35596 matches found
Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.
Summary IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters. Vulnerability Details CVEID:CVE-2023-28527 DESCRIPTION: IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a...
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in curl
Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in curl Vulnerability Details CVEID: CVE-2018-1000122 DESCRIPTION: curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attack...
Security Bulletin: IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and denial of service due to CVEs in Apache Velocity, Apache Jena, and XStream (woodstox)
Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in Apache Velocity, Apache Jena, and XStream woodstox. The flaws can lead to arbitrary code execution, sensitive information disclosure, and denial of...
Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431)
Summary IBM® Db2® db2set is vulnerable to arbitrary code execution. Vulnerability Details CVEID: CVE-2023-30431 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow th...
Security Bulletin: IBM Rational Build Forge is vulnerable a remote attacker to execute arbitrary code on the system due to the use of Apache HTTP Server (CVE-2022-23943)
Summary IBM Rational Build Forge is affected by CVE-2022-23943. Vulnerability Details CVEID:CVE-2022-23943 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in modsed. By sending specially crafted data, an...
Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Jazz Reporting Services.
Summary IBM Jazz Reporting Service Application Suite uses Google Guava package which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation...
Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities
Summary There are multiple Security Vulnerabilities that were reported against the IBM Security Verify Access ISVA Appliance. These vulnerabilities have been addressed in the ISVA Appliance. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker ...
Security Bulletin: IBM Event Streams is affected by a denial of service due to OpenSSL vulnerabilities
Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4450, CVE-2023-0216. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error relat...
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-2142 DESCRIPTION: Mozilla Nunjucks is vulnerable to cross-site scripting, caused by...
Security Bulletin: IBM Spectrum Conductor with ISC BIND is vulnerable to a denial of service
Summary IBM Spectrum Conductor with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-3488 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error related to the processing of repeated responses to the same query, where both responses contai...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase.
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. CVE-2023-33850, CVE-2023-32342, CVE-2023-21930, CVE-2023-21967 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker ...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437)
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2023-30437 DESCRIPTION: IBM Security Guardium could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. CVSS Base score: 5.3 CVSS Temporal Score:...
Security Bulletin: XML External Entity injection vulnerability in jdom may affect custom apps in IBM Business Automation Workflow - CVE-2021-33813
Summary IBM Business Automation Workflow packages jdom. An XML External Entity XXE injection vulnerability was reported for jdom: Due to insecure default settings in jdom, a careless client application may fail to disable XML External Entity expansion features in the XML parser used by the librar...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)
Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Python CVE-2019-20907 Vulnerability Details CVEID:CVE-2019-20907 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the tarfile module in Lib/tarfile.py. By persuading a victim to open a specially-craft a...
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities
Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities, based on current information, in the following 3rd-party components: Stanford coreNLP, FasterXML jackson-databind, SnakeYAML, Dromera Hutool, jsoup, Node.js vm2 and Node.js http-cache-semantics. These...
Security Bulletin: Loader-utils is vulnerable to CVE-2022-37603 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses loader-utils which is vulnerable to CVE-2022-37603. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...
Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl (CVE-2022-31081)
Summary A vulnerability in libwww-perl could allow an attacker to poison web caches, bypass web application firewall protection, and conduct XSS attacks CVE-2022-31081. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2022-31081 DESCRIPTION: Libwww is vulnerab...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-32809 DESCRIPTION: CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code...
Security Bulletin: Vulnerability in OpenSSL affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in OpenSSL may cause a denial of service when IBM Spectrum Virtualize is acting as a TLS client when connecting to LDAP servers or key servers. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...
Security Bulletin: The IBM FlashSystem 840 & IBM FlashSystem V840 products are affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID:CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability ...
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID:CVE-2022-32206 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable "links" in the "chained" HTTP compression algorithms. By persuading a...
Security Bulletin: jQuery included in ITNM is vulnerable to Cross-site Scripting (XSS) attacks (multiple vulnerabilities)
Summary Multiple vulnerabilities CVE-2015-9251; CVE-2019-11358; CVE-2020-11022; CVE-2020-11023 found in jQuery that is present in IBM Tivoli Network Manager ITNM IP Edition. jQuery versions before 3.0.0 are vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is perform...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability [CVE-2022-37616]
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability with details below. CVE-2022-37616 This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-37616 DESCRIPTION: xmldom could allow a remote attacker to...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2022-2068 and CVE-2022-2097 are identified as potential risks for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netco...
Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC
Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-33193 and CVE-2021-44224 by upgrading IBM Power Hardware...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)
Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-40149, CVE-2022-40150 Vulnerability Details CVEID:CVE-2022-40149 DESCRIPTION: jettison-jso...
Security Bulletin: Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Process Manager Enterprise Service Bus (July 2022 CPU plus deferred CVE-2021-2163)
Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager Enterprise Serivce Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the...
Security Bulletin: IBM Sterling Order Management Netty 4.1.34 vulnerablity
Summary Netty could provide various potential exploitable entry points icnluding weaker than expected security, netty-codec is vulnerable to a denial of service, and HTTP request smuggling Vulnerability Details CVEID:CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security,...
Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities
Summary Vulnerabilities contained within libcurl a 3rd party component were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module. Vulnerability Details CVEID:CVE-2022-27780 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused...
Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0
Abstract OpenSSL versions prior to 1.0.0 do not follow best security practices and need to upgrade. On Linux Intel or z/OS platform, the components of Tivoli Management Framework 4.1.1 include the files in OpenSSL which version is prior to 1.0.0. Content VULNERABILITY DETAILS: CVE IDs:...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products Java CPU October 2021
Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository due to July 2022 CPU plus deferred CVE-2021-2163
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in July 2022. These issues are addressed by WebSphere Application Server shipped with WebSphere Servi...
Security Bulletin: IBM MQ is vulnerable to issues with libcurl (CVE-2022-27780, CVE-2022-30115)
Summary Multiple issues were identified within the libcurl library that affect IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2022-27780 DESCRIPTION: cURL...
Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)
Summary IBM Sterling File Gateway has addressed multiple security vulnerabilities in Apache Struts Vulnerability Details CVEID:CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a special...
Security Bulletin: IBM DataPower Gateway affected by prototype pollution in DOJO (CVE-2021-23450)
Summary DOJO is used mostly in the deprecated BluePrint GUI, but is also used in a small number of places in the standard Web UI. The vulnerable function is not used, but IBM has addressed the CVE. Vulnerability Details CVEID: CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to...
Security Bulletin: IBM Security Guardium is affected by a number of security vulnerabilities in Netty, which is used by Guardium (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137)
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-21290 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sending a specially-crafted request, a...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSL
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenSSL. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafte...
Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...
Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service
Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager TADDM and is vulnerable to a denial of service CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035,...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterprise
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Integration Bus & IBM App Connect Enterprise. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-44790, CVE-2021-44224)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: Vulnerability in Polkit affects IBM Integrated Analytics System.
Summary Polkit is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-4034. Vulnerability Details CVEID: CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by...
Security Bulletin: IBM Watson Studio Premium Add On in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM Watson Studio Premium Add On in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...
Security Bulletin: IBM Spectrum Fusion HCI is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary Multiple vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046 could allow an attacker to execute arbitrary code and denial of service. These vulnerabilities may affect IBM Spectrum Scale Container Native Storage Access and IBM Spectrum Protect Plus, which are part of the IBM...
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2020-35508 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Remote Server (CVE-2021-39275)
Summary IBM HTTP Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-10639 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the use of a weak function to generate IP packet IDs. By sniffing the network, ...
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22945)
Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2021-22945 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused ...
Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management
Summary Bind is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-25215 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an assertion failure while answering queries for DNAME records. By...
Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console
Summary httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypto. By sending specially...