35596 matches found
Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console
Summary httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypto. By sending specially...
Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console (CVE-2013-5704, CVE-2015-3183)
Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2013-5704 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the improper handling of a specially-crafted...
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM GPFS V3.5 for Windows (CVE-2015-4000, CVE-2015-1793, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project and affect IBM GPFS V3.5 . This includes the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. This also includes the alternate chains certificate forgery vulnerability...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.
Summary Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment XSLD. Vulnerability Details CVEID: CVE-2020-4333 DESCRIPTION: IBM WebSphere Exteme Scale Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web ...
Security Bulletin: Vulnerabilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control
Summary Multiple vulnerabiilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js may affect IBM Spectrum Control. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021. Vulnerability Details CVEID: CVE-2020-5258...
Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology
Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by Vulnerabilities in Node.js
Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2021-23337, CVE-2021-23327, CVE-2021-23334, CVE-2021-27191, CVE-2021-23335. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands...
Security Bulletin: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating
Summary XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Vulnerability Details Refer t...
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2020-8244 DESCRIPTION: Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sending a...
Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability
Summary IBM Security Guardium has addressed the following vulnerability Vulnerability Details CVEID: CVE-2019-11478 DESCRIPTION: Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective...
Security Bulletin: Vulnerabilities in BIND affect AIX (CVE-2020-8616 and CVE-2020-8617)
Summary There are vulnerabilities in BIND that affect AIX. Vulnerability Details CVEID: CVE-2020-8617 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a logic error in code which checks TSIG validity. A remote attacker could exploit this vulnerability to trigger an assertion...
Security Bulletin: Apache Log4j valunarability found in Network Performance Insight (CVE-2019-17571)
Summary Apache Log4j vulnerability found in Network Performance Insight CVE-2019-17571. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2000-1254 DESCRIPTION: OpenSSL...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-8610)
Summary OpenSSL is used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets...
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
Summary IBM SmartCloud Entry is vulnerable to file vulnerabilities, An attacker could exploit these vulnerabilities to use a specially-crafted file to consume all available CPU resources, cause a denial of service, execute arbitrary code, or cause applications/executables to crash. CVE-2014-3538...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.1.4.10 and IBM® Runtime Environment Java™ Versions 7.0.10.10 and 7.1.4.10 used by IBM Integration Bus and WebSphere Message Broker. These issues were disclosed as part of the IBM Java SDK updates in Jul 201...
Security Bulletin: Vulnerability in the Fabric OS used by IBM b-type SAN directors and switches.
Summary Public disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurr...
Security Bulletin: Vulnerability in SSLv3 affects IBM i (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM i. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused b...
Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391)
Summary IBM MQ Appliance has addressed the following kernel vulnerability. Vulnerability Details CVEID: CVE-2018-5391 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By...
Security Bulletin: NeXtScale Fan Power Controller (FPC) July 2014 Fixes (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470)
Summary The NeXtScale Fan Power Controller FPC July 2014 firmware update contains fixes for six vulnerabilities. Vulnerability Details Abstract The NeXtScale Fan Power Controller FPC July 2014 firmware update contains fixes for six vulnerabilities. Content Vulnerability Details: CVE ID:...
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot (also known as pDSA) is affected by the following OpenSSL vulnerability: CVE-2014-0224
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details Abstract Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project Content Vulnerability...
Security Bulletin: An OpenSSL vulnerability could affect IBM Performance Management products (CVE-2016-2183)
Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a...
Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™
Summary This bulletin describes security vulnerabilities discovered in OpenSSL that were reported on December 3, 2015 by the OpenSSL Project, plus two additional vulnerabilities. Vulnerability Details CVEID: CVE-2015-3193 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: Vulnerabilities in HTTPD affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in Apache HTTPD. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypto. By sending...
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
Summary PowerKVM is affected by numerous vulnerabilities in the linux kernel. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2013-7421 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the in the Crypto API. An...
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS
Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.5 of IBM SONAS Vulnerability Details IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS
Summary OpenSSL is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs. Vulnerability Details OpenSSL is used in IBM SONAS for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused b...
Security Bulletin: Vulnerabilities in Bash affect IBM SONAS (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM SONAS. Vulnerability Details The following vulnerabilities are only exploitable by users who already have authenticated access to the...
Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release
Summary Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this...
Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator
Summary IBM Business Process Manager is shipped as a component of IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM SmartCloud Orchestrator, and IBM SmartCloud Orchestrator Enterprise. Vulnerability Details Review the following security bulletins for IBM Business Process Manager for...
Security Bulletin: Multiple vulnerabilities in openssl affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
Summary Multiple vulnerabilities in openssl affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-1788. Vulnerability Details CVEID: CVE-2014-8176 DESCRIPTION: OpenSSL could allow a remote...
Security Bulletin: IBM Security Directory Suite has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.
Summary IBM has released the following fixpack for IBM Security Directory Suite in response to CVE-2017-5753 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5754 Affected Products and Versions IBM Security Directory Suite ISDS 8.0.0, 8.0.1 Remediation/Fixes Product |...
Security Bulletin: IBM Security Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.
Summary IBM has released the following fixpack for IBM Security Identity Manager in response to CVE-2017-5753 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5754 Affected Products and Versions IBM Security Identity Manager ISIM 7.0.0, 7.0.1 Remediation/Fixes Product...
Security Bulletin: IBM Security Guardium is affected by Open Source packages vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2017-2628 DESCRIPTION: cURL could allow a remote attacker to bypass security restrictions, caused by improper use of Negotiate authenticated HTTP connections for subsequent requests. An...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway
Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin...
Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSL
Summary Vulnerabilities have been identified in OpenSSL. IBM Security Access Manager for Web uses OpenSSL and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0799 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a memory err...
Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405)
Summary Security vulnerabilities have been discovered in NTP used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-1798 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could allow a remote attacker to bypass security restrictions, caused by the acceptance...
Security Bulletin: IBM QRadar SIEM 7.1 MR2, and 7.2 MR2 are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM B2B Advanced Communications.
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates for October 2015 and January 2016. Vulnerability Details CVEID...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version JRE6SR16FP20, JRE7SR9FP30, JRE8SR1FP10, JRE8SR2FP10 used by Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details If you run you...
Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 7600, 7700 and 7710 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Smart Analytics System 7600, 7700, and 7710. Vulnerability...
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM DB2 LUW. IBM DB2 LUW has addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere MQ (CVE-2014-0224, CVE-2014-3470), Websphere Message Broker and IBM Integration Bus (CVE-2014-0224) shipped with Predictive Maintenance and Quality
Summary IBM WebSphere MQ, IBM Websphere Message Broker and IBM Integration Bus are shipped as components of IBM Predictive Maintenance and Quality. Information about security vulnerabilities affecting IBM WebSphere MQ, IBM Websphere Message Broker and IBM Integration Bus has been published in...
Security Bulletin: IBM API Connect is affected by an Apache HTTP Server vulnerability (CVE-2014-0226)
Summary IBM API Connect has addressed the following vulnerability. Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by a race condition in the modstatus module when handling the scoreboard. By sending a specially-crafted request, a remote attacker could overflow a buffer a...
Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time
Summary Java SE issues disclosed in the Oracle January 2017 Critical Patch Update Vulnerability Details CVE IDs: CVE-2017-3289 CVE-2017-3272 CVE-2017-3241 CVE-2016-5546 CVE-2017-3253 CVE-2016-5548 CVE-2016-5549 CVE-2017-3252 CVE-2016-5547 CVE-2016-5552 CVE-2017-3261 CVE-2017-3231 CVE-2017-3259...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.3. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP5 where applicable. Multiple Cross-Site Request Forgery vulnerabilities have been addressed CVE-2020-4301, CVE-2021-20468...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-10977 DESCRIPTION: PostgreSQL could provide weaker than expected security,...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Java, Go, Python, OpenSSL and Node.js Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused b...
Security Bulletin: Denial of service, DNS poisoning, and information disclosure might affect IBM Storage Defender – Resiliency Service
Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in denial of service, DNS poisoning, and information disclosure. The vulnerabilities have been addressed. CVE-2024-34447, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2024-45296, CVE-2023-44487, CVE-2024-29857...
Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)
Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...