35596 matches found
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)
Summary OpenSSL vulnerabilities were discllossed by the OpenSSL Project in October and November of 2018. IBM Spectrum Protect Plus uses OpenSSL and has addressed the applicable CVEs. 20 February 2020 - Changed fixing level from 10.1.5 to 10.1.5 patch1. 21 February 2020 - Provided link to 10.1.5...
Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840
Summary There is a vulnerability in Apache Struts which the IBM FlashSystem™ V840 is susceptible. An exploit of that vulnerability CVE-2018-11776 could make the system susceptible to attacks which could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID:...
Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)
Summary IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure External Authentication Server (CVE-2021-44228)
Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitraty code on the system was addressed by IBM Secure External Authentication Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager for Wireline(Deferred CVE-2020-2590 and CVE-2020-2601)
Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager. This issues is disclosed as part of the IBM Java SDK updates for July 2020. Information about a security vulnerability affecting IBM WebSphere Application Server has...
Security Bulletin: IBM CICS TX Standard is vulnerable to several no confidentiality exposures due to IBM SDK, Java Technology Edition
Summary IBM SDK, Java Technology Edition is used by CICS TX Standard to run WebSphere Liberty, Fix Installer and Java based CICS applications. The fix removes the no confidentiality exposure vulnerabilities CVE-2022-21496, CVE-2022-21434 and CVE-2022-21443 from IBM SDK, JTE. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6/7 used by ITCAM for SOA. ITCAM for SOA has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker ...
Security Bulletin: Vulnerability in Apache Log4j affects IBM InfoSphere Master Data Management (CVE-2021-44228 )
Summary There is a vulnerability in the Apache Log4j open source library used by IBM InfoSphere Master Data Management v11.6 and v12.0. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure...
Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314,...
Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services
Summary There are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulnerable to these issues. The fix includes Spring 5.3.20. Vulnerability Details CVEID: CVE-2022-22950...
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for System z (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Developer for System z. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could explo...
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2021-3807 DESCRIPTION: Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression...
Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2023-23477)
Summary IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been addressed. Vulnerability Details CVEID:CVE-2023-23477 DESCRIPTION: IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple IBM Java Runtime vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple IBM Java Runtime vulnerabilities. Vulnerability Details CVEID:CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. CVSS...
Security Bulletin: IBM SPSS Statistics is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)
Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...
Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-45046)
Summary IBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-45046 vulnerability. IBM Cognos Analytics has upgraded Apache Log4j to v2.16...
Security Bulletin: IBM Security Verify Privilege Products NOT Affected by CVE-2021-44228 Exploit
Summary IBM Security Verify Privilege Products NOT Affected by CVE-2021-44228 Exploit. Vulnerability Details OEM partner ThycoticCentrify, after conducting extensive research product code base, it is determined that none of the products outlined below are using the vulnerable Java library log4j...
InfoSphere Information Server Manager and the istool command may encounter errors after applying JR55455
Problem After applying JR55455, you might find that the istool command does not work correctly and that you cannot login to the Information Server Manager. Details of the fix for JR55455 can be found in the security bulletin http://www-01.ibm.com/support/docview.wss?uid=swg21982420 Symptom The...
Security Bulletin: Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13943)
Summary Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2020-13943 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of...
Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)
Summary Apache Log4j is used for logging in multiple components of the IBM Cloud Pak System CPS appliance: Logstash, VMware vCenter, IBM Hardware Management Console and product pattern type pType. Arbitrary code execution vulnerabilities have been identified in Apache Log4j. Vulnerability Details...
Security Bulletin: IBM OpenPages with Watson has addressed security vulnerability in Apache Log4j (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker ...
Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-6597 DESCRIPTION: Python could provide weaker than expected security, caused by an issue with tempfile.TemporaryDirectory fails removing...
Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011)
Summary IBM Security Network Protection has addressed vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2016-10011 DESCRIPTION: OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a privilege separation flaw. An attacker could exploit this...
Security Bulletin: IBM QRadar WinCollect agent has multiple vulnerabilities
Summary The product includes vulnerable components e.g., third party libraries that may be identified and exploited with automated tools. IBM QRadar WinCollect for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semanti...
Security Bulletin: IBM Content Navigator container deployments are vulnerable to a remote execution vulnerability (Log4j)
Summary IBM Content Navigator container deployments are vulnerable to a remote execution vulnerability. IBM Content Navigator has addressed the vulnerability as described below. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...
Security Bulletin: Cloudera Data Platform is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary IBM products for Cloudera Data Platform and Hortonworks Data Platform are affected by critical Apache Log4j vulnerability CVE-2021-44228. A malicious user could exploit this vulnerability to run arbitrary code as the user or service account running the affected software. The fix includes...
Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability
Summary IBM Security Guardium has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By...
Security Bulletin: IBM Security Guardium is affected by a Publicly disclosed Apache Struts vulnerability
Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when using results with no namespace and its upper action...
Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444)
Summary UPDATED Sep 13 Added iFix information for 7.1 TL5 SP10 and 7.2 TL4 SP6: A vulnerability in the AIX lpd printer daemon could allow a local user with elevated privileges to cause a denial of service CVE-2022-22444. The lpd daemon is the remote print server on AIX. Vulnerability Details...
Security Bulletin: IBM Telco Network Cloud Manager - Performance: Apache log4j Vulnerability (CVE-2021-44228)
Summary The IBM Telco Network Cloud Manager - Performance is affected by a security vulnerability. Apache Log4j is used by IBM Telco Network Cloud Manager - Performance as part of its UI service. This bulletin provides remediation for the vulnerability, CVE-2021-44228 by upgrading UI service of I...
Security Bulletin: Vulnerabilities in Apache Commons Codec affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management can lead to information disclosure
Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache Commons Codec library. The vulnerability can lead t...
Security Bulletin: Vulnerabilities in Oracle Java and the IBM Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968 and CVE-2023-21937 ) affect Power HMC
Summary IBM SDK, JAVA is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Text (CVE-2022-42889)
Summary There is a vulnerability in Apache Commons Text used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-42889. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker...
Security Bulletin: IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)
Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and version 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: A security vulnerability has been identified in IBM Tivoli Monitoring shipped with IBM Systems Director Editions(CVE-2016-2183)
Summary IBM Tivoli Monitoring is shipped as a component of IBM Systems Director Editions. Information about a security vulnerability affecting IBM Tivoli Monitoring has been published in a security bulletin. Vulnerability Details Please consult the security bulletins listed below for the...
Security Bulletin: Vulnerabilities in Apache Log4j impacts IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2021-45105, CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may impact the IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments due to their uses of Apache Log4j for logging of messages and...
Security Bulletin: IBM Security Access Manager has fixed a vulnerability in the log4j library shipped with the product. (CVE-2021-4104)
Summary The IBM Security Access Manager version 9.0 ships with a version of log4j that is vulnerable to CVE-2021-4104. The log4j library is no longer used by the IBM Security Access Manager product and a Fixpack has been provided to remove the unused library. Vulnerability Details CVEID:...
Security Bulletin: Apache Log4j Vulnerability Afffects IBM Secure Proxy (CVE-2021-45046)
Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitrary code on the system was addressed by IBM Secure Proxy. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45105)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-45105. Vulnerabili...
Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Asset Management (CVE-2023-43643)
Summary There is a vulnerability in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2023-43643 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2023-26115]
Summary Node.js word-wrap is used internally by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js word-wrap...
Security Bulletin: Vulnerability in EFS affects AIX (CVE-2021-29861)
Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Added iFix for 7.1 TL5 SP11 There is a vulnerability in EFS that affects AIX. Vulnerability Details CVEID:CVE-2021-29861 DESCRIPTION: IBM AIX could allow a non-privileged local user t...
Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Liberty for Java for IBM Cloud
Summary There are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Some HTTP/2...
Security Bulletin: Vulnerability in IBM WebSphere Liberty affects IBM InfoSphere Global Name Management (CVE-2022-34165)
Summary The IBM WebSphere Liberty used in IBM InfoSphere Global Name Management is vulnerable to HTTP header injection when processing web requests. This problem is addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM...
Security Bulletin: Apache Log4J vulnerability affects IBM Watson Studio Premium Add On in Cloud Pak for Data (CVE-2021-44228)
Summary Apache Log4j, used for logging in IBM Watson Studio Premium Add On in Cloud Pak for Data is impacted by the Apache Log4j vulnerability CVE-2021-44228. Customers are encouraged to take quick action to update their systems. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log...
Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server
Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by improper...
Security Bulletin: Vulnerabilities in Network Security (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2015-7181 CVE-2015-7182 CVE-2015-7183)
Summary Vulnerabilities in Network Security NSS and Netscape Portable Runtime NSPR affect the IBM SAN Volume Controller and Storwize Family. Though the CVE descriptions below document the vunerbilities in the context of the Mozilla product, the IBM SAN Volume Controller and Storwize Family of...
Security Bulletin: OpenSSH for IBM i is vulnerable to a machine-in-the-middle attack due to a flaw in the SSH transport protocol. [CVE-2023-48795]
Summary OpenSSH used by IBM i is vulnerable to a machine-in-the-middle attack due to a flaw in the SSH transport protocol with certain extensions as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...
Security Bulletin: Vulnerabilities in openSSL and WebSphere Liberty affect IBM WIoTP MessageGateway (CVE-2022-22476 CVE-2019-11777 CVE-2022-22475 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292)
Summary There is a vulnerabilities in OpenSSL and WebSphere Liberty that affect IBM WIoTP MessageGateway. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for...