35702 matches found
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-25690 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...
Security Bulletin: Vulnerability identified in VMware component affects Cloud Pak System (CVE-2021-21974)
Summary Vulnerability identified in VMware component ESXi that is bundled with Cloud Pak System. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Cloud Pak System| 2.3.x.x...
Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.
Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)
Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: Eclipse Jetty i...
Security Bulletin: A vulnerability in kafka affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-34917)
Summary There is a vulnerability in kafka that is used by the IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-craft...
Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor
Summary IBM Sterling B2B Integrator has addressed the CKEditor security vulnerabilities in B2B API. Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used...
Security Bulletin: Apache Commons HttpClient 3.x (and few others) allow Man-In-The-Middle (MITM) attack
Summary Apache Commons HttpClient 3.x and few others used do not verify the server hostname in the subject Common Name CN and allows Man-In-The-Middle MITM attack Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-41854
Summary snakeYAML is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9
Summary IBM Data Risk Manager IDRM 2.0.6.14, which is the only supported version, is impacted by multiple vulnerabilities including Apache Commons Text 1.9 CVE-2022-42889. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.15 which includes Apache Commons Text 1.10. Plea...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. Vulnerability Details CVEID:CVE-2022-33879 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular expression denial...
Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]
Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted...
Security Bulletin: GSKit SSL/TLS handshake vulnerability in Tivoli Directory Server (CVE-2012-2190)
Abstract A vulnerability has been identified in the GSKit 7 component utilized by Tivoli Directory Server TDS version 6.0, 6.1 or 6.2. A specifically crafted malformed SSL/TLS data packet can cause a TDS server using GSKit 7 to segmentation fault.. Remediation for the issue consists of updating...
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related Java SE and Node
Summary Vulnerabilities in Node and Java SE such as HTTP request smuggling, execution of arbitrary code, gain elevated privileges on the system and unauthorized operations may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-32214 DESCRIPTION: Node.js is vulnerable to HTTP reques...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a CRI-O security vulnerability (CVE-2022-1708)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kubernetes API. Vulnerability Details CVEID: CVE-2022-1708 Description: A vulnerability was found in CRI-O that causes memo...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple...
Security Bulletin: A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center(CVE-2021-36373)
Summary A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-36373...
Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server. Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM HTTP Server could allow a remote...
Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-29788)
Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilites including OpenSSL, cross-site scripting, cross-site request forgery CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-29788 which allowed an attacker or an unauthenticated...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)
Summary IBM® Db2® is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. Vulnerability Details CVEID: CVE-2022-22389 DESCRIPTION: IBM Db2 is vulnerable to a denial of service as the server may terminate...
Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2022-22721)
Summary IBM Rational Build Forge is affected by CVE-2022-22721. Vulnerability Details CVEID: CVE-2022-22721 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by an integer overflow. By sending an overly large LimitXMLRequestBody, a remote attacker could overflow a buffer...
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)
Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...
Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped with IBM WebSphere Application Server Pattern (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)
Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0
Summary CVE-2022-28282, CVE-2021-38503, CVE-2022-22760, CVE-2021-38509, CVE-2022-22739, CVE-2022-26381, CVE-2022-22754, CVE-2021-43538, CVE-2022-22747, CVE-2021-38504, CVE-2022-22746, CVE-2022-26383, CVE-2022-22741, CVE-2022-26384, CVE-2022-22759, CVE-2022-22748, CVE-2021-43543, CVE-2022-1196,...
Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)
Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length...
Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL
Summary The vulnerability in CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote...
Security Bulletin: OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-3712)
Summary OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System
Summary OpenSSH used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-41617 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when certa...
Security Bulletin: IBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104, CVE-2021-45046)
Summary IBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to multiple Apache Log4j CVE-2021-4104, CVE-2021-45046 vulnerabilities in Webssphere Application Server. The remediation addresses the vulnerabilities by removing Apache Log4j. Vulnerability...
Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-44224)
Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-44224 Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service or server-side request forgery. By sending a specially crafted URI to httpd configured as a forward proxy, ...
Security Bulletin: Due to use of Apache Log4j, IBM StoredIQ for Legal is vulnerable to arbitrary code execution (CVE-2021-44228, CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary Apache Log4j is included in WebSphere Application Server WAS, which is distributed with IBM Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 impacting IBM StoredIQ for Legal application. IBM StoredIQ for Legal uses Apache...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2021-45105, CVE-2021-44832)
Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus
Summary Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX such as directory traversal, execution of arbitrary commands, obtaining sensitive information, elevated privileges, bypassing security restrictions, and denial of service, may affect IBM Spectrum Protect Plus. Vulnerability...
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID: CVE-2021-22897 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the...
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2021-3538, CVE-2021-33502, CVE-2021-3450, CVE-2021-3449)
Summary IBM Security Guardium Insights has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...
Security Bulletin: IBM Security Guardium Insights is affected by a Components with known vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-7656 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could...
Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console
Summary httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka...
Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293)
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. IBM DataPower Gateway has addressed the corresponding applicable CVEs. Vulnerability Details CVEID: CVE-2015-0287 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Informix Genero (CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792 & CVE-2015-4000)
Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Informix Genero. Informix Genero has addressed the applicable CVEs...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the...
Security Bulletin: A security vulnerability has been idenfied in jQuery which affects DataQuant for z/OS (CVE-2019-11358)
Summary A security vulnerability has been identified in jQuery that could affect DataQuant for z/OS. Vulnerability Details CVEID: CVE-2019-11358 CVSS Base Score: 6.1 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Security Bulletin: cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier
Summary cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0...
Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop
Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated...
Security Bulletin: A vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1551)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: A security vulnerability in GSKit affects IBM Rational ClearQuest (CVE-2016-2183)
Summary The GSKit that is shipped with IBM Rational ClearQuest contains a security vulnerability. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...
Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2017-9798, CVE-2017-12618)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products an...
Security Bulletin: Vulnerability in OSPFv2 Routing Protocol Used in IBM i Operating System (CVE-2013-0149 and CVE-2013-5385)
Problem : The OSPFv2 routing protocol specified in RFC 2328 has an ambiguity that can be exploited and allow for traffic to be black-holed and/or redirected. A PTF is provided. Resolving The Problem VULNERABILITY DETAILS: DESCRIPTION: A potential protocol vulnerability has been identified in the...
Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal
Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in...
Security Bulletin: IBM MQ Appliance affected by an OpenSSH vulnerability (CVE-2019-6110)
Summary IBM MQ Appliance has addressed the following OpenSSH vulnerability. Vulnerability Details CVEID: CVE-2019-6110 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by accepting and displaying arbitrary stderr output from the scp server. A man-in-the-middl...