35598 matches found
Security Bulletin: IBM App Connect Enterprise toolkit and IBM Integration Bus toolkit are vulnerable to a local authenticated attacker and a denial of service due to Guava and JDOM (CVE-2023-2976, CVE-2021-33813).
Summary IBM App Connect Enterprise toolkit and IBM Integration Bus toolkit are vulnerable to a local authenticated attacker and a denial of service due to Guava and JDOM CVE-2023-2976, CVE-2021-33813. The resolving fixes include Guava version =32.1.1 & JDOM version =2.0.6.1 Vulnerability Details...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities
Summary OpenSSL is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenSSL is vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in OpenSSL. CVE-2023-0217, CVE-2023-1255...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and Google protobuf-java. (CVE-2022-42915, CVE-2021-22569, CVE-2022-3509, CVE-2022-3171, CVE-2022-3510)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and protobuf-java. IBM App Connect Enterprise v12 OpenTelemetry trace is affected by cURL libcurl CVE-2022-42915. IBM App Connect Enterprise v11 and v12 DFDL is affected by protobuf-java CVE-2021-25569,...
Security Bulletin: [All] Spring Framework (Publicly disclosed vulnerability)
Summary In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. This effects ITN...
Security Bulletin: IBM Safer Payments is vulnerable to OpenSSL Information Disclosure Problem (CVE-2021-3712)
Summary IBM Safer Payments versions uses OpenSSL. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially...
Security Bulletin: Several System x and Flex Systems products are affected by vulnerabilities in OpenSSL (CVE-2013-6449, CVE-2013-4353 and CVE-2013-6450)
Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been fix...
Security Bulletin: AIX is vulnerable to denial of service vulnerabilities
Summary UPDATED Apr 5 See 'Change History' for full update history. Current update corrected the affected upper fileset levels for VIOS to show that VIOS 3.1.2.50 and 3.1.3.30 are affected. Added iFixes for VIOS 3.1.2.50 and 3.1.3.30. This update applies to the kernel, perfstat, and pfcdd portion...
Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)
Summary Denial of service vulnerability in moddav module of Apache HTTP Server affects Cloud Pak System. Vulnerability Details CVEID:CVE-2006-20001 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in moddav. By sending a...
Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]
Summary Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability. CVE-2021-44142 Vulnerability Details CVEID:CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the...
Security Bulletin: CVE-2022-27664, CVE-2022-21698, CVE-2021-43565 and CVE-2022-27191 may affect IBM CICS TX Standard
Summary Multiple CVEs CVE-2022-27664, CVE-2022-21698, CVE-2021-43565 and CVE-2022-27191 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Relevant Go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Multiple vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Th...
Security Bulletin: Vulnerability in SSLv3 and OpenSSL affect SAN Volume Controller and Storwize Family (CVE-2014-3566 CVE-2014-3567)
Summary Security Bulletin: Vulnerabilities in Bash affect SAN Volume Controller and Storwize Family CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278 Vulnerability Details Security Bulletin --- Summary --- There are security vulnerabilities in SSLv3 that is...
Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)
Summary Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system vi...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution from Apache Commons Net (CVE-2021-37533)
Summary Apache Common Net is used by IBM Tivoli Netcool Impact to provide telnet connectivity for the CommandResponse service. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to...
Security Bulletin: Vulnerabilities in IBM Db2, IBM Java Runtime, and Golang Go may affect IBM Spectrum Protect Server (CVE-2022-21626, CVE-2022-41717, CVE-2022-43929, CVE-2022-43927, CVE-2022-43930)
Summary IBM Spectrum Protect Server may be affected by vulnerabilities in Java SE, Golang Go and IBM Db2 such as denial of service or information disclosure, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerabilities in Bash affect IBM SAN b-type Switches (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SAN b-type Switches. Vulnerability Details CVE-ID : CVE-2014-6271...
Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2177, CVE-2016-2178).
Summary IBM b-type SAN switches and directors addressing Open Source OpenSSL Vulnerabilities CVE-2016-2177, CVE-2016-2178. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer...
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes.
Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a remote attacker to obtain sensitive information, caused by storin...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to http header injection due to IBM WebSphere Application Server (CVE-2022-34165)
Summary IBM Sterling B2B Integrator has addressed http header injection security vulnerability in IBM WebSphere Application Server shipped with the product. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Applicatio...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)
Summary IBM Sterling Connect:Direct for UNIX Install Agent component is vulnerable to denial of service due to FasterXML jackson-databind. FasterXML jackson-databind has been upgraded to version 2.14.1 in IBM Sterling Connect:Direct for UNIX Install Agent component . Vulnerability Details...
Security Bulletin: IBM Workload Scheduler potentially affected by multiple vulnerabilities in Java package org.yaml:snakeyaml
Summary Denial of Service vulnerabilities CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752 have been found in org.yaml:snakeyaml component and potentially affects IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-25857...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2020-11022).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method CVE-2020-11022. jQuery is used by the runtime components included in IBM Watson Speech...
Security Bulletin: Multiple Vulnerabilities discovered in libraries used by Apache Zookeeper that is included in ITNM (CVE-2020-36518, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823)
Summary Multiple vulnerabilities CVE-2020-36518; CVE-2022-2047; CVE-2022-2048; CVE-2022-24823 found in apache zookeeper used by IBM Tivoli Network Manager ITNM IP Edition. The fix contains the updated versions of corresponding libraries. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION:...
Security Bulletin: Vulnerability in Fabric OS firmware used by IBM b-type SAN directors and switches [CVE-2022-33186]
Summary Public disclosed vulnerability in the Fabric OS FOS used by IBM b-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying one of the FOS code levels listed below. CVE-2022-33186 Vulnerability Details CVEID:CVE-2022-33186 DESCRIPTION: Broadcom...
Security Bulletin: IBM Security Guardium is affected by a Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2021-39072)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-39072 DESCRIPTION: IBM Security Guardium could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could explo...
Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2022-1552)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX,...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27776
Summary cURL is used by IBM App Connect Enterprise Certified Container for internal communication and status checking. IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerabili...
Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in Apache Santuario XML Security for Java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2009-0217 DESCRIPTION: Multiple vendor applications that utilize the W3C XML Signature Syntax and Processing XMLDsig recommendation...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.29
Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 7.0.0.29 Content VULNERABILITY DETAILS: CVE ID:CVE-2013-0541 PM74909 DESCRIPTION: WebSphere Application Server is vulnerable to a denial of service, caused by a buffer overflow on Windows...
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
Summary Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Vulnerability Details CVE IDs: CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888,...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with Asset and Service Management (CVE-2016-2183)
Summary IBM HTTP Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services
Summary A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.10
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.10, IBM WebSphere Application Server Hypervisor 8.0.0.10 and IBM HTTP Server 8.0.0.10 Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server coul...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.11
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Vulnerability Details CVE ID:CVE-2014-8890 DESCRIPTION: WebSphere Application Server...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons...
Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )
Summary Vulnerabilities have beein found in VMware vCenter. vCenter is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-21980 DESCRIPTION: VMware vCenter Server could allow a remote attacker to obtain sensitive information,...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to bypass security restrictions and obtain sensitive information due to multiple vulnerabilities.
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to bypass security restrictions due to failure to send headers CVE-2022-31813, read unintended memory due to large inputs to aprwrite function CVE-2022-28614, and read buffer beyond bound due to large input to apstrcmpmatch...
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based...
Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects PowerVM
Summary OpenSSL is used by PowerVM to support encrypted Logical Partition Mobility. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-0778 by upgrading PowerVM and thus addressing the exposure to the openssl vulnerability. Vulnerability Details CVEID: CVE-2022-0778...
Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data
Summary IBM has released the following fix for IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID: CVE-2019-11251 DESCRIPTION: Kubernetes could allow a remote attacker to...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to directory traversal due to its use of Apache Commons IO (CVE-2021-29425)
Summary Apache Commons IO is used by several components in IBM Cloud Pak for Multicloud Management Monitoring. The product does not allow input that processes files or directories, but the affected software has been updated out of an abundance of caution. Vulnerability Details CVEID: CVE-2021-294...
Security Bulletin: Expat vulnerabilities affect IBM Netezza Analytics
Summary IBM Netezza Analytics uses Expat version 2.2.8. IBM Netezza Analytics has addressed the applicable CVEs by upgrading Expat to version 2.4.7. Vulnerability Details CVEID: CVE-2022-25236 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper protection against...
Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos
Summary IBM has provided explicit mitigation for the following Kerberos CVEs. DataPower did not previously provide the conditions necessary to exploit these CVEs. The explicit mitigations provided here protect against possible future changes that might have made them exploitable. Vulnerability...
Security Bulletin: IBM DataPower Gateway Virtual Edition uses out of date ICU libraries in open-vm-tools
Summary Open-vm-tools is used only in IBM DataPower Gateway Virtual Edition for communicating with the Hypervisor to perform such tasks as reboot or shutdown of the VM. The limited functionality employed in this use should not expose these CVEs to exploitation; IBM has addressed the CVEs out of a...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from gzip, jackson-databind, libssh, gnutls, nettle and zlib
Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages gzip, libssh, gnutls, nettle, zlib and jackson-databind that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2021-3634 DESCRIPTION: libssh is...
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to CKEditor
Summary CKEditor is used by IBM Sterling B2B Integrator as part of B2B API. Multiple CKEditor vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2021-26272 DESCRIPTION: CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...
Security Bulletin: Vulnerabilities in WebSphere Liberty Profile affect IBM InfoSphere Global Name Management (CVE-2020-5258, CVE-2020-4590, CVE-2020-4421)
Summary There are multiple vulnerabilities in the WebSphere Liberty Profile used in IBM InfoSphere Global Name Management GNM. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2021-23450)
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Network Intrusion Prevention System is affected by curl and php5 vulnerabilities (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)
Summary Security vulnerabilities have been discovered in curl and php5 that are used in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-2174 DESCRIPTION: cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...
Security Bulletin: GNU C library (glibc) vulnerability affects Tivoli Storage Productivity Center (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects Tivoli Storage Productivity Center. Vulnerability Details Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By...