35596 matches found
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-45046)
Summary A Remote Code Execution issue was identified within the Log4j fix for CVE-2021-44228 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers a...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 Fix Pack 4 and IBM Cognos Analytics 11.2.1. Vulnerability Details CVEID: CVE-2015-2156 DESCRIPTION: Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in a...
Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]
Summary IBM Cloud Pak for Business Automation is affected but not classified as vulnerable to a remote code execution in Spring Framework as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Bo...
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2017-5645 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: AIX is vulnerable to sensitive information exposure due to Perl (CVE-2023-31484 and CVE-2023-31486)
Summary UPDATED Nov 2: iFixes are now available for Perl 5.28.1 and 5.34.1. Perl version 5.28.1.7 and higher, and Perl version 5.34.1.4 and higher, have a dependency on OpenSSL 3.0. The iFixes are offered in lieu of updating to OpenSSL 3.0 and Perl 5.28.1.8 and 5.34.1.4. The iFixes may be...
Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2021-41617)
Summary There is a vulnerability in OpenSSH used by AIX. Vulnerability Details CVEID: CVE-2021-41617 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when certain non-default configurations are used. By executing an...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-44228. Vulnerabili...
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228)
Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-44228. However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are used in the...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Event Streams (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by the IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect...
Security Bulletin: Sweet32 vulnerability affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-2183)
Summary Sweet32 vulnerability affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Operational Decision Manager (CVE-2021-44228)
Summary Rule Designer, shipped with IBM Operational Decision Manager since version 8.10.4 includes log4j-core.jar that contains the vulnerable code. The fix includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: Log4JShell Vulnerability affects IBM SPSS Modeler (CVE-2021-44228)
Summary There is a vulnerability in the version of Log4j that was included in IBM SPSS Modeler. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure...
Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)
Summary The Netcool/Omnibus 'Administrator GUI' and 'Operator GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache...
Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability)
Summary There is a vulnerability in Apache-Log4j that impacts IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization ...
Security Bulletin: MAS Monitor 8.4, 8.5, and 8.6 log4j
Summary A new vulnerability with log4j has been detected. MAS Monitor uses log4j in all releases and interim fixes are now available for our 8.4, 8.5 and 8.6 releases. More details of the vulnerability are available here: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Vulnerability Details...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2022-46364)
Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...
Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600)
Summary A security vulnerability has been discovered in OpenSSH used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-5600 DESCRIPTION: OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive...
Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)
Summary There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM...
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent
Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM LKS Administration And Reporting Tool and its Agent. A fix is available to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a...
Security Bulletin: Public disclosed vulnerability from SQLite CVE-2019-8457
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following SQLite vulnerability: SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when the FTS3 extension is enabled. By using...
Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)
Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...
Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)
Summary Potential DOS due to weak IPv4 and IPv6 sequence numbers Vulnerability Details CVEID: CVE-2011-3188 DESCRIPTION: The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes i...
Notice: CentOS6 applications and mitigation for CVEs
Problem A security bulletin is issued to users on several QRadar versions identifying CVEs related to CentOS6 base images used in QRadar applications. Administrators are advised per the security bulletin to upgrade applications to mitigate the security issue. Cause Applications that use a CentOS6...
Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-7656).
Summary IBM Aspera Webapps are vulnerable to cross-site scripting. See vulnerability details for more information. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remot...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM GPFS for Windows (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM GPFS for Windows V3.5 Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properl...
Security Bulletins for IBM Tealeaf Customer Experience offerings
Abstract Support for IBM Tealeaf Customer Experience offerings is found in the IBM Client Success Portal at https://support.ibmcloud.com/, which requires login. For your convenience, Security Bulletins for IBM Tealeaf Customer Experience offerings are listed here, most recent at top, and do not...
Security Bulletin: AIX is vulnerable to cache poisoning due to ISC BIND (CVE-2021-25220)
Summary A vulnerability in ISC BIND could allow a remote attacker to poison the cache CVE-2021-25220. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error...
Security Bulletin: OpenSource Python Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-5699, CVE-2016-5636)
Summary Vulnerabilities in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager Vulnerability Details CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to...
Security Bulletin: Vulnerability in Apache HTTP Server ( CVE-2023-25690 ) affects Power HMC
Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with...
Security Bulletin: Vulnerabilities in Apache Shiro (CVE-2022-40664) and Apache Commons FileUpload (CVE-2023-24998) affect IBM WebSphere Service Registry and Repository.
Summary A bypass security restrictions vulnerability in Apache Shiro CVE-2022-40664 and a denial of service vulnerability in Apache Commons File Upload CVE-2023-24998 affect IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2022-40664 DESCRIPTION: Apache Shiro could...
Security Bulletin: Security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (CVE-2022-22389, CVE-2022-25313, CVE-2022-25236, CVE-2022-25314, CVE-2022-25315, CVE-2022-25235 and CVE-2022-22390)
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: The LogJam Attack on Diffie-Hellman ciphers (CVE-2015-4000) affects some versions of the DS8000.
Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 affects some versions of the DS8000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-45046)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: IBM Cognos Controller 10.4.2 IF16: Apache Log4j vulnerability (CVE-2021-45046)
Summary IBM Cognos Controller is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-45046 vulnerability. IBM Cognos Controller has upgraded Apache Log4j to...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2021) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2021. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclip...
Security Bulletin: Publicly disclosed vulnerability from OpenSSH affects IBM Netezza Host Management
Summary OpenSSH is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the...
Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for File Systems (CVE-2021-44228)
Summary Apache Log4j open source library is used by Content Collector for File Systems. The vulnerability affects the Content Collector AFUKnowledgeCenter component. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTIO...
Security Bulletin: Multiple Vulnerabilities in node.js
Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-32214 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to strictly use the CRLF sequence to delimit HTTP requests by the llhttp parser in the http module. ...
Security Bulletin: Due to use of Apache Log4j, IBM Watson Explorer is vulnerable to arbitrary code execution (CVE-2021-44832, CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary Apache Log4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the security vulnerabilities CVE-2021-44832, CVE-2021-45105, and CVE-2021-45046 by upgrading IBM Watson Explorer to Apache Log4j v2.17.1. Vulnerability Details CVEID:...
Security Bulletin: Multiple Vulnerabilities in Apache Log4j2 affect IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center
Summary There is a vulnerability in Apache Log4j2 used by IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center. IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center have addressed the applicable CVE. Customers are encouraged to take action by executing the mitigation...
Security Bulletin: Apache HTTP Server as used in IBM QRadar SIEM is vulnerable to server-side request forgery (SSRF) (CVE-2021-40438)
Summary Apache HTTP Server as used in IBM QRadar SIEM is vulnerable to server-side request forgery SSRF CVE-2021-40438 Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially...
Security Bulletin: Vulnerability has been identified in SnakeYAML used by IBM Dependency Based Build
Summary A vulnerability has been identified in SnakeYAML used by IBM Dependency Based BUild. SnakeYAML is used to load local YAML property files and is unlikely to cause a DoS incident described in the Vulnerability Details below. However, IBM recommends upgrading to version 1.1.0 or later...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute...
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
Summary RamdaCVE-2021-42581 is vulnerable to remote attackers to execute arbitrary code on the system, caused by a prototype pollution in functions. An attacker could exploit this vulnerability to execute arbitrary code on the system. Node-forgeCVE-2022-24773, 217313, CVE-2022-24771, CVE-2020-772...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Integrated Analytics System.
Summary Apache Log4j used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2022-23302. Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system,...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-4104, CVE-2021-45046)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.1.1.x and 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104...
Security Bulletin: OpenSSL and OpenSSH for IBM i are vulnerable to arbitrary code execution, denial of service, and security restrictions bypass due to multiple vulnerabilities.
Summary OpenSSH for IBM i is vulnerable to arbitrary code execution due to a flaw in ssh-agent CVE-2023-38408, OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in DH key check CVE-2023-3817, a denial of service due to using an object to text function CVE-2023-2650, and a...
Security Bulletin: Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934)
Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Flask and Pallets Werkzeug include obtain sensitive information, denial of service attacks and bypass security restrictions, as described by the CVEs in the "Vulnerability Details"...
Security Bulletin: IBM Cloud Pak for Applications is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary Security Bulletin: IBM Cloud Transformation Advisor, which is bundled with IBM Cloud Pak for Applications, is affected by Apache Log4j vulnerability CVE-2021-44228. Log4j is used by IBM Cloud Transformation Advisor for generating logs in some components and tools. This bulletin provides a...
Security Bulletin: IBM Event Processing is vulnerable to a denial of service (CVE-2023-4043).
Summary IBM Event Processing is vulnerable to a denial of service due to parsson-1.1.2.jar component. Parsson provides an implementation of Jakarta JSON Processing Specification. Vulnerability Details CVEID:CVE-2023-4043 DESCRIPTION: Eclipse Parsson is vulnerable to a denial of service, caused by...