35608 matches found
Security Bulletin: IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-42916 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain...
Security Bulletin: There is a vulnerability in moment.js used by IBM QRadar User Behavior Analytics (CVE-2022-24785)
Summary There is a vulnerability in moment.js used by IBM QRadar User Behavior AnalyticsUBA. This vulnerabiliity is addressed in UBA by upgrading to a version of moment.js that resolves the issue. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to...
Security Bulletin: IBM Security Network Protection can be affected by Cross-Site Scripting and Symbol Denial of Service vulnerabilities in Ruby on Rails (CVE-2013-1854, CVE-2013-1857, CVE-2013-1855)
Abstract IBM Security Network Protection is affected by multiple vulnerabilities reported in Ruby on Rails. These vulnerabilities include multiple cross-site scripting and denial of service vulnerabilities that could be exploited remotely by an attacker with access to the Local Management Interfa...
Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL
Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling Connect:Enterprise for UNIX. Content VULNERABILITY DETAILS: CVE IDs : CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-461...
Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition January 2015 CPU affect WebSphere Process Server
Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for JavaTechnology Edition updates in January 2015. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple...
Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition April 2015 CPU affect WebSphere Process Server
Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for Java Technology Edition updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Process Server (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
Summary WebSphere Application Server WAS is shipped as a component of WebSphere Process Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. These issues were disclosed as part of the IBM Java SDK updates in January...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-10237)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server and User Management Service. Information abo...
Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server
Summary There are several vulnerabilities that may affect IBM HTTP Server that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2022-21986 DESCRIPTION: Microsoft .Net is vulnerable to a denial of service, caused by a flaw in the Kestrel Web Server. By sending a...
Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.
Summary The SANnav Management Portal and Global View products vulnerability due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP componen...
Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 )
Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22823 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: Due to use of Expat, IBM Tivoli Network Manager is vulnerable to arbiraty code execution (CVE-2022-23990 and CVE-2022-23852)
Summary When Expat also known as libexpat is used by IBM Tivoli Network Manager ITNM , it could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XMLGetBuffer function. By sending a specially-crafted request, an attacker could exploit this...
Security Bulletin: Vulnerability in OpenSSL affects IBM Event Streams (CVE-2022-0778)
Summary There is a vulnerability in the version of OpenSSL used by IBM Event Streams. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted certificat...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to several attack vectors due to its use of Apache Netty (CVE-2021-37136, CVE-2021-37137, CVE-2021-43797)
Summary Several security vulnerablities were found in the Apache Netty library used by several components in IBM Cloud Pak for Multicloud Management Monitoring. Vulnerability Details CVEID: CVE-2021-37136 DESCRIPTION: Netty netty-codec is vulnerable to a denial of service, caused by not allow siz...
Security Bulletin: Multiple Java Vulnerabilities Affect IBM Connect:Direct Web Services
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in May 2019 Vulnerability Details CVE-ID: CVE-2019-10246 Description: Eclipse...
Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)
Summary Apache Log4j is used by IBM Spectrum LSF Suite and IBM Platform Process Manager as part of its logging infrastructure. These vulnerabilities can be addressed by executing steps detailed in the Workaround section. These issues will be addressed in the next fix patch release 10.2.0.13 by en...
Security Bulletin: Expat vulnerabilities affect IBM Netezza Analytics for NPS
Summary IBM Netezza Analytics for NPS uses Expat version 2.2.0. IBM Netezza Analytics for NPS has addressed the applicable CVEs by upgrading Expat to version 2.4.7. Vulnerability Details CVEID: CVE-2022-23852 DESCRIPTION: Expat aka libexpat could allow a remote attacker to execute arbitrary code ...
Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)
Summary Multiple vulnerabilites in Java SE that could allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IMS™ Enterprise Suite: SOAP Gateway (CVE-2015-4000)
Summary The Logjam Attack on TLSTransport Layer Security connections using the Diffie-Hellman DH key exchange protocol affects IMS™ Enterprise Suite: SOAP Gateway. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics for NPS
Summary GNU binutils is used by IBM Netezza Analytics for NPS. IBM Netezza Analytics for NPS has addressed the applicable CVEs by upgrading GNU binutils to version 2.36. Vulnerability Details CVEID: CVE-2021-20284 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a...
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2022-22942 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper file descriptor...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. CVSS Base score: 7.5 CVSS...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21294)
Summary An unspecified vulnerability in Java SE - CVE-2022-21349 related to the 2D component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...
Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation
Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped in IBM WebSphere Application Server Patterns due to Expat vulnerabilities
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server CVE-2022-25313, CVE-2022-25315,...
Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server may affect IBM InfoSphere Global Name Management (CVE-2019-4046)
Summary There is a potential denial of service vulnerability in WebSphere Application Server shipped as part of IBM Global Name Management. This also affects IBM InfoSphere Global Name Management Enterprise Name Search installations. Vulnerability Details CVEs: CVE-2019-4046 Link to security...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: ...
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2022-0235)
Summary IBM App Connect Enterprise ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2022-0235 DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-44790, CVE-2021-44224)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: SQL injection vulnerability in PostgreSQL affects IBM Connect:Direct Web Services (CVE-2021-23214)
Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability "A remote attacker could send specially-crafted SQL statements when the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, which could allow the attacker to...
Security Bulletin: Predictive Maintenance and Quality and Predictive Maintenance Insights is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832).
Summary IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises are vulnerable to Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832 due to multiple components using Apache Log4j for logging. This has been addressed in each of the components;...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-30639
Summary IBM UrbanCode Release version 6.2.5.3 - 6.2.5.4 are affected by CVE-2021-30639 Vulnerability Details CVEID: CVE-2021-30639 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper error handling during non-blocking I/O. By sending a specially-crafted request, a...
Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-45105, CVE-2021-44832).
Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-45105, CVE-2021-44832)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2021-37635 DESCRIPTION: TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in the...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...
Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM License Key Server Administration and Reporting Tool and its Agent
Summary A security vulnerability has been found in the IBM® Runtime Environment Java™ used by IBM License Key Server Administration and Reporting Tool and its Agent. A fix has been published to mitigate the same. Vulnerability Details CVEID: CVE-2021-2369 DESCRIPTION: An unspecified vulnerability...
Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021
Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. Vulnerability Details CVEID: CVE-2021-39134 DESCRIPTION: Node.js @npmcli/arborist module could allow a local attacker to launch a symlink attack, caused by the...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940
Summary IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused ...
Security Bulletin: Power Systems Firmware is affected by vulnerability in OpenSSL (CVE-2014-0160)
Summary OpenSSL Heartbleed Vulnerability - April 2014 Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability to expose...
Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518)
Summary The libXml2 library used by Identity Insight has a potential use-after-free vulnerability that could be exploited by an attacker using a crafted input file. Vulnerability Details CVEID: CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Apache CXF Vulnerability Affects IBM Global Mailbox (CVE-2021-22696)
Summary Security vulnerability have been Identified In Apache CXF library shipped with IBM Global Mailbox. Vulnerability Details CVEID: CVE-2021-22696 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper validation of requesturi parameter by the OAuth 2 authorization...
Security Bulletin: Vulnerability in RC4 stream cipher affects GPFS V3.5 for Windows (CVE-2015-2808) / Enabling weak cipher suites for IBM General Parallel File System is NOT recommended
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenSSH for GPFS V3.5 for Windows. Additionally, with the recent attention to RC4 “Bar Mitzvah” Attack for SSL/TLS, this is a reminder to NOT enable weak or export-level cipher suites for IBM General Parallel File System GPFS. Vulnerability...
Security Bulletin: IBM DataPower Gateway is potentially vulnerable to two cryptographic side-channel vulnerabilities in SSL.
Summary Side-channel vulnerabilities in SSL CVE-2019-1563, CVE-2019-1547 potentially affect IBM DataPower Gateway Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer.
Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in January 2021 . Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unkno...
Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology
Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...
Security Bulletin: IBM License Metric Tool v7.2.2 and v7.5 and IBM Tivoli Asset Discovery for Distributed v7.2.2 and v7.5 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on TLS connections (CVE-2014-8730)
Summary TLS protocol support used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed is vulnerable to POODLE TLS attack CVE-2014-8730. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages...
Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.
Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2019-0233, CVE-2019-0230 Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a fi...