35608 matches found
Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)
Summary Aspera Web Applications Shares, Console have addressed the following OpenSSL Vulnerabilities. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the...
Security Bulletin: CVE-2020-1971 vulnerability in OpenSSL may affect IBM Workload Scheduler
Summary OpenSSL vulnerability CVE-2020-1971 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...
Security Bulletin: IBM DataPower Gateway vulnerable to a DoS
Summary IBM has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the applicati...
Security Bulletin: IBM Security Privileged Identity Manager is affected by denial of service vulnerability in Java SE (CVE-2020-2654)
Summary IBM Security Privileged Identity Manager has addressed a denial of service vulnerability in Java SE. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause ...
Security Bulletin: Potential vulnerability with FasterXML jackson-databind
Summary A potential vulnerability has been identified related to FasterXML jackson-databind. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity...
Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHel...
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Apache Commons ( CVE-2021-29425)
Summary The product includes an older version of Apache Commons that may be identified and exploited with a specially-crafted URL request. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in January 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2
Summary BM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this...
Security Bulletin: IBM Waston Machine Learning Acclerator is affected by OpenSSL vulnerabilities
Summary There are vulnerabilities in OpenSSL used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVEs: CVE-2021-23839, CVE-2021-23840, CVE-2021-23841. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)
Summary An issue was found within cURL libcurl that IBM MQ uses. This issue could affect users of the CCDTURL feature. Vulnerability Details CVEID: CVE-2020-8284 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper validation of FTP PASV...
Security Bulletin: OpenSSL Vulnerabilities Affect IBM Sterling Connect:Express for UNIX (CVE-2021-3449, CVE-2021-3450)
Summary Security vulnerabilities have been disclosed on 25h March 2021 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities
Summary App Connect Enterprise flows may be susceptible to denial of service attacks due to CVE-2020-1971 and CVE-2020-8265 in the Node.js runtime, and all components may be vulnerable to HTTP request smuggling due to CVE-2020-8287. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL ...
Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis
Summary There are series of Deserialization of Untrusted Data vulnerabilities and Input Validation vulnerability in various versions of FasterXML jackson-databind that affect Apache Solr. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID: CVE-2020-11620...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Symphony
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 16 and earlier releases used by IBM Spectrum Symphony. IBM Spectrum Symphony has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified...
Security Bulletin: WebSphere MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841
Summary WebSphere MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841 Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities (CVE-2020-28851 and CVE-2020-28852)
Summary IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2020-28851 and CVE-2020-28852 with details of each below. Vulnerability Details CVEID: CVE-2020-28851 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.5 ESR + CVE-2020-15683) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF12 + ICAM2019.3.0 - 2020.2.0
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-15683, CVE-2020-15969. Vulnerability Details CVEID: CVE-2020-15683 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in Apr 2020. Vulnerability...
Security Bulletin: CVE-2020-1968 vulnerability in OpenSSL may affect IBM Workload Scheduler
Summary OpenSSL vulnerability CVE-2020-1968 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Contract Management (CVE-2020-11023, CVE-2020-11022)
Summary jQuery security vulnerabilities affect IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform (CVE-2020-11023, CVE-2020-11022)
Summary jQuery publicly disclosed vulnerability affects IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System
Summary RedHat provided OpenSSL package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failur...
Security Bulletin: IBM Security Directory Suite vulnerable to information disclosure (CVE-2018-15473)
Summary Security vulnerability that could allow a remote attacker to obtain sensitive information, has been fixed and delivered in IBM Security Directory Suite. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused b...
Security Bulletin: Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues.
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2017-5461 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)
Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-8203 Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183560 fo...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)
Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by Rational Software Architect and Rational Software Architect for WebSphere Software. The applicable CVEs have been addressed. Vulnerability Details CVEID: CVE-2015-3193 DESCRIPTION: OpenSS...
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i
Summary Apache HTTP Server is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-9490 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when the server tries to HTTP/2 PUSH a resource afterwards. By using a...
Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox
Summary Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown...
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2018-1283, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)
Summary There are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when modsession is configured with SessionEnv...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...
Security Bulletin: IBM QRadar Network Security is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729, CVE-2019-11745)
Summary IBM QRadar Network Security is affected by Network Security Services NSS vulnerabilities - 2 issues for nss, nss-softokn, nss-util Vulnerability Details CVEID: CVE-2019-11729 DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by the improperly validation of empty or...
Security Bulletin: Addressing the Sqlite Vulnerability CVE-2019-16168, CVE-2019-19242 and CVE-2019-19244
Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following SQLite vulnerability: Vulnerability Details CVEID: CVE-2019-16168 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by missing validation of a sqlitestat1 sz...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL project. OpenSSL is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products an...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by ITNCM. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluat...
Security Bulletin: IBM i is affected by a vulnerability in OpenSSH (CVE-2018-15473)
Summary OpenSSH is used by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a...
Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-10086)
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...
Security Bulletin: IBM RackSwitch firmware products are affected by TCP denial of service vulnarabilities
Summary The IBM RackSwitch firmware products listed below have addressed the following TCP denial of service vulnerabilities. Vulnerability Details CVEID: CVE-2019-11478 DESCRIPTION: Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel cou...
Security Bulletin: Multiple vulnerabilities in Java affect IBM Spectrum Protect Plus
Summary Multiple vulnerabilities in Java were disclosed as part of the Java SDK updates in January 2019 that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Cloud Private. IBM Cloud Private has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate yo...
Security Bulletin: IBM Security Privileged Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.
Summary IBM has released the following a fixpack for IBM Security Privileged Identity Manager in response to CVE-2017-5753 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerabilities (CVE-2019-9512, CVE-2019-9514)
Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the net/http library of the Go language that affects all Kubernetes components. These vulnerabilities can result in a denial-of-service attack against a process with an HTTP or HTTPS listener CVE-2019-9512 and...
Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905)
Summary Multiple vulnerabilities in Open Source VMware affects IBM PureApplication System. IBM PureApplication System has addressed Common Vulnerabilities Exposures CVE-2017-4903, CVE-2017-4904, CVE-2017-4905. Additionally this bulletin includes information about the release of fix for Common...
Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability
Summary IBM MessageSight/MessageGateway has addressed the following jQuery vulnerability: CVE-2019-11358: jQuery mishandles jQuery.extendtrue, , ... Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper...
Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes
Summary Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes Vulnerability Details CVEID: CVE-2019-4119 DESCRIPTION: IBM Cloud Private Kubernetes API server can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. CVSS Base Score: 3.1 CVSS...