35680 matches found
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.
Summary The following vulnerability in PHP has been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2018-19518 DESCRIPTION: University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by...
Security Bulletin: IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122)
Summary IBM HTTP Server is vulnerable to information disclosure when using the modmacro module due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2023-31122 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an out-of-boun...
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-30428, CVE-2023-30429, CVE-2023-37579 and CVE-2023-31007 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30428 DESCRIPTION: Apache Pulsar could allow a...
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty
Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...
Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor
Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2023-32005 DESCRIPTION: Node.js could allow a remote attacker to obtain sensitive information, caused by the failure to restrict file stats through the fs.statfs API in...
Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM Application Performance Management products
Summary Apache Commons FileUpload is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not...
Security Bulletin: IBM Storage Protect Space Management is vulnerable to confidentiality impact, availability impact, integrity impact, and arbitrary code execution due to multiple CVEs in IBM Java
Summary IBM Storage Protect Space Management is affected by multiple vulnerabilities in IBM Java: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597. The vulnerabilties can lead to high confidentiality impact, high high...
Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products
Summary Multiple vulnerabilities in jackson-databind-2 used by IBM Application Performance Management. The vulnerabilites below have been addressed. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based...
Security Bulletin: Vulnerabilities in IBM Websphere Application Server affects IBM Application Performance Management.
Summary IBM Websphere Application Server - Liberty is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated...
Security Bulletin: Multiple denial of Service vulnerabilities in snappy-java may affect IBM Business Automation Workflow (CVE-2023-34453, CVE-2023-34454, CVE-2023-34455)
Summary IBM Business Automation Workflow is vulnerable to a Denial of Serivce attack. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request, a remote...
Security Bulletin: IBM MQ Explorer is affected by vulnerabilities in Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)
Summary IBM MQ is affected by vulnerabilites in Eclipse Jetty. This is used in the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...
Security Bulletin: protobuf.js component is vulnerable which is used by IBM Maximo Application Suite [CVE-2023-36665]
Summary IBM Maximo Application Suite uses protobuf.js package which is vulnerable to CVE-2023-36665. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototyp...
Security Bulletin: [All] Spring Framework (Publicly disclosed vulnerability)
Summary In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. This effects ITN...
Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM) (CVE-2015-3200)
Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details: CVE-ID: CVE-2015-3200 Description: lighttpd could...
Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)
Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP request splitting when using modproxy or the Web Server Plug-in due to the included Apache HTTP Server. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION...
Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]
Summary Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability. CVE-2021-44142 Vulnerability Details CVEID:CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the...
Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the GUI may allow an authenticated attacker to escalate their privilege on IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. Vulnerability Details CVEID:CVE-2022-43873 DESCRIPTION: An authenticated user can exploit a...
Security Bulletin: Vulnerability in Network Security Services (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2730)
Summary There is a vulnerability in Network Security Services NSS that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed by Mozilla in July 2015. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Network Security Services NSS before 3.19.1 does no...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox ESR have affected APM Synthetic Playback Agent
Summary APM Synthetic Playback Agent is vulnerable to Firefox ESR CVE-2023-23599, CVE-2023-23603, CVE-2023-23605, CVE-2023-23602, CVE-2023-23601, CVE-2023-23598. Firefox ESR is used by APM Synthetic Playback Agent for running the selenium scripts. The fix includes support for Firefox 102.7 ESR...
Security Bulletin: Vulnerability in libc affects AIX (CVE-2021-29860)
Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Added iFix for 7.1 TL5 SP11 There is a vulnerability in the libc.a library that affects AIX. Vulnerability Details CVEID:CVE-2021-29860 DESCRIPTION: IBM AIX could allow a non-privileg...
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes.
Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a remote attacker to obtain sensitive information, caused by storin...
Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint has addressed multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)
Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera High-Speed Transfer Server 4.4.1 and Aspera High-Speed Transfer Endpoint 4.4.1 Vulnerability Details CVEID:CVE-2022-27774 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim (CVE-2022-1621)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim CVE-2022-1621 caused by improper bounds checking in the vimstrncpy findword component. Vim is used as part of the base image included in our service components. Please read...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple Node.js vulnerabilities. Vulnerability Details CVEID:CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit...
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)
Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a double-free flaw in the error/cleanup...
Security Bulletin: IBM Security Guardium is affected by a Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2021-39072)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-39072 DESCRIPTION: IBM Security Guardium could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could explo...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8
Summary Multiple vulnerabilities were found with IBM® Runtime Environment Java™ Technology Edition, Version 8 which is shipped with IBM MQ and used for Java & JMS client, AMQP, MQTT, MFT & MQIPT functionality. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.1
Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.5.1 Content The following vulnerabilities have been fixed in IBM WebSphere Application Server Fix Pack 8.5.5.1 VULNERABILITY DETAILS: CVE ID:CVE-2013-0460PM72275 DESCRIPTION: WebSpher...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.10
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.10, IBM WebSphere Application Server Hypervisor 8.0.0.10 and IBM HTTP Server 8.0.0.10 Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server coul...
Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects PowerVM
Summary OpenSSL is used by PowerVM to support encrypted Logical Partition Mobility. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-0778 by upgrading PowerVM and thus addressing the exposure to the openssl vulnerability. Vulnerability Details CVEID: CVE-2022-0778...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2022 CPU plus deferred CVE-2022-21299
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere...
Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation
Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 8.0.7.5. Vulnerability Details CVEID: CVE-2021-41035 DESCRIPTION:...
Security Bulletin: Network Intrusion Prevention System is affected by curl and php5 vulnerabilities (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)
Summary Security vulnerabilities have been discovered in curl and php5 that are used in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-2174 DESCRIPTION: cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...
Security Bulletin: Vulnerability in OpenSSL affects Informix Dynamic Server and CSDK (CVE-2015-1788)
Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Informix Dynamic Server uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2021-3177
Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2021-3177. Vulnerability Details CVEID: CVE-2021-3177 DESCRIPTION: Python is vulnerable to a buffer overflow, caused by improper bounds checking by the PyCArgrepr function in ctypes/callproc.c. By sending specially-crafted...
Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-0232 DESCRIPTION: When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to...
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-14803, CVE-2020-27221
Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-14803, CVE-2020-27221. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low...
Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server
Summary Muiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server are addressed. Vulnerability Details CVEID: CVE-2020-8557 DESCRIPTION: Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the...
Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities
Summary Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2018-11775)
Summary Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveM...
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
Summary There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-19252 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the...
Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2018-1111 - Vulnerability in the NetworkManager integration script CVE-2018-2783 - IBM Java Runtime vulnerability CVE-2018-2790 - IBM Java Runtime vulnerability CVE-2018-5391 - Improper handling o...
Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution o...
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improper bounds checking in...
Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2016-8624, CVE-2016-8625)
Summary IBM Rational ClearCase is affected by cURL/libcURL access restriction bypass and network host spoofing vulnerabilities. Vulnerability Details CVEID: CVE-2016-8624 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the...