35608 matches found
Security Bulletin: Potential Denial of Service in IBM HTTP Server CVE-2014-0098
Summary Potential Denial of Service in IBM HTTP Server for IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2014-0098 Description: IBM HTTP Server may be vulnerable to a denial of service, caused by certain cookies being logged in the access log. A remote attacker could exploit...
Security Bulletin: IBM Cognos Controller is affected by vulnerabilities
Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direc...
Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities (CVE-2024-38477, CVE-2021-38963, CVE-2024-38475, CVE-2024-38474)
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sendi...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager
Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.2 Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially...
Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)
Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-52881)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas fr...
Security Bulletin: Vulnerabilities in GNU Binutils, Bootstrap, PortSmash, Node.js, and libarchive might affect IBM Storage Defender – Data Protect.
Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-6874 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...
Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecifie...
Security Bulletin: IBM Cloud Pak for Data is vulnerable due to k8s.io/kubernetes ( CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676 )
Summary k8s.io/kubernetes is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676. Vulnerability Details CVEID:CVE-2023-2728 DESCRIPTION: Kubernetes could allow a remote authenticated attacker to bypass security...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2511, CVE-2024-0727) due to OpenSSL
Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-2511, CVE-2024-0727. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...
Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2021-33631)
Summary This CVE in the OS kernel can affect mounting file-systems Vulnerability Details CVEID:CVE-2021-33631 DESCRIPTION: openEuler is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service...
Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.
Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc [CVE-2024-21626]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc, caused by an internal file descriptor leak CVE-2024-21626. Open Container Initiative runc is part of the gcc utils used by our service runtimes. This...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git
Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2017-11468 DESCRIPTION: Docker...
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality impacts and a timing-based side-channel attack due to multiple vulnerabilities.
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and a timing-based side-channel attack CVE-2023-33850 as described in the vulnerabili...
Security Bulletin: Vulnerability in Node.js affects Cloud Pak System [CVE-2023-42282]
Summary Node.js IP package code execution vulnerability affects Cloud Pak System on Power CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw ...
Security Bulletin: Logback is vulnerable to CVE-2023-6481 and CVE-2023-6378 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses logback which is vulnerable to CVE-2023-6481 and CVE-2023-6378. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a deni...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to an attacker uploading arbitrary files and obtaining sensitive information (CVE-2023-45802, CVE-2023-31122)
Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to an attacker uploading arbitrary files due to improper validation CVE-2023-45802 and obtaining sensitive information due to an out of bounds read flaw CVE-2023-31122 as described in the vulnerability details section. This...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Vulnerabilities in node.js affect Cloud Pak Sytem [CVE-2023-28154, CVE-2022-46175, CVE-2022-3517]
Summary Vulnerabilities in react-scripts node.js modules affect Cloud Pak System. Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2023-22081 and CVE-2023-5676)
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cau...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...
Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker sending invalid emails. (CVE-2023-27043).
Summary There is a vulnerability in Python used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. An attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected. CVE-2020-23064. This bulletin identifies the security fixes ...
Security Bulletin: Vulnerability in CloudPak for Watson AIOps. [CVE-2023-41419]
Summary Gevent vulnerability was addressed in IBM Cloud Pak for Watson AIOps version 4.2.1. CVE-2023-41419 Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to IBM Java SDK (CVE-2022-40609)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow...
Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Application Performance Management products
Summary Apache Log4j is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with...
Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998)
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload CVE-2023-24998. Apache Commons FileUpload is used by the TS7700 in the Management Interface. IBM Virtualization Engine TS7700 has addressed the applicable CVE. Vulnerability...
Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is affected by a tough-cookie Prototype Pollution vulnerability (CVE-2023-26136)
Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a tough-cookie Prototype Pollution vulnerability with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Salesforce tough-cookie could allow a remote attacker to...
Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2018-1000632 found in dom4j-1.6.1.jar
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following dom4j-1.6.1.jar vulnerability and updated dom4j.jar file from version 1.6.1 to 2.1.4 Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. For more information please refer to Oracle's July 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:CVE-2023-22045...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)
Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Decision Optimization for Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities [CVE-2018-8909, CVE-2021-41100 and CVE-2021-41119]
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2018-8909 DESCRIPTION: Wire App for Android could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../...
Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.9 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service due to [CVE-2012-0881], [CVE-2013-4002] and [CVE-2022-23437]
Summary Apache Xerces is not used by IBM App Connect Enterprise Certified Container but was present in an image. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)
Summary IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. Vulnerability Details CVEID:CVE-2023-25930 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a...
Security Bulletin: IBM Watson Explorer is affected by a vulnerability in Apache UIMA
Summary IBM Watson Explorer OneWEX and Foundational Components contains a vulnerable version of Apache UIMA. Vulnerability Details CVEID:CVE-2022-32287 DESCRIPTION: Apache UIMA could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied inpu...
Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).
Summary IBM Navigator for i and IBM Digital Certificate Manager for i use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Navigat...
Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products
Summary Vulnerabilities in the Apache Tomcat component affect the management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The CLI interface is unaffected. The CVEs are CVE-2016-6796 CVE-2016-6816 CVE-2016-6817. Vulnerability Details CVEID: CVE-2016-6796 DESCRIPTIO...
Security Bulletin: Maximo Application Suite uses jsonwebtoken package which is vulnerable to CVE-2022-23541, CVE-2022-23539, CVE-2022-23529 and CVE-2022-23540
Summary There are four vulnerabilities in jsonwebtoken-8.5.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of ke...
Security Bulletin: Vulnerabilites in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217)
Summary IBM Spectrum Protect Backup-Archive Client can be affected by vulnerabilities in OpenSSL. Vulnerabilities include disclosure of sensitive information and denial of service, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-4450...
Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 (CVE-2016-0785 CVE-2016-2162)
Summary Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by IBM® FlashSystem™ 840 and IBM FlashSystem 900 in its Service Assistant GUI. Vulnerability Details CVEID: CVE-2016-0785 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary co...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway
Summary There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-22476...
Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2021-44228, CVE-2021-45105, CVE-2021-45046, CVE2021-4104, CVE-2021-38930, and CVE-2021-38929. Vulnerability Details CVEID:CVE-2021-38930 DESCRIPTION: IBM System Storage DS8000 Management Console H...
Security Bulletin: IBM Aspera Orchestrator affected by an Apache HTTP Server vulnerability (CVE-2022-28614)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in the aprwrite function. By reflecting very large...
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2022-2048
Summary There is a vulnerability in Eclipse Jetty that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to ...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a Spring framework data binding rules vulnerability, where case sensitive patterns for disallowedFields cause weaker than expected security CVE-2022-22968. Spring Framework is used by some of the java...