35596 matches found
Security Bulletin: Apache Log4j vulnerability may affect IBM Sterling B2B Integrator (CVE-2021-44228)
Summary IBM Sterling B2B Integrator is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...
Security Bulletin: Apache Log4j vulnerability (CVE-2021-44228) has been identified in IBM Tivoli Netcool Impact and IBM WebSphere Application Server bundled with Tivoli Business Service Manager
Summary IBM Tivoli Netcool Impact and IBM WebSphere Application Server are bundled as components of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM Tivoli Netcool Impact and IBM WebSphere Application Server have been published in security bulletins...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) impacts IBM Watson Machine Learning Accelerator
Summary Log4j is used by IBM Watson Machine Learning Accelerator for generating logs in some of its components. This bulletin provides mitigations for the Log4j vulnerability CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning Accelerator. Vulnerability Details Refer to the...
Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for IBM Connections (CVE-2021-44228)
Summary Apache Log4j open source library is used by Content Collector for IBM Connections. The vulnerability affects the Content Collector AFUKnowledgeCenter component. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228...
Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for Microsoft SharePoint(CVE-2021-44228)
Summary Apache Log4j open source library is used by Content Collector for Microsoft SharePoint. The vulnerability affects the Content Collector AFUKnowledgeCenter component. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228...
Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center
Summary Public disclosed vulnerability CVE-2018-11776 from Apache Struts affects IBM Platform Application Center. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts namespace code execution CVSS Base Score: 9.8 CVSS Temporal Score: See for the current score CVSS Environmental...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to urllib3 for python man-in-the-middle and security bypass vulnerabilities( CVE-2021-3572,CVE-2021-28363,)
Summary Potential urllib3 for python man-in-the-middle and security bypass vulnerabilities CVE-2021-28363, CVE-2021-3572 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-28363...
Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an attacker could exploit this...
Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228)
Summary IBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-44228 vulnerability. Please note that this Security Bulletin has been...
Security Bulletin: IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data are affected by critical vulnerability in Log4j (CVE-2021-44228)
Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2021-4104, CVE-2021-45046)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j
Summary Log4j is used by IBM Watson Discovery for IBM Cloud Pak for Data to log system events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading Watson Discovery and thus addressing the exposure to the log4j vulnerability. Vulnerability Detail...
Security Bulletin: Vulnerabilities in SSH affect IBM DataPower Gateways (CVE-2016-10009, CVE-2016-10012)
Summary SSH vulnerabilities were disclosed by the OpenSSH Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-10009 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading ...
Security Bulletin: A Vulnerability with jackson-databind before 2.13.0 affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
Summary A Vulnerability with jackson-databind before 2.13.0 affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a...
Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go
Summary IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . CVE-2024-24783 Vulnerability Details CVEID:CVE-2024-24783 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 packag...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.0. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerab...
Security Bulletin: IBM SDK Java 8.0.7.0 Update for IBM DataQuant
Summary Security Bulletin provides IBM DataQuant users with instructions for updating to Java 8.0.7.0 Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Studio Client (CVE-2021-4104)
Summary Apache Log4j open source library is used by IBM Data Studio Client. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caus...
Security Bulletin: nginx is vulnerable to CVE-2021-23017 used in IBM Maximo Application Suite - Edge Data Collector Component
Summary IBM Maximo Application Suite - Edge Data Collector Component uses nginx which is vulnerable to CVE-2021-23017. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute...
Security Bulletin: Vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634, CVE-2022-35919, CVE-2022-31028)
Summary Multiple vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift. Vulnerabilities include bypassing of security restrictions, execution of arbitrary code, obtaining sensitive information, denial of...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager
Summary Apache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...
Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)
Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway and MaaS360 Cloud Extender Configuration Utility module. Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling...
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerabilitiy due to improper privilege management when a specially crafted table access is used. (CVE-2022-43927)
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to improper privilege management when a specially crafted table access is used. Vulnerability Details CVEID:CVE-2022-43927 DESCRIPTION: IBM Db2 is vulnerable to information Disclosure due to improper privilege manageme...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2015-20107. GNOME libxml2 is used by IBM Robotic Process Automation as part of container base images,...
Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-6387) due to OpenSSH
Summary Vulnerability in AIX's OpenSSH could allow a remote attacker to execute arbitrary code CVE-2024-6387. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: Multiple vulnerabilities in Jquery-Ui, highcharts, and datatables are affecting QRadar User Behavior Analytics (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-23445, CVE-2021-29489)
Summary There are vulnerabilities in third party packages JQuery-UI, Highcharts, datatables.net affecting User Behavior AnayticsUBA. UBA has been updated to the latest versions of these packages to address these vulnerabilities. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery...
Security Bulletin: Apache Log4j vulnerability affects IBM Sterling Secure Proxy (CVE-2021-44832)
Summary IBM Sterling Secure Proxy is vulnerable to arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to...
Security Bulletin: There are multiple vulnerabilities in the Apache Log4j used in IBM® QRadar Risk Manager that may allow for remote code execution (RCE).
Summary Apache Log4j is used by IBM® QRadar Risk Manager to log system events. This bulletin provides a remediation to address the multiple Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 by upgrading IBM® QRadar Risk Manager. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION...
Security Bulletin: Node.js passport is vulnerable to CVE-2022-25896 used in IBM Maximo Application Suite
Summary There is one vulnerability in passport-0.4.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-25896 DESCRIPTION: Node.js passport module could allow a remote attacker to hijack a user's session, caused by a session fixation vulnerability. An attacker could...
Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring installed WebSphere Application Server (CVE-2021-44228)
Summary The following security issue has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Note that log4j 2.x is not actually used by ITM but is present as part of the Tivoli Portal Server component installation as it prereqs and...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: IBM DataPower Gateway vulnerable to a flaw in OpenSSL (CVE-2017-3732)
Summary A carry propagating bug in the OpenSSL x8664 Montgomery squaring procedure may impact DH-based ciphersuites. This issue has been addressed in DataPower v2018.4.1.23. Vulnerability Details CVEID:CVE-2017-3732 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management
Summary Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson such as denial of service, bypassing security restrictions, obtaining sensitive information, cross-site scripting, and execution of arbitrary code may affect IBM Spectrum Copy Data Management. Vulnerability Details...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x
Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2022-29210 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the TensorKey hash function. A local authenticat...
Security Bulletin: IBM Security Guardium Insights is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. (CVE-2021-44228)
Summary IBM Security Guardium Insights is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. IBM Security Guardium Insights has addressed the vulnerability CVE-2021-44228 with an upgrade. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could all...
Security Bulletin: A security vulnerability has been identified in Log4j 2 used in IBM Guardium Data Encryption (GDE) (CVE-2021-44228)
Summary Log4j 2 is a logging package used by IBM Security Guardium Data Encryption GDE. That package has a security vulnerability. Consult the bulletin listed below for details. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...
Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692)
Summary PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure caused by an XML external entity XXE Vulnerability Details CVEID: CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caus...
Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900
Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 is susceptible. An exploit of this vulnerability CVE-2017-5638 could allow a remote attacker to execute arbitrary code on the system Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...
Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363
Summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificat...
Security Bulletin: CMIS is affected since it uses Spring Framework, but not vulnerable to [CVE-2022-22965] and [CVE-2022-22963]
Summary CMIS is affected since it uses SpringFramework, but not vulnerable to CVE-2022-22965 and CVE-2022-22963. Vulnerability Details CVEID:CVE-2022-22965 DESCRIPTION: Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of...
Security Bulletin: IBM TRIRIGA Indoor Maps, a component of IBM TRIRIGA Portfolio Data Manager is vulnerable to arbitrary code execution due to Apache Log4j library vulnerability (CVE-2021-44228)
Summary IBM TRIRIGA Indoor Maps, a component of IBM TRIRIGA Portfolio Data Manager is vulnerable to Apache Log4j library vulnerability CVE-2021-44228 as it is used as a common logging tool. Apache Log4j is used by IBM TRIRIGA Indoors Maps as part of its logging infrastructure. This bulletin...
Security Bulletin: Vulnerability in Node.js lodash affects IBM Process Mining (CVE-2021-23337,CVE-2020-28500)
Summary There is a vulnerability in Node.js lodash that could allow remote execution of arbitrary commands. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Node.js...
Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Service Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)
Summary There are vulnerabilities in Eclipse Jetty that affect Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw ...
Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j ( CVE-2021-45046)
Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation and workaround for the Apache Log4j vulnerability CVE-2021-45046. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code executio...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-4104, CVE-2021-45046)
Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow...
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7
Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, CVE-2022-35260, CVE-2022-42915,...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-45046)
Summary Apache Log4j Vulnerability Affects IBM Sterling Control Center CVE-2021-45046. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of...
Security Bulletin: The Apache Log4j (CVE-2021-44228) vulnerability affects z/TPF and TPF Operations Server
Summary The Apache Log4j vulnerability CVE-2021-44228 affects the z/Transaction Processing Facility z/TPF system and TPF Operations Server. Several Java applications on the z/TPF system depend on Apache Log4j capabilities. Additionally, the 64-bit Java support in TPF Operations Server uses Apache...