35702 matches found
Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities
Summary Multiple security vulnerabilities have been identified in bash that is embedded in IBM FSM. This bulletin addresses these issues. Vulnerability Details CVEID: CVE-2014-6277 DESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID: CVE-2017-10125 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment...
Security Bulletin: Potential Security Vulnerability With Maximo Asset Management
Summary Smarter Infrastructure Products - Potential cross-site scripting vulnerability when using Maximo Asset Management and SmartCloud Control Desk products. Vulnerability Details CVE IDs: CVE-2013-5402 DESCRIPTION: CVE ID| DESCRIPTION ---|--- CVE-2013-5402 CVSS Base Score: 3.5 CVSS Temporal...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...
Security Bulletin: IBM Rational ClearQuest security vulnerability fixes for CVE-2012-2203
Summary IBM Rational ClearQuest uses the IBM GSKit component to establish SSL connections to an LDAP directory server for LDAP authentication. ClearQuest 7.1.2.8 and 8.0.0.4 install updated versions of GSKit which contain corrections for security vulnerability CVE-2012-2203 Vulnerability Details ...
Security Bulletin: IBM Security Access Manager Appliance is affected by a kernel vulnerability (CVE-2016-10229)
Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2016-10229 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets...
Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2017-5638)
Summary IBM Sterling Order Management use Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error wh...
Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Smart Analytics System 5600. Vulnerability Details CVE-ID:...
Security Bulletin: Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527
Summary IBM customers who use the IBM 4769 Developer's Toolkit to create custom firmware images may be affected by one or more vulnerabilities that were announced against the Linux kernel. Vulnerability Details CVEID:CVE-2019-20811 DESCRIPTION: Linux Kernel could provide weaker than expected...
Security Bulletin: Apache Log4j vulnerability (CVE-2021-4422) addressed in IBM Watson Machine Learning Accelerator
Summary Apache Log4j, which is used by and included with IBM Watson Machine Learning Accelerator , contains security vulnerability issue CVE-2021-44228. This bulletin provides mitigations for the Log4Shell vulnaribility CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning...
Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9
Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2022-22307 DESCRIPTION: IBM Security Guardium could allow a local user to obtain elevated privileges due to incorrect authorization checks. CVSS Base score: 4.4 CVSS Temporal Score: See:...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.
Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...
Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)
Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX...
Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483
Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-29483...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been address...
Security Bulletin: Axios is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Axios which is vulnerable to CVE-2023-45857. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based...
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)
Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...
Security Bulletin: IBM Financial Transaction Manager v3.2.x is vulnerable to XML External Entity Injection (XXE)
Summary An XML External Entity Injection XXE vulnerability in Java based XML parsers within IBM Financial Transaction Manager was addressed. Vulnerability Details CVEID:CVE-2023-35892 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity...
Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing
Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...
Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.12 and earlier
Summary This fix upgrades to node 18.16.1. Vulnerability Details CVEID:CVE-2023-30584 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could...
Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query
Summary IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted...
Security Bulletin: IBM TRIRIGA Application Platform is vulneraible to multiple vunerabilities [CVE-2016-0003], [CVE-2016-1000031] and [CVE-2016-0248]
Summary IBM TRIRIGA Application Platform updated the apache commons open source to latest version to fix the fulnerabilities in CVE-2016-0003, CVE-2016-1000031 and CVE-2016-0248. Vulnerability Details CVEID:CVE-2016-0003 DESCRIPTION: Microsoft Edge could allow a remote attacker to execute arbitra...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)
Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to t...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple OpenSSl denial of service vulnerabilities.
Summary Potential multiple OpenSSl denial of service vulnerabilities has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to...
Security Bulletin: CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced
Summary CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24536 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw during multipart form parsing. By...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in F5 NGINX
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of F5 NGINX . Vulnerability Details CVEID:CVE-2022-41743 DESCRIPTION: F5 NGINX products are vulnerable to a denial of service, caused by a flaw in the ngxhttphlsmodule module. By using a...
Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting...
Security Bulletin: Vulnerability in Apache Kafka may affect IBM Business Automation Workflow - CVE-2023-25194
Summary IBM Business Automation Workflow packages a copy Apache Kafka client library. A security vulnerability has been reported for the same version of Apache Kafka. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute...
Security Bulletin: Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remo...
Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in Mozilla Network Security Services NSS to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-2834, CVE-2016-5285, and CVE-2016-8635 could allow a remote attacker to execute arbitrary code, to recov...
Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 ( CVE-2016-0705, CVE-2016-0797 )
Summary There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to corrupt memory and/or cause a denial of service. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION:...
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to PostgreSQL
Summary IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to vulnerabilities in PostgreSQL JAR CVE-2022-26520, CVE-2022-21724, CVE-2020-13692, CVE-2022-31197, 220313. The fix involves upgrading the PostgreSQL JAR t...
Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Standard
Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...
Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system
Summary IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequence...
Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-31744)
Summary IBM MQ Appliance has resolved a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2022-31774 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This...
Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)
Summary A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2019-20916. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker ...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-29736 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-24999
Summary Node.js module qs is used by IBM App Connect Enterprise Certified Container for parsing query parameters on URLS. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the...
Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]
Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...
Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.
Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2022 CPU (minus CVE-2022-21426)
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...
Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2022-21496)
Summary IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat CVE-2022-21496 due to the use of IBM® SDK Java™ Technology Edition, Version 8. The SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud Tiering...