35608 matches found
Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System
Summary Vulnerabilities in Golang Go affect Cloud Pak System Software. IBM Cloud Pak System has addresssed vulnerabilities. Vulnerabilities include code execution, HTML injection, denial of service, privilege escalation, P256 Curve unspecified, and obtaining sensitive information as described by...
Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638)
Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)
Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2022-42004. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML...
Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]
Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Modeler. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execut...
Security Bulletin: IBM MaaS360 Cloud Extender and Modules have various vulnerabilities (CVE-2021-22924, CVE-2021-3712)
Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.106.100.008 and Modules. Vulnerability Details CVEID: CVE-2021-22924 DESCRIPTION: An unspecified error with bad connection reused due to improper path name...
Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks (CVE-2023-25690)
Summary Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks. IBM has addressed the relevant vulnerability Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when...
Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to a denial of service due to jackson-databind (CVE-2020-36518)
Summary IBM Integration Bus and IBM App Connect Enterprise are vulnerable to a denial of service due to jackson-databind, caused by a Java StackOverflow exception. The fix includes jackson-databind 2.13.3 Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management
Summary There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM...
Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary Apache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution CVE-2021-44832 and CVE-2021-45046 and denial of service...
Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15)
Summary For the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 affecting v2.16 and CVE-2021-45046 affecting v2.15 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION:...
Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)
Summary Spring Framework is used by IBM Watson Explorer Foundational and Analytical Components. IBM Watson Explorer has addressed the applicable CVE CVE-2022-22971, CVE-2022-22968, CVE-2022-22970. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable...
Security Bulletin: AIX is vulnerable to a denial of service due to OpenSSL (CVE-2022-0778)
Summary A vulnerability in OpenSSL could allow a remote attacker to cause a denial of service CVE-2022-0778. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a fla...
Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary code due to a signal handler race condition. [CVE-2024-6387]
Summary OpenSSH used by IBM i is vulnerable to a remote attacker executing arbitrary code due to a signal handler race condition as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]
Summary IBM Sterling Partner Engagement Manager has addressed a Publicly disclosed vulnerability that are published by Apache Commons - Collections v3.2.1 CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary...
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...
Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)
Summary IBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgrad...
Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2016-8743)
Summary IBM Security Access Manager Appliance has addressed the following vulnerability in the HTTPD libraries used on the appliance. Vulnerability Details CVEID: CVE-2016-8743 DESCRIPTION: Apache HTTPD is vulnerable to HTTP response splitting attacks, caused by improper validation of user-suppli...
Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381) may affect IBM Tivoli Netcool Configuration Manager (ITNCM)
Summary IBM Tivoli Netcool Configuration Manager has addressed the following vulnerability. There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router ODR. This only occurs when the system clock is changed. If the system clock is changed it could cause...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-6119) due to OpenSSL
Summary Vulnerability in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-6119. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error...
Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime
Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server and Apache Portable Runtime: CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2006-20001, and CVE-2022-25147. This has been addressed in...
Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-39275)
Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-39275 Vulnerability Details CVEID: CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function. By sending specially crafted input, a...
Security Bulletin: A security vulnerability has been identified in Apache Log4j (CVE-2021-44228) in IBM Maximo Asset Configuration Manager and IBM Maximo for Aviation.
Summary Apache log4j 2 library is used by Build Data Interpreter BDI in IBM Maximo Asset Configuration Manager ACM and IBM Maximo for Aviation Aviation. This bulletin provides a remediation for the Apache log4j 2 vulnerability CVE-2021-44228 Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure Proxy (CVE-2021-44228)
Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitraty code on the system was addressed by IBM Secure Proxy. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: Insecure Transmission Vulnerability with IBM InfoSphere Information Server (CVE-2015-7490)
Summary IBM InfoSphere Information Server could allow a malicious user who can login in IIS using their own user id to change the user cookie to another user id to possibly gain access to information that the other user id had access to. Vulnerability Details CVEID: CVE-2015-7490 DESCRIPTION: IBM...
Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2019-4674, CVE-2018-15473, CVE-2019-4675)
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to a remote attacker, user enumeration vulnerability, and hard-coded credentials. Vulnerability Details CVEID: CVE-2019-4674 DESCRIPTION: IBM Security Identity Manager could allow a...
Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC
Summary Kernel is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation...
Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)
Summary Apache Log4j open source library used by IBM® Db2® is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code on the system or cause a denial of service. This library is used by the Db2 Federation feature. The fix for the vulnerability is to updat...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-35618
Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Denial of Service attack. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a...
Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) shipped with IBM Workload Scheduler
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. Information about security vulnerabilities affecting WAS have been published in security bulletins, and IBM recommends th...
Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425)
Summary There is a vulnerability in Apache Commons IO that could allow aremote attacker to traverse directories on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425...
Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-3759)
Summary There is a vulnerability in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details CVEID:CVE-2021-3759 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory overflow in the ipc function in the memcg...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Cloud Pak System
Summary Multiple Vulnerabilities have been identified in IBM Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-36090 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large...
Security Bulletin: Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent
Summary APM Linux KVM Agent is vulnerable to Jackson-mapper-asl vulnerabilities described in CVE-2019-10202 and CVE-2019-10172. The fix includes jackson-mapper-asl-1.9.13.jar upgraded to jackson-databind-2.14.0.jar Vulnerability Details CVEID:CVE-2019-10202 DESCRIPTION: Red Hat JBoss Enterprise...
Security Bulletin: Multiple vulnerabilities in gson-2.2.4.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in gson-2.2.4.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused b...
Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)
Summary Multiple vulnerabilities exist in Zookeeper that are used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Zookeeper and packages that are associated with Zookeeper that resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: Due to use of Hibernate Validator version 6.1.2.Final IBM Tivoli Network Manager is vulnerable which allows attackers to bypass input sanitation (escaping, stripping) controls(CVE-2020-10693, CVE-2019-10219).
Summary A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put i...
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana
Summary Watson Machine Learning Accelerator on Cloud Pak for Data had an internal dependency on Grafana. Grafana dependency is now removed. Grafana component is no longer used or shipped with Watson Machine Learning Accelerator on Cloud Pak for Data. This bulletin identifies the steps to take to...
Security Bulletin: IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278) Flash
Summary IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not vulnerable to the Bash vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and the two memory corruption vulnerabilities. Vulnerability Details IBM FlashSystem 710, 720,...
Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)
Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to denial of service due to libexpat. This has been addressed. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a use-after free created by overeager...
Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4
Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.4 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-2170 PM56183 DESCRIPTION: WebSphere Application Server could allow a network attacker to obtain sensitive information, caused by...
Security Bulletin: CVE-2021-23337
Summary Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-44228)
Summary IBM Sterling File Gateway is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...
Security Bulletin: IBM UrbanCode Release is vulnerable to arbitrary code execution due to Apache Log4j( CVE-2021-44228)
Summary IBM UrbanCode Release is impacted by CVE-2021-44228 through the use Apache log4j-1.2 which is part of the logging infrastructure. A logging configuration change can exploit the weakness resulting in unauthorized access to the administrative functions within Settings. An iFix has been...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot on Windows (CVE-2021-44228)
Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is...
Security Bulletin: Rational Test Workbench bundles Rational Performance Tester which is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary Rational Test Workbench RTW bundles Rational Performance Tester RPT. The Apache Log4j vulnerability impacts RPT Apache JMeter™ Test Extension. This bulletin addresses the vulnerability by removing Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details CVEID: CVE-2021-38951 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0,...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Websphere Application Server shipped with Tivoli Netcool/Impact. (CVE-2015-4000)
Summary IBM WebSphere Application Server is shipped as a component of Tivoli Netcool Impact . Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. For Tivoli Netcool/Impact version 7.1.0 the shipped archive version of...
Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)
Abstract Download update to TS3310 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. Content CVE ID: CVE-2012-2333 DESCRIPTION: OpenSSL versions prior to 1.0.0 do not follow best security practices a...
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow...
Security Bulletin: Security vulnerability in IBM HTTP Server shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-8743 )
Summary There is a security vulnerability in IBM HTTP Server that is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition. IBM Cloud Orchestrator and IBM HTTP Server have addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-8743 DESCRIPTION: Apache HTTP...