35715 matches found
Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)
Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM i DNS is affected by denial of service attacks due to flaws in ISC BIND (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).
Summary The IBM i DNS Server implementation uses ISC BIND. ISC BIND is vulnerable to denial of service attacks due to allocating memory before checking access permissions and flaws in the implementation of the stale-answer-client-timeout option as described in the vulnerability details section. I...
Security Bulletin: Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty (CVE-2022-41881 and CVE-2022-41915)
Summary Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty with details below. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights
Summary Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 allowing unauthorized access of unauthenticated attacker with...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of JSON Web Token. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...
Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Standard
Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...
Security Bulletin: IBM CICS TX Advanced is vulnerable to HTML injection (CVE-2022-34160)
Summary IBM CICS TX Advanced could allow a remote attacker to inject malicious HTML code. The fix removes this vulnerability CVE-2022-33960 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34160 DESCRIPTION: IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A...
Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-31744)
Summary IBM MQ Appliance has resolved a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2022-31774 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This...
Security Bulletin: IBM Aspera Orchestrator was vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-22720)
Summary Aspera Ochestrator has addressed the following vulnerability that has been remediated in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-22720 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection whe...
Security Bulletin: IBM Aspera Orchestrator vulnerable to server-side request forgery due to Apache HTTP Server vulnerability (CVE-2021-40438)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remo...
Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining . Multiple CVEs
Summary There is a vulnerability in jackson-databind that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...
Security Bulletin: IBM Sterling Transformation Extender vulnerable to multiple issues due to IBM SDK, Java Technology Edition
Summary There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 - Includes Oracle Apr 2022 CPU minus CVE-2022-21426 vulnerability that affect IBM Sterling Transformation Extender. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability i...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework CVE-2022-22950. This appears in the Java code used by some of our service components. Please read the details for...
Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550
Summary Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550 Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated...
Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)
Summary Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: PHP allowing remote attacker to execute arbitrary code, obtain sensitive information, local authenticated attacker gain elevated privileges on the system, cross-site request forgery and...
Security Bulletin: IBM Security Guardium is affected by a postgresql-42.0.0.jar vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By sending...
Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)
Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...
Security Bulletin: IBM Performance Management is affected by multiple vulnerabilities in IBM Websphere Application Server (CVE-2021-39031, CVE-2022-22393, and CVE-2022-22476)
Summary Multiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote autheticated attacker to conduct an LDAP injection; issue a request to obtain the status of HTTP/HTTPS ports; and/or use a specially crafted request. Details are described in CVE-2021-39031,...
Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
Summary Multiple vulnerabilities in libcurl affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include obtaining sensitive information, man-in-the-middle attacks, denial of service, and bypassing of security restrictions. Vulnerability Details...
Security Bulletin: IBM Sterling Control Center is vulnerable to denial of servicedue to Spring Framework (CVE-2022-22970)
Summary Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. IBM Sterling Control Center uses Spring...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2022
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF012 and 22.0.1-IF002. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin:IBM TRIRIGA discloses CVE-2019-10219
Summary IBM TRIRIGA discloses CVE-2019-10219 Vulnerability Details CVEID:CVE-2019-10219 DESCRIPTION: Hibernate-Validator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SafeHtml validator annotation A remote attacker could exploit this...
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.
Summary IBM QRadar Network Security has addressed following vulnerabilities in kernel. Vulnerability Details CVEID: CVE-2017-17807 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by omitting an access-control check when adding a key to...
Security Bulletin: A vulnerability (CVE-2021-35603) in IBM Java Runtime affects CICS Transaction Gateway
Summary IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-35603 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified...
Security Bulletin: A vulnerability in Docker CLI affects IBM Cloud Pak System (CVE-2021-41092)
Summary Docker CLI is vulnerable to attacks to obtain sensitive information. Docker CLI is used by Cloud Pak System as part to the infrastructure to manage the images and containers in the system. Cloud Pak System addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-41092...
Security Bulletin: TS3000 (TSSC/IMC) is vulnerable to privilege escalation vulnerability due to polkit ( CVE-2021-4034 )
Summary A privilege escalation vulnerability has been discovered in pkexec, a component of polkit. The TSSC does not use pkexec, but the executable does exist on the system. A patch has been provided that removes the executable from the file system. Vulnerability Details CVEID: CVE-2021-4034...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-0778
Summary OpenSSL is used by IBM App Connect Enterprise Certified Container for certificate creation and verification. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service when processing a malicious certificate. This bulletin provides patch information to...
Security Bulletin: Vulnerability in SSLv3 affects IBM Security Network Intrusion Prevention System (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacke...
Security Bulletin: Network Intrusion Prevention System is affected by multiple Apache web server vulnerabilities (CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231)
Summary Security vulnerabilities have been discovered in the Apache web server component bundled with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-6438 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modda...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)
Summary Multiple vulnerabilities exist in the Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application. The same Apache library is also used by the IBM WebSphere Application Server Liberty for...
Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.
Summary Linux Kernel used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-37576. Vulnerability Details CVEID: CVE-2021-37576 DESCRIPTION: Linux Kernel for PowerPC could allow a local authenticated attacker to execute arbitrary code on...
Security Bulletin: Multiple vulnerabilities in Samba – including Badlock – affect ProtecTIER
Summary Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by ProtecTIER. ProtecTIER has addressed the applicable CVEs including the vulnerability commonly referred to as “Badlock”. Vulnerability Details CVEID: CVE-2016-2118 DESCRIPTION: Samba could allow a remote attacker to...
Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-44832)
Summary A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum...
Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-42013)
Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-42013 Vulnerability Details CVEID: CVE-2021-42013 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system caused by a path traversal vulnerability related to an incomplete fix for...
Security Bulletin: Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Desktop
Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics Desktop which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...
Security Bulletin: Vulnerabilities in Apache Log4j affects SPSS Collaboration and Deployment Services
Summary There are vulnerabilities in the Apache Log4j open source library which is used by SPSS Collaboration and Deployment Services for logging of messages and traces. These issues have been addressed. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a deni...
Security Bulletin: Apache Log4j vulnerability affects IBM Integrated Analytics System (CVE-2021-44228)
Summary Apache Log4j is used by IBM Integrated Analytics System in the Db2 warehouse container. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Risk Manager (CVE-2021-44228)
Summary IBM Data Risk Manager IDRM 2.0.6.9 and earlier is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. This vulnerability has been addressed in the updated version of IDRM 2.0.6.10. Please see remediation steps below to apply fix. All customers...
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs. Vulnerability Details CVEID: CVE-2021-3772 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper validation of integrity check value by the Linux SCTP stack...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-20227 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a use-after-free flaw in the SELECT query function in src/select.c. By sending a specially-crafted request, a...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2020-13938, CVE-2021-30641, CVE-2021-26690, CVE-2021-26691)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)
Summary IBM Security Privileged Identity Manager has addressed several security issues as follows. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an...
Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover
Summary Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover Vulnerability Details CVEID: CVE-2020-8566 DESCRIPTION:...
Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology July 2018 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational...
Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.8 and V5.1.0.9
Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Application Discovery and Delivery Intelligence V5.1.0.8 and V5.1.0.9 respectively. These issues were disclosed as part of the IBM Java SDK updates in October 2020. Vulnerability...
Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server
Summary Multiple vulnerabilities in IBM Db2 and IBM Runtime Environment Java affect the IBM Spectrum Protect Server. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in January, April, and July 2020. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendo...
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details: CVE-ID: CVE-2013-2207 Description: The GNU C Library...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2107 DESCRIPTION: OpenSSL could allow a...