35634 matches found
Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]
Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.
Abstract IBM Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013:1140|...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo...
Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2022-27782 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an easy connection reuse flaw for TLS and SSH. ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2022) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2022. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-0778, CVE-2022-1292)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in th...
Security Bulletin: OpenSSL vulnerability affects App Connect professional v7.5.4.
Summary OpenSSL vulnerability is addressed in ACP v7.5.5.0, customer can migrate to this version without incurring any additional cost. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused b...
Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2020-4590 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of...
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)
Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute...
Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-37713)
Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by insufficient logic on Windows systems when extracting tar files that...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Global Name Management (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
Summary WebSphere Application Server is shipped as a component of Global Name Management. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Multiple vulnerabilities in IB...
Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint are vulnerable to exposing sensitive information (CVE-2022-22391)
Summary IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to 4.3.2 may be vulnerable to the exposure of sensitive information CVE-2022-22391 by allowing authenticated users to obtain information they should not be able to access. Vulnerability Details...
Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)
Summary When added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. Vulnerability Details CVEID: CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable t...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of t...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server
Summary IBM HTTP Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825, CVE-2021-46143,...
Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)
Summary There is a vulnerability in the AIX audit user commands. Vulnerability Details CVEID:CVE-2021-38955 DESCRIPTION: IBM AIX could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. CVSS Base score: 4.4 CVSS...
Security Bulletin: Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System
Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Intrusion Prevention System. Vulnerability...
Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)
Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Storage Productivity Center (CVE-2015-1927)
Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Storage Productivity Center. Information about a security vulnerability CVE-2015-1927 affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-1927...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...
Security Bulletin: Vulnerability inApache Log4j - CVE-2021-45046 may affect IBM Watson Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability inApache Log4j - CVE-2021-45046 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to detai...
Security Bulletin: Cloud Pak for Security is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Cloud Pak for Security CP4S is vulnerable to denial of service and arbitrary code execution CVE-2021-45105, CVE-2021-45046, through the use of Apache Log4j's JNDI logging feature in CP4S Risk Manager component and SOAR component using Elastic Search. The vulnerabilities have been addresse...
Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect for Space Management (CVE-2021-44832)
Summary A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect for Space Management includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix packages include Apache Log4j 2.17.1. Vulnerability Details...
Security Bulletin: IBM Data Model for Energy and Utilities is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library is used by IBM Data Model for Energy and Utilities. This affects the Industry Models - Glossary Tools optional component. The fix includes Apache Log4j v2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...
Security Bulletin: Multiple Vulnerabilities in Java Runtime affects IBM SPSS Statistics Subscription
Summary Multiple vulnerabilities in Java Runtime Environment Version 8.0 used by IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JS...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID: CVE-2020-35522 DESCRIPTION: libtiff is vulnerable to a denial of service, caused by a memory malloc failure in tifpixarlog.c. By persuading a victim to open a...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
Summary There is a security advisory for openSSL1.1.1k which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-2341)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: A...
Security Bulletin: This Power System update is being released to address CVE-2018-5391
Summary POWER9: In response to a denial of service vulnerability, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-5391. A remote attacker could use large IP frames to trigger time and calculation expensive calls in the...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.20, used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java ...
Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2021-2441 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Cluster: JS module component could allow an authenticated attacker to cause a denial of service resulting in a high...
Security Bulletin: Multiple vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager
Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IIBM SDK, Java Technology Edition has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson 11.2.1 Vulnerability Details CVEID: CVE-2017-12620 DESCRIPTION: Apache OpenNLP could allow a remote attacker to obtain sensitive information, caused by an XXE attack when loading models or dictionaries that...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2021-29967,CVEID: CVE-2021-29964,CVEID: CVE-2021-29985,CVEID: CVE-2021-29970,CVEID: CVE-2021-29984,CVEID: CVE-2021-24002,CVEID: CVE-2021-29946,CVEID: CVE-2021-23995,CVEID: CVE-2021-23994,CVEID:...
Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management
Summary OpenSSL is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain ...
Security Bulletin: Vulnerabilities in autofs affect Power Hardware Management Console (CVE-2014-8169)
Summary autofs is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-8169 DESCRIPTION: Red Hat autofs could allow a local attacker to gain elevated privileges on the system, caused by an error when an interpreted language is...
Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)
Summary App Connect Enterprise Certified Container may be vulnerable to a ReDoS regular expression denial of service flaw when processing URLs due to vulnerability CVE-2021-33502 Vulnerability Details CVEID: CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
Summary There is a security advisory for openSSL1.1.1g which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server
Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-26691 DESCRIPTION: Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...
Security Bulletin: A Vulnerability in OpenSSH and Multiple Vulnerabilities in OpenSSL affect IBM GPFS V3.5 for Windows
Summary OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used ...
Security Bulletin: BIND for IBM i is affected by CVE-2021-25214 and CVE-2021-25215
Summary BIND is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-25214 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a broken inbound incremental zone update IXFR. By sending a specially crafted IXFR, an attacker could exploit...
Security Bulletin: Multiple vulnerabilities in SSL affect IBM DataPower Gateways
Summary SSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA privat...
Security Bulletin: IBM DataPower Gateway has released a fixpack in response to the vulnerability known as Spectre.
Summary IBM has released the following fixpack for IBM DataPower Gateways in response to CVE-2017-5753. Vulnerability Details CVEID: CVE-2017-5753 Affected Products and Versions IBM DataPower Gateways appliances, versions 7.1.0.0-7.1.0.21, 7.2.0.0-7.2.0.18, 7.5.0.0-7.5.0.12, 7.5.1.0-7.5.1.11,...
Security Bulletin: Multiple vulnerabilities may affect JRE in IBM DataPower Gateway
Summary IBM has addressed the relevant CVEs Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using...
Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation
Summary IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. Vulnerability Details CVEID: CVE-2019-2756 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technolo...