35665 matches found
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a fl...
Security Bulletin: EDB Postgres Advanced Server (EPAS)
Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain...
Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.
Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597...
Security Bulletin: IBM Storage Fusion is vulnerable to denial of server, and security bypass due to Golang vulnerabilities.
Summary Golang Go and Golang packages are used by IBM Storage Fusion and thus IBM Storage Fusion may be vulnerable to the vulnerabilities listed below. CVE-2022-29526, CVE-2022-21698, CVE-2021-41190, CVE-2018-20699, CVE-2024-24786, CVE-2023-39325, CVE-2023-48795. Vulnerability Details...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unspecified vulnerabilities and sensitive information exposure due to IBM Runtime Environment Java Technology Edition Version 8
Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by unspecified vulnerabilities and sensitive information exposure due to IBM Java 8. IBM Sterling Connect:Direct for UNI...
Security Bulletin: IBM InfoSphere Information Server is affected by OpenSSL Vulnerability (CVE-2023-2650)
Summary A vulnerability in OpenSSL used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CM...
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities
Summary Ansible-operator and opm are used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduling-operator and ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service.
Summary IBM Db2 Web Query for i is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-34034 and CVE-2023-44981 and denia...
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. CVE-2023-28322, CVE-2023-28320, CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caus...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Grafana (CVE-2023-1410)
Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-1410 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1410 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier
Summary This fix upgrades to node 18.19.0. Vulnerability Details CVEID:CVE-2023-39332 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass using non-Buffer Uint8Array objects. By sending a specially crafted request, an attacker coul...
Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-50164)
Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.33. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: Multiple security vulnerabilities in Redis may affect IBM Robotic Process Automation for Cloud Pak
Summary Redis is used by IBM Robotic Process Automation for Cloud Pak as part of the server component. CVE-2022-35977, CVE-2022-36021, CVE-2023-25155, CVE-2023-28856. Vulnerability Details CVEID:CVE-2022-35977 DESCRIPTION: Redis is vulnerable to a denial of service, caused by an integer overflow...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Unauthorized requests (SSRF), Improper path traversal, via k8s.io/apimachinery, k8s.io/apiserver (CVE-2022-3172, CVE-2022-3162)
Summary Kubernetes' apimachinery and apiserver are used by IBM Storage Fusion HCI to interact with the OpenShift platform. Vulnerabilities in these libraries include the possibility of unauthorized requests server-side request forgery and improper path traversal, as described the the CVEs listed ...
Security Bulletin: AIX is vulnerable to a denial of service due to the AIX SMB client (CVE-2023-45165)
Summary A vulnerability in the AIX SMB client daemon could allow a non-privileged local user to cause a denial of service CVE-2023-45165. AIX uses the SMB client daemon to access files on SMB servers. Vulnerability Details CVEID:CVE-2023-45165 DESCRIPTION: IBM AIX could allow a non-privileged loc...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management
Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. An attacker could exploit these vulnerabilities to escalate privileges, gaining elevated privileges or cause the system to crash, to execute arbitrary management commands on the system and cause a denial...
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in OpenSSL
Summary The following vulnerabilites in OpenSSL have been addressed by IBM RackSwitch firmware products. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an...
Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)
Summary There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite CVE-2023-26049 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities (CVE-2023-2828, CVE-2023-24329, CVE-2022-4839)
Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2023-2828 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a...
Security Bulletin: There are multiple vulnerabilities in jQuery used by IBM Maximo Asset Management (CVE-2020-11022, CVE-2020-7656, CVE-2020-11023, CVE-2015-9251, CVE-2012-6708)
Summary There are multiple vulnerabilities in jQuery used by IBM Maximo Asset Management CVE-2020-11022, CVE-2020-7656, CVE-2020-11023, CVE-2015-9251, CVE-2012-6708 Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation ...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.2.1 Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of Module.load. By sending a specially crafted request, ...
Security Bulletin: Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946)
Summary Postgresql JDBC as shipped with IBM Security Verify Access has addressed a vulnerability that could allow a local authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ 8, which is used by IBM Rational ClearQuest v9.0.2. These issues were disclosed in the IBM Java SDK updates including IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU and Oracle April 2023...
Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics
Summary Eclipse Jetty is used in the solution's microservices bis, auth, analytics, cna as the engine of the HTTP server, underpinning APIs and UI. Several CVEs were found in the version used. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jet...
Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect IBM® MobileFirst Platform
Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSS...
Security Bulletin: IBM TRIRIGA Application Platform discloses use of Apache Xerces (CVE-2022-23437)
Summary Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duratio...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent
Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...
Security Bulletin: Vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux can affect IBM Spectrum Protect Plus.
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux. Vulnerabilities include causing a denial of service, obtaining sensitive information, bypassing protections and restrictions, causing system crashes,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by v4.1.0.4 to v4.1.1.0 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in January 2023. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.2 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL...
Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2180).
Summary IBM b-type SAN switches and directors has addressed Open Source OpenSSL Vulnerabilities. Vulnerability Details CVEID:CVE-2016-2180 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TSOBJprintbio function. A remote attacker could exploit this...
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines (CVE-2023-30441)
Summary The security issue described in CVE-2023-30441 has been identified in IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE...
Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)
Summary IBM API Connect has addressed the following improper access control vulnerability CVE-2023-28522. Vulnerability Details CVEID:CVE-2023-28522 DESCRIPTION: IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. CVSS Base score: 4.3 CVSS...
Security Bulletin: TADDM is vulnerable to a denial of service vulnerability in Apache-Log4j (CVE-2023-26464)
Summary Apache-Log4j version 1 is used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2023-26464. Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender...
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Apache Groovy
Summary Vulnerabilities in Apache Groovy such as remote attacker executing arbitrary code on the system, allowing a local authenticated attacker to obtain sensitive information, may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2015-3253...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2016-2108)
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code ...
Security Bulletin: A security vulnerability ( CVE-2022-3509, CVE-2022-3171 ) has been identified in IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics Predictive Insights
Summary Websphere Application Server Liberty profile is shipped as a component of IBM Operations Analytics Predictive Insights and is used in the UI component of IBM Operations Analytics Predictive Insights. The vulnerability CVE-2022-3509, CVE-2022-3171, and CVE-2022-46364 could be exploited to...
Security Bulletin: CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Standard
Summary CVE-2018-1099, CVE-2018-1098 related to etcd package may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-1099 DESCRIPTION: etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS...
Security Bulletin: Vulnerability in Log4j affects IBM Integrated Analytics System [CVE-2022-23305]
Summary Redhat provided Log4j is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE-2022-23305 Vulnerability Details CVEID:CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted...
Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 (CVE-2016-0785 CVE-2016-2162)
Summary Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by IBM® FlashSystem™ 840 and IBM FlashSystem 900 in its Service Assistant GUI. Vulnerability Details CVEID: CVE-2016-0785 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary co...
Security Bulletin: WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF
Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2022-46364. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation. Vulnerability...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud
Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details CVEID:CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVS...
Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-23943)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-23943 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in modsed. By sending special...
Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to webpack loader-utils vulnerability [CVE-2022-37601]
Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to webpack loader-utils vulnerability with details below. This vulnerability has been addressed. CVE-2022-37601 Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: webpack loader-utils could allow a remote attacker to execu...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.9 and earlier
Summary This fix upgrades to socket.io 4.5.4, protobuf-java 3.21.9 and nodejs 14.21.1. Vulnerability Details CVEID:CVE-2022-41940 DESCRIPTION: Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote...
Security Bulletin: Cross-Site Request Forgery vulnerability affects IBM Business Automation Workflow - CVE-2022-42435
Summary IBM Business Automation Workflow is vulnerable to a Cross-Site Request Forgery attack. Vulnerability Details CVEID:CVE-2022-42435 DESCRIPTION: IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is...
Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs
Summary The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to the following remote code execution CVE's: CVE-2021-46143 CVE-2022-25314 CVE-2022-23990 CVE-2022-22825 CVE-2022-23852 CVE-2022-2282...
Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786)
Summary IBM API Connect has addressed the following vulnerability in OpenSSL CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process YAML data may be vulnerable to denial of service due to CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752
Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for processing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...