35634 matches found
Security Bulletin: IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation
Summary IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression,...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using jQuery 3.2.1 is vulnerable to Cross Site Scripting - CVE-2019-11358
Summary Applications using jQuery before 3.4.0 are vulnerable cross site scripting for CVE-2019-11358. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Jazz Reporting Service Vulnerability Details CVEID:CVE-2019-113...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to privilege escalation due to IBM WebSphere Application Server Liberty (CVE-2023-0482)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...
Security Bulletin: Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023)
Summary Vulnerability with kernel CVE-2023-2269, CVE-2023-34256, OpenJDK CVE-2023-22041 CVE-2023-22043 CVE-2023-22044 CVE-2023-22006 CVE-2023-22045 CVE-2023-22036 CVE-2023-22049, jna-platform 240628 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details...
Security Bulletin: IBM Event Streams is affected by multiple openssl vulnerabilities
Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4304, CVE-2023-0215, CVE-2023-0286. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: Multiple vulnerabilities in ivy-2.4.0.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in ivy-2.4.0.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37865 DESCRIPTION: Apache Ivy could allow a local authenticated attacker to...
Security Bulletin: Vulnerabilities found in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center(CVE-2019-10172, CVE-2019-10202)
Summary Multiple vulnerabilities have been identified in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Due to use of FasterXML Jackson-databind, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial of service.
Summary Jackson-databind is used by IBM Cloud Pak for Multicloud Management Monitoring, as part of converting serializing/deserializing data formats from XML/JSON. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a...
Security Bulletin: Multiple vulnerabilities in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On
Summary Multiple vulnerabilities exist in the Apache Log4j open source library used by IBM Security Access Manager for Enterprise Single Sign-On. These vulnerabilities have been addressed. Customers are encouraged to immediately update their systems. Vulnerability Details CVEID:CVE-2022-23307...
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to a buffer overflow and unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition (CVE-2023-21930, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968)
Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 and 8 applying to IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent is vulnerable to CVE-2023-21930, CVE-2023-21939, CVE-2023-21967 and CVE-2023-21968 and affected by...
Security Bulletin: Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent
Summary APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent is vulnerable to Google Gson gson-2.8.2.jar 217225, CVE-2022-25647. The fix/workaround includes gson-2.8.2.jar upgraded to gson-2.10.1.jar. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Googl...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2018-10237)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2018-10237)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-24998)
Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload...
Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code
Summary Logback could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...
Security Bulletin: There is a vulnerability in Prism used by IBM Maximo Asset Management (CVE-2022-23647)
Summary There is a vulnerability in Prism used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-23647 DESCRIPTION: Prism.js Prism is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Command line plugin. A remote attacker could...
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this...
Security Bulletin: TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2021-37635 DESCRIPTION: TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Thrift
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Thrift. Vulnerability Details CVEID:CVE-2019-0205 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by an error when processing untrusted Thrift payload. A remote attack...
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)
Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitiv...
Security Bulletin: IBM Safer Payments vulnerable to denial of service attack (CVE-2023-27556)
Summary The API and MCI interfaces of IBM Safer Payments are vulnerable to the Slowloris denial of service attack. This vulnerability is addressed Vulnerability Details CVEID:CVE-2023-27556 DESCRIPTION: IBM Counter Fraud Management for Safer Payments does not properly allocate resources without...
Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details CVEID: CVE-2017-7376 Descriptio...
Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-37734)
Summary There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a...
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2021-3715)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-3715 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4change in net/sched/clsroute.c. By sending a...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40303)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 caused by an integer overflow in the XMLPARSEHUGE function CVE-2022-40303. Gnome libxml2 is included as part of the Base OS used by our service images. Please read...
Security Bulletin: Multiple vulnerabilities in the mongo-tools utility affect IBM WebSphere Automation
Summary There are multiple vulnerabilities in the mongo-tools utility used in IBM WebSphere Automation. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the compilation of regula...
Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)
Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class...
Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)
Summary Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities CVE-2013-4310 CVE-2013-4316 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system via the IP interface may be obtained without authentication. Vulnerability...
Security Bulletin: Vulnerabilities OpenSSL affect SAN Volume Controller and Storwize Family (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205)
Summary Open Source OpenSSL vulnerabilities were disclosed in January 2015. OpenSSL is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use...
Security Bulletin: Vulnerability in Pluggable Authentication Modules (PAM) affects IBM SAN Volume Controller and Storwize Family (CVE-2015-3238)
Summary There is a vulnerability in Pluggable Authentication Modules PAM that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed by Red Hat in August 2015. Vulnerability Details CVEID: CVE-2015-3238 DESCRIPTION: Linux-PAM could allow a local attacker to obtain...
Security Bulletin: EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Dojo Toolkit. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote...
Security Bulletin: IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-25153 and CVE-2023-25173)
Summary IBM Cloud Kubernetes Service is affected by two security vulnerabilities found in containerd where 1 a maliciously crafted image with a large file could cause a denial of service when importing an OCI image CVE-2023-25153 and 2 supplementary groups are not set up properly inside a contain...
Security Bulletin: Vulnerabilities in OpenSSL affect Bluemix Workflow (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-204, CVE-2015-205, CVE-2015-206)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by Bluemix Workflow for internal communication. Bluemix Workflow has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2014-6593 and CVE-2015-0410)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6.0 that is used by FlashSystem 840. These issues were disclosed as part of the IBM Java SDK updates in January 2015 Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified vulnerability...
Security Bulletin: Two (2) Vulnerabilities in Apache Tomcat affect IBM FlashSystem 840 and V840 systems (CVE-2014-0075 and CVE-2014-0099)
Summary Apache Tomcat is used by IBM FlashSystem 840 and V840 systems. Apache Tomcat has two vulnerabilities which an attacker could exploit. One vulnerability could be exploited to deny access to the system’s Graphical User Interface GUI administrative interface. An attacker could exploit a seco...
Security Bulletin: Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks (CVE-2018-25031)
Summary Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks. IBM has addressed the relevant vulnerability. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...
Security Bulletin: Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution.
Summary Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service,...
Security Bulletin: Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701
Summary There is a vulnerability in Microsoft .NET Core and Visual Studio that could allow an attacker to execute arbitrary code on the system The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow a local authenticated attacker to obtain sensitive information,...
Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)
Summary IBM MQ Explorer is vulnerable to an XML External Entity Injection XXE attack due to improper XML validation in the import Wizard. Vulnerability Details CVEID:CVE-2022-22489 DESCRIPTION: IBM MQ is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote...
Security Bulletin: Security Vulnerability found in zlib fixed in the zlib version shipped with IBM Security Verify for Gateway (RADIUS & WinLogin) and for Bridge (DirSync)
Summary The security vulnerabilityheap-based buffer overflow found in zlib was fixed in the following products: IBM Security Verify Gateway for RADIUS v1.0.8, IBM Security Verify Gateway for Windows Login v1.0.9 and IBM Security Verify Bridge for Directory Sync v1.0.10 Vulnerability Details...
Security Bulletin: IBM Content Navigator is vulnerable to a Denial of Service attack due to Xstream (CVE-2022-40151, CVE-2022-40152, CVE-2022-40153)
Summary Xstream is used by IBM Content Navigator as part of the CMIS connector. CVE-2022-40151, CVE-2022-40152, CVE-2022-40153. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...
Security Bulletin: This Power System update is being released to address multiple CVEs for vTPM1.2
Summary This update addresses multiple CVEs that impacts any VM configured with a virtual trusted platform module vTPM version 1.2 Vulnerability Details CVEID:CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive...
Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)
Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2022-42932, CVE-2022-40956, CVE-2022-42928, CVE-2022-42929, CVE-2022-42927, CVE-2022-40962, CVE-2022-40958, CVE-2022-40960, CVE-2022-40957, CVE-2022-40959 Vulnerability Details CVEID:CVE-2022-42932 DESCRIPTION:...
Security Bulletin: Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus
Summary There are multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus CVE-2022-32223, CVE-2022-32213, CVE-2022-32212, CVE-2022-2097,CVE-2022-32214, CVE-2022-32215. The resolving fix includes node js 14.20.0 and openSSL 1.1.1q...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service due to CVE-2017-15412 and CVE-2016-5131
Summary libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the base operating system packages. IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information...
Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2020-10735 DESCRIPTION: Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int type in PyLongFromString. A remo...
Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to server-side forgery requests due to Kubernetes kube-apiserver (CVE-2022-3172)
Summary Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-3172 Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing a...
Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]
Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...