35596 matches found
Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)
Summary IBM Aspera Faspex may be vulnerable to exposing data improperly CVE-2022-22497 due to an incorrectly computed security token. Vulnerability Details CVEID:CVE-2022-2497 DESCRIPTION: GitLab Community Edition and GitLab Enterprise Edition could allow a remote authenticated attacker to obtain...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (3)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediatio...
Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd
Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details CVEID:CVE-2023-26604 DESCRIPTION: systemd could allow a local authenticated attacker to gain elevated privileges on the...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...
Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...
Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].
Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...
Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input...
Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.
Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details CVEID:CVE-2024-11...
Security Bulletin: IBM Controller has addressed multiple vulnerabilities
Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details CVEID:CVE-2023-40695 DESCRIPTION: IBM Cognos Controller...
Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2023-6237 and CVE-2024-0727)
Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...
Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483
Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-29483...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been address...
Security Bulletin: IBM Spectrum Conductor provides upgraded software packages to address known CVEs
IBM Spectrum Conductor 2.5.1 Fix 601861 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601861. IBM Spectrum Conductor 2.5.1 Fix 601861 is a security fix that provides upgraded versions of software packages included with IBM Spectru...
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)
Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...
Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester
Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...
Security Bulletin: IBM Security Verify Access is vulnerable to Rapid Reset attacks if HTTP2 is enabled (CVE-2023-44487)
Summary The Webseal component of IBM Security Verify Access product is vulnerable to CVE-2023-44487, a flaw in handling multiplexed streams in the HTTP/2 protocol. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719, CVE-2023-38740, CVE-2023-30991, CVE-2023-38720,...
Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing
Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...
Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to Engine.IO denial of service (CVE-2023-31125)
Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a denial of service of Engine.IO with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-31125 DESCRIPTION: Engine.IO is vulnerable to a denial of service, caused by an uncaught...
Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js
Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....
Security Bulletin: CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced
Summary CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel ...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301).
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd
Summary Multiple issues were identified in Red Hat UBI packages Kubernetes, curl, systemd that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968)
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability...
Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center (CVE-2023-29257, CVE-2023-29255, CVE-2023-27555, CVE-2023-26021, CVE-2023-25930, CVE-2023-26022, CV)
Summary IBM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11....
Security Bulletin: Vulnerabilities in Python may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python. Vulnerabilities include denial of service on the system and obtaining sensitive information as described by the CVEs in the "Vulnerability Details" section...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2020-25864 DESCRIPTION: HashiCorp Consul is vulnerable to cross-site scripting, caused by improper validation of user-supplied input of the key-value store by the KV API. A remote attacker cou...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. This has been addressed in the remediation section. Vulnerability Detail...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP response splitting attacks due to a use of malicious backend and a denial of service attack due to an out-of-bounds read or write as described in the vulnerability details section. IBM i has addressed the CVEs by providing...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Management Module (IMM) for System x & BladeCenter
Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in OpenSSH. Vulnerability...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Go, Java and Node.js Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable...
Security Bulletin: IBM MQ is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)
Summary IBM MQ Managed File Transfer is affected by a vulnerability in Apache Commons Net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusting the host from PASV...
Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001 Vulnerability Details Refer to the...
Security Bulletin:A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem models 840 and 900 (CVE-2015-3238)
Summary There is a vulnerability in Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability...
Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in GNU Bash to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2016-0634, CVE-2016-7543, CVE-2016-9401 could make the system susceptible to an attack which could allow an attacker to execute arbitrary co...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud
Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details CVEID:CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacke...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Oracle® MySQL
Summary IBM Security Guardium has addressed these vulnerabilities by updating the affected component. Vulnerability Details CVEID:CVE-2022-21538 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Encryption component could allow an authenticated...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of...
Security Bulletin: Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
Summary Several vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see the vulnerability details and apply the suggested remediation/Fixes listed below. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in...
Security Bulletin: ITNM is vulnerable to redirect vulnerabilities due to use of nitely/spirit libraries prior to 0.12.3 (CVE-2022-0869)
Summary Vulnerability CVE-2022-0869 found related to Spirit libraries used in IBM Tivoli Network Manager ITNM IP Edition. The fix contains the removal of vulnerable libraries. Vulnerability Details CVEID:CVE-2022-0869 DESCRIPTION: Spirit could allow a remote attacker to conduct phishing attacks,...
Security Bulletin: Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM
Summary Multiple vulnerabilities CVE-2009-4521; CVE-2015-0250; CVE-2017-5662; CVE-2018-8013; CVE-2019-17566; CVE-2020-11987; CVE-2009-4269; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2021-41033 found in TCRtoolkit component present in IBM Tivoli Network Manager...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-29736 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to...
Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)
Summary Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: PHP allowing remote attacker to execute arbitrary code, obtain sensitive information, local authenticated attacker gain elevated privileges on the system, cross-site request forgery and...
Security Bulletin: IBM Performance Management is affected by multiple vulnerabilities in IBM Websphere Application Server (CVE-2021-39031, CVE-2022-22393, and CVE-2022-22476)
Summary Multiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote autheticated attacker to conduct an LDAP injection; issue a request to obtain the status of HTTP/HTTPS ports; and/or use a specially crafted request. Details are described in CVE-2021-39031,...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud October 2021 CPU
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...
Security Bulletin: CVE-2021-41041 may affect IBM® Semeru Runtime
Summary CVE-2021-41041 was addressed in Eclipse OpenJ9 version 0.32 Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by failing to throw the exception captured during bytecode verification when verificatio...