor
Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2023-32005 DESCRIPTION: Node.js could allow a remote attacker to obtain sensitive information, caused by the failure to restrict file stats through the fs.statfs API in...
Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM Application Performance Management products
Summary Apache Commons FileUpload is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not...
Security Bulletin: IBM Storage Protect Space Management is vulnerable to confidentiality impact, availability impact, integrity impact, and arbitrary code execution due to multiple CVEs in IBM Java
Summary IBM Storage Protect Space Management is affected by multiple vulnerabilities in IBM Java: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597. The vulnerabilties can lead to high confidentiality impact, high high...
Security Bulletin: Vulnerabilities in IBM Websphere Application Server affects IBM Application Performance Management.
Summary IBM Websphere Application Server - Liberty is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated...
Security Bulletin: Multiple denial of Service vulnerabilities in snappy-java may affect IBM Business Automation Workflow (CVE-2023-34453, CVE-2023-34454, CVE-2023-34455)
Summary IBM Business Automation Workflow is vulnerable to a Denial of Serivce attack. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request, a remote...
Security Bulletin: IBM MQ Explorer is affected by vulnerabilities in Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)
Summary IBM MQ is affected by vulnerabilites in Eclipse Jetty. This is used in the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...
Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities
Summary IBM Security Directory Integrator has addressed several security issues in open source packages. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2018-1270 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM) (CVE-2015-3200)
Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details: CVE-ID: CVE-2015-3200 Description: lighttpd could...
Security Bulletin: Vulnerability in the Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-6214)
Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems have addressed the following vulnerability in the Linux Kernel. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems have addressed the followin...
Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the GUI may allow an authenticated attacker to escalate their privilege on IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. Vulnerability Details CVEID:CVE-2022-43873 DESCRIPTION: An authenticated user can exploit a...
Security Bulletin: Vulnerability in Network Security Services (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2730)
Summary There is a vulnerability in Network Security Services NSS that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed by Mozilla in July 2015. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Network Security Services NSS before 3.19.1 does no...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox ESR have affected APM Synthetic Playback Agent
Summary APM Synthetic Playback Agent is vulnerable to Firefox ESR CVE-2023-23599, CVE-2023-23603, CVE-2023-23605, CVE-2023-23602, CVE-2023-23601, CVE-2023-23598. Firefox ESR is used by APM Synthetic Playback Agent for running the selenium scripts. The fix includes support for Firefox 102.7 ESR...
Security Bulletin: Vulnerability in libc affects AIX (CVE-2021-29860)
Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Added iFix for 7.1 TL5 SP11 There is a vulnerability in the libc.a library that affects AIX. Vulnerability Details CVEID:CVE-2021-29860 DESCRIPTION: IBM AIX could allow a non-privileg...
Security Bulletin: Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package(CVE-2022-26336)
Summary Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. By persuading a victim to open a specially-crafted TNEF file, a remote attacker could exploit this vulnerability to cause the server to crashCVE-2022-26336 Vulnerability Details...