35692 matches found
Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks
Summary XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks DoS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2018-1996)
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could...
Security Bulletin: Vulnerabilities in Java impact IBM Cloud Application Business Insights (CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035)
Summary Vulnerabilities in Java impact IBM Cloud Application Business Insights CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an...
Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Cloud Application Business Insights (CVE-2021-45105, CVE-2021-45046)
Summary IBM Cloud Application Business Insights ICABI is vulnerable to denial of service due to Apache Log4j CVE-2021-45105 and arbitrary code execution due to Apache Log4j CVE-2021-45046 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...
Security Bulletin: Cloud Pak for Security is affected by but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
Summary Cloud Pak for Security CP4S 1.9.1.0 and earlier is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR i...
Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities
Summary IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities. These components have been updated in the latest release and the vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Python is used by IBM Robotic Process Automation as part of the NLP command implementation and part of the base container image for Antivirus and OCR services. Vulnerability Details CVEID:CVE-2021-4189 DESCRIPTION: Python could allow a remote attacker to obtain sensitive information, caus...
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
Abstract SONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2011-1248| Important: ca-certificates...
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
Abstract SONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013-0587| Moderate: openssl security...
Security Bulletin: Potential security exposure when using IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK.
Abstract IBM InfoSphere Streams makes use of IBM Java SE Version Version 6 SDK. Potential security exposures exist in IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK. Content VULNERABILITYDETAILS: CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-5081 DESCRIPTION:...
Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.43
Abstract Cross reference list for security vulnerabilities fixed in WebSphere Application Server Fix Pack 6.1.0.43 Content VULNERABILITY DETAILS: CVE ID:CVE-2011-1376 PM49712 DESCRIPTION: IBM Websphere Application Server, when running on IBM i operating systems, applies insecure permissions to...
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID:CVE-2022-27776 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw when asked to send custom headers or cookies in its HTTP requests. By sendin...
Security Bulletin: Due to RPM, AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266)
Summary AIX is vulnerable to arbitrary code execution CVE-2021-20271, RPM database corruption CVE-2021-3421, and denial of service CVE-2021-20266 due to RPM. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2021-20271 DESCRIPTION: RPM could allow a remote attacker to...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service...
Security Bulletin: An unspecified vulnerability related to the Networking component found in IBM Java 8.0 which is shipped with IBM® Intelligent Operations Center (CVE-2021-2341)
Summary An unspecified vulnerability related to the Networking component found in IBM Java 8.0 which is shipped with IBM® Intelligent Operations Center. Information about this vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity...
Security Bulletin: Vulnerability in Fabric OS firmware used by IBM b-type SAN directors and switches.
Summary Public disclosed vulnerability from OpenSSL in the Fabric OS FOS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By usi...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to OpenSSL CVE-2022-0778
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to OpenSSL CVE-2022-0778 with details below Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF012 and 21.0.3-IF010. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to zlib (CVE-2018-25032)
Summary There is a vulnerability in the zlib library used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable issue. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2021-41617
Summary OpenSSH is part of the base OS modules in all operand images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container is not directly vulnerable under standard operations, but custom use of the images may be vulnerable to privilege escalation. This...
Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35603)
Summary IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)
Summary Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785 with details below Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM InfoSphere Master Data Management Server (CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176)
Summary IBM WebSphere Application Server is shipped as a component of IBM InfoSphere Master Data Management Server . Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bullet...
Security Bulletin: Security vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager
Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM SDK, Java Technology Edition have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM InfoSphere Information Server may be vulnerable to various cross-site injection attacks CVE-2019-4727
Summary Potential cross-site injection vulnerabilities were addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4727 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...
Security Bulletin: Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery affect IBM Spectrum Copy Data Management
Summary Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery can affect IBM Spectrum Copy Data Management. Vulnerabilities include elevated privileges, SQL injection, obtaining sensitive information, cross-site scripting, and man-in-the-middle attacks. Vulnerability Details CVEID:...
Security Bulletin: IBM Integration Designer is vulnerable to an attacker obtaining sensitive information (CVE-2021-35550, CVE-2021-35603) and denial of service (CVE-2021-35578)
Summary The fix includes a new version of the IBM Runtime Environment Java Versions 7 and 8 that resolve the specified vulnerabilities. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated...
Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)
Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote...
Security Bulletin: Polkit as used by IBM® QRadar SIEM is vulnerable to privilege escalation (CVE-2021-4034)
Summary There is a privilege escalation vulnerability in Polkit which is used by IBM® QRadar SIEM indirectly as a dependency. Vulnerability Details CVEID: CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect...
Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-33193)
Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-33193 Vulnerability Details CVEID: CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker could explo...
Security Bulletin: Due to use of Apache Log4j, IBM Robotic Process Automation with Automation Anywhere is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary There are vulnerabilities in the Apache Log4j library used by IBM Robotic Process Automation with Automation Anywhere. This affects the IBM Robotic Process Automation with Automation Anywhere control room application. This vulnerability has been addressed by upgrading the Apache Log4j...
Security Bulletin: Vulnerability in Apache Log4j affects the components (Elastic Search and Hadoop) of IBM Financial Crimes Insight for Claims Fraud
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability CVE-2021-44228 by applying the applicable workaround ste...
Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics Desktop (CVE-2021-44228)
Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics Desktop. IBM SPSS Statistics Desktop has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects MaaS360 Enterprise Gateway
Summary There is a vulnerability in the Apache Log4j open source library. This library is not used within the MaaS360 Enterprise Gateway code, but is contained within the package of the MaaS360 Enterprise Gateway module. The Enterprise Gateway module is contained within the MaaS360 Cloud Extender...
Security Bulletin:Multiple Security Vulnerabilities fixed in Openssl as shipped with IBM Security Verify products (CVE-2021-3711, CVE-2021-3712)
Summary Security Vulnerabilities found in OpenSSL were fixed in the following products: IBM Security Verify Gateway for Windows Login, IBM Security Verify Bridge for Directory Sync, IBM Security Verify Gateway for RADIUS Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerabl...
Security Bulletin: Vulnerabilities in openssl affect Power Hardware Management Console ( CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797)
Summary OpenSSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSL...
Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)
Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities...
Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)
Summary Aspera Web Applications Shares, Console have addressed the following OpenSSL Vulnerabilities. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the...
Security Bulletin: IBM DataPower Gateway vulnerable to a DoS
Summary IBM has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the applicati...
Security Bulletin: IBM Security Privileged Identity Manager is affected by denial of service vulnerability in Java SE (CVE-2020-2654)
Summary IBM Security Privileged Identity Manager has addressed a denial of service vulnerability in Java SE. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause ...
Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHel...
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Apache Commons ( CVE-2021-29425)
Summary The product includes an older version of Apache Commons that may be identified and exploited with a specially-crafted URL request. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in January 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2
Summary BM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this...
Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures
Summary IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures CVE-2020-15095, CVE-2020-8116, CVE-2020-8201 and CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION:...