35598 matches found
Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint has addressed multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)
Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera High-Speed Transfer Server 4.4.1 and Aspera High-Speed Transfer Endpoint 4.4.1 Vulnerability Details CVEID:CVE-2022-27774 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain...
Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-22939, CVE-2021-22931, CVE-2020-7598)
Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilites CVE-2021-22939, CVE-2021-22931, CVE-2020-7598 which allowed a remote attacker to exploit this vulnerability to add or modify properties of Object.prototype, connect to servers using an expired...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim (CVE-2022-1621)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim CVE-2022-1621 caused by improper bounds checking in the vimstrncpy findword component. Vim is used as part of the base image included in our service components. Please read...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple Node.js vulnerabilities. Vulnerability Details CVEID:CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit...
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)
Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a double-free flaw in the error/cleanup...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8
Summary Multiple vulnerabilities were found with IBM® Runtime Environment Java™ Technology Edition, Version 8 which is shipped with IBM MQ and used for Java & JMS client, AMQP, MQTT, MFT & MQIPT functionality. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.1
Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.5.1 Content The following vulnerabilities have been fixed in IBM WebSphere Application Server Fix Pack 8.5.5.1 VULNERABILITY DETAILS: CVE ID:CVE-2013-0460PM72275 DESCRIPTION: WebSpher...
Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)
Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022
Summary In addition to many updates of open source packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF011 and 22.0.1-IF001. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2022 CPU plus deferred CVE-2022-21299
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere...
Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation
Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 8.0.7.5. Vulnerability Details CVEID: CVE-2021-41035 DESCRIPTION:...
Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.
Summary Linux Kernel used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2020-27777 . Vulnerability Details CVEID: CVE-2020-27777 DESCRIPTION: Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...
Security Bulletin: IBM QRadar Network Security is NOT Affected by CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 exploits
Summary IBM QRadar Network Security is NOT Affected by CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 exploits. IBM QRadar Network Security uses WebSphere Liberty as application server. Liberty package contains log4j binaries, however they are not used by Liberty & IBM QRadar...
Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-0232 DESCRIPTION: When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to...
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-14803, CVE-2020-27221
Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-14803, CVE-2020-27221. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low...
Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server
Summary Muiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server are addressed. Vulnerability Details CVEID: CVE-2020-8557 DESCRIPTION: Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the...
Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities
Summary Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2018-11775)
Summary Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveM...
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
Summary There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-19252 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the...
Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2018-1111 - Vulnerability in the NetworkManager integration script CVE-2018-2783 - IBM Java Runtime vulnerability CVE-2018-2790 - IBM Java Runtime vulnerability CVE-2018-5391 - Improper handling o...
Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution o...
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improper bounds checking in...
Security Bulletin: Vulnerability in Linux Kernel affects IBM RackSwitch Products (CVE-2017-6214)
Summary IBM RackSwitch Products have addressed the following vulnerability in Linux Kernel. Vulnerability Details Summary IBM RackSwitch Products have addressed the following vulnerability in Linux Kernel. Vulnerability Details: CVEID: CVE-2017-6214 Description: Linux Kernel is vulnerable to a...
Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2016-8624, CVE-2016-8625)
Summary IBM Rational ClearCase is affected by cURL/libcURL access restriction bypass and network host spoofing vulnerabilities. Vulnerability Details CVEID: CVE-2016-8624 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the...
Security Bulletin: OpenSSL vulnerability in IBM Storwize V7000 Unified (CVE-2014-0224)
Summary Security vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2014-0224 DESCRIPTION: SSL/TLS MITM vulnerability An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NUL...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM MessageSight (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM MessageSight. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid...
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSL (CVE-2016-0797, CVE-2016-0705)
Summary Vulnerabilities in OpenSSL affect IBM Security Access Manager for Mobile. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by ...
Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure (CVE-2022-22334)
Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure CVE-2022-22334 Vulnerability Details CVEID:CVE-2022-22334 DESCRIPTION: IBM Robotic Process Automation could allow a user to access information from a tenant of which they should not have access...
Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-23454 DESCRIPTION: Apache Hadoop could allow a local authenticated attacker t...
Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
Summary Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. These fixes resolve the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere...
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086. Vulnerability Details CVEID:CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...
Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND
Summary UPDATED: Corrected the affected fileset levels to reflect that bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details...
Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper...
Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in the Kernel (CVE-2020-12464)
Summary IBM RackSwitch firmware products have addressed the following Kernel vulnerability. Vulnerability Details CVEID: CVE-2020-12464 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the usbsgcancel function in...
Security Bulletin: IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122)
Summary IBM HTTP Server is vulnerable to information disclosure when using the modmacro module due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2023-31122 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an out-of-boun...
Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products
Summary Multiple vulnerabilities in jackson-databind-2 used by IBM Application Performance Management. The vulnerabilites below have been addressed. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty CVE-2020-10735, CVE-2022-45061. LibTiff is used by IBM Robotic Process Automation for Cloud Pak as part of .NET Core and Watson NLP CVE-2022-3627, CVE-2022-3970. cURL libcurl is used...
Security Bulletin: Vulnerabilities found in poi-3.9.jar, poi-scratchpad-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-12626, CVE-2014-9527)
Summary Multiple vulnerabilities have been identified in poi-3.9.jar, poi-scratchpad-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...
Security Bulletin: Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1
Summary CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2023-1667, CVE-2023-2283, CVE-2020-11080, CVE-2023-31484, CVE-2023-24329 may affect Ubuntu Operating System packages shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the...
Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to a memory usage flaw (CVE-2023-2828)
Summary Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to a denial of service attack due to memory usage exceeding the configured cache size limit as seen in the vulnerability details section. IBM i has addressed the vulnerability in ISC BIND with a fix as described in the...
Security Bulletin: CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced
Summary CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary cod...
Security Bulletin: Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Linux kernel, libssh, and Java. Vulnerabilities include denial of service, elevated privileges, crashes, execute arbitrary code on the system, obtaining sensitive kernel information, network attacks, bypassing authentication,...