35596 matches found
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)
Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to t...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple OpenSSl denial of service vulnerabilities.
Summary Potential multiple OpenSSl denial of service vulnerabilities has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to...
Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2023-26285)
Summary IBM MQ is vulnerable to a denial of service attack caused by an error processing invalid data from a compromised client. Vulnerability Details CVEID:CVE-2023-26285 DESCRIPTION: IBM MQ could allow a remote attacker to cause a denial of service due to an error processing invalid data. CVSS...
Security Bulletin: CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced
Summary CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24536 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw during multipart form parsing. By...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in F5 NGINX
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of F5 NGINX . Vulnerability Details CVEID:CVE-2022-41743 DESCRIPTION: F5 NGINX products are vulnerable to a denial of service, caused by a flaw in the ngxhttphlsmodule module. By using a...
Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600)
Summary IBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following CVE. Vulnerability Details Summary IBM Flex System FC43171 8Gb SAN Switch and...
Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting...
Security Bulletin: Vulnerability in Apache Kafka may affect IBM Business Automation Workflow - CVE-2023-25194
Summary IBM Business Automation Workflow packages a copy Apache Kafka client library. A security vulnerability has been reported for the same version of Apache Kafka. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute...
Security Bulletin: Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remo...
Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack
Summary IBM Workload Scheduler is vulnerable to XML External Entity Injection XXE exploitation in "Create Job on Broker" page. Vulnerability Details CVEID:CVE-2022-22486 DESCRIPTION: IBM Tivoli Workload Scheduler is vulnerable to an XML External Entity Injection XXE attack when processing XML dat...
Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 ( CVE-2016-0705, CVE-2016-0797 )
Summary There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to corrupt memory and/or cause a denial of service. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION:...
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to PostgreSQL
Summary IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to vulnerabilities in PostgreSQL JAR CVE-2022-26520, CVE-2022-21724, CVE-2020-13692, CVE-2022-31197, 220313. The fix involves upgrading the PostgreSQL JAR t...
Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Standard
Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...
Security Bulletin: IBM CICS TX Advanced is vulnerable to HTML injection (CVE-2022-34160)
Summary IBM CICS TX Advanced could allow a remote attacker to inject malicious HTML code. The fix removes this vulnerability CVE-2022-33960 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34160 DESCRIPTION: IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A...
Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system
Summary IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequence...
Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-31744)
Summary IBM MQ Appliance has resolved a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2022-31774 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This...
Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)
Summary A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2019-20916. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker ...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-24999
Summary Node.js module qs is used by IBM App Connect Enterprise Certified Container for parsing query parameters on URLS. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the...
Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]
Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...
Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.
Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2022 CPU (minus CVE-2022-21426)
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...
Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2022-21496)
Summary IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat CVE-2022-21496 due to the use of IBM® SDK Java™ Technology Edition, Version 8. The SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud Tiering...
Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)
Summary Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and man-in-the-middle attacks may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID:CVE-2022-27782 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass...
Security Bulletin: IBM Sterling Control Center is vulnerable to denial of servicedue to Spring Framework (CVE-2022-22970)
Summary Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. IBM Sterling Control Center uses Spring...
Security Bulletin: IBM Aspera Faspex 4.4.1 and earlier has addressed an Apache vulnerabilitiy (CVE-2021-40438)
Summary This security bulletin addresses an Apache security vulnerabilitiy that have been remediated in IBM Aspera Faspex 4.4.2. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2022
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF012 and 22.0.1-IF002. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security issues due to Node.js
Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerabilities. The vulnerabilities are caused by Node.js which is vulnerable to multiple threats. CVE-2021-22939, CVE-2021-44531, CVE-2021-44533, CVE-2021-37701, CVE-2021-37712, CVE-2021-22959,...
Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)
Summary Vulnerabilities in Samba, OpenSSL, Python, and XStream may affect IBM Spectrum Protect Plus. These vulnerabilities include bypassing security restrictions, obtaining sensitive information, denial of service, and elevation of privileges. Vulnerability Details CVEID: CVE-2021-20254...
Security Bulletin: StoredIQ is vulnerable to denial of service and remote code execution in Apache Log4j (CVE-2021-44228, CVE-2021-45046).
Summary StoredIQ is vulnerable to denial of service and remote code execution in Apache Log4j CVE-2021-44228, CVE-2021-45046. Apache Log4j is used by StoredIQ as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION:...
Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities
Summary Apache HTTP Server provides HTTP services for SiteProtector. IBM Security SiteProtector System has addressed the following vulnerabilities in a Core express update: Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a...
Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability CVE-2021-35550
Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerabilit...
Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty
Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. We have also identified an issue in the IBM WebSphere Application Server Liberty component that is packaged with IBM supplie...
Security Bulletin: Multiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System
Summary Multiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-34558 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the failure to properly...
Security Bulletin: TS3000 (TSSC/IMC) is vulnerable to privilege escalation vulnerability due to polkit ( CVE-2021-4034 )
Summary A privilege escalation vulnerability has been discovered in pkexec, a component of polkit. The TSSC does not use pkexec, but the executable does exist on the system. A patch has been provided that removes the executable from the file system. Vulnerability Details CVEID: CVE-2021-4034...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in Oracle October 2021 CPU minus...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)
Summary Multiple vulnerabilities exist in the Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application. The same Apache library is also used by the IBM WebSphere Application Server Liberty for...
Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.
Summary Linux Kernel used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-37576. Vulnerability Details CVEID: CVE-2021-37576 DESCRIPTION: Linux Kernel for PowerPC could allow a local authenticated attacker to execute arbitrary code on...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2020-13935
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.4 are affected by CVE-2020-13935 Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests...
Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)
Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker...
Security Bulletin: Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix Dynamic Server in Cloud Pak for Data
Summary This Security Alert addresses CVE-2021-44228, a vulnerability in Apache Log4j. Versions Affected: All Apache Log4j2 =2.14.1 on IBM Informix Dynamic Server in Cloud Pak for Data Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to log4j CVE-2021-44228
Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to log4j CVE-2021-44228 Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker...
Security Bulletin: Log4jShell Vulnerability affects Decision Optimization for Cloud Pak for Data (CVE-2021-44228)
Summary The Apache Log4j vulnerability used by Decision Optimization for Cloud Pak for Data has been addressed. IBM strongly recommends addressing the Log4j vulnerability CVE-2021-44228 now by upgrading. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component cou...
Security Bulletin: Vulnerability in SSLv3 Affects Power Hardware Management Console (CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-
Summary OpenSSL included in Power Hardware Management Console contains multiple vulnerabilities including POODLE Padding Oracle On Downgraded Legacy Encryption. Vulnerability Details CVE-ID: CVE-2014-3513 Description: OpenSSL is vulnerable to a denial of service, caused by a memory leak in the DT...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2020-13938, CVE-2021-30641, CVE-2021-26690, CVE-2021-26691)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: UPDATE: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187)
Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is optionally available via the AIX Toolbox for Linux Applications web download: http://www.ibm.com/systems/power/software/aix/linux/ If you have bash...
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)
Summary IBM Security Privileged Identity Manager has addressed several security issues as follows. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an...
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending...
Security Bulletin: A Vulnerability in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement
Summary There is a vulnerabilitiy in IBM® Runtime Environment Java™ Version 6 and IBM® Runtime Environment Java™ Version 8 used by Optim Data Growth, Test Data Management and Application Retirement. This issue was disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Detail...