35665 matches found
Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow a local authenticated attacker to obtain sensitive information,...
Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)
Summary IBM MQ Explorer is vulnerable to an XML External Entity Injection XXE attack due to improper XML validation in the import Wizard. Vulnerability Details CVEID:CVE-2022-22489 DESCRIPTION: IBM MQ is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote...
Security Bulletin: Security Vulnerability found in zlib fixed in the zlib version shipped with IBM Security Verify for Gateway (RADIUS & WinLogin) and for Bridge (DirSync)
Summary The security vulnerabilityheap-based buffer overflow found in zlib was fixed in the following products: IBM Security Verify Gateway for RADIUS v1.0.8, IBM Security Verify Gateway for Windows Login v1.0.9 and IBM Security Verify Bridge for Directory Sync v1.0.10 Vulnerability Details...
Security Bulletin: IBM Content Navigator is vulnerable to a Denial of Service attack due to Xstream (CVE-2022-40151, CVE-2022-40152, CVE-2022-40153)
Summary Xstream is used by IBM Content Navigator as part of the CMIS connector. CVE-2022-40151, CVE-2022-40152, CVE-2022-40153. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...
Security Bulletin: This Power System update is being released to address multiple CVEs for vTPM1.2
Summary This update addresses multiple CVEs that impacts any VM configured with a virtual trusted platform module vTPM version 1.2 Vulnerability Details CVEID:CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive...
Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)
Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2022-42932, CVE-2022-40956, CVE-2022-42928, CVE-2022-42929, CVE-2022-42927, CVE-2022-40962, CVE-2022-40958, CVE-2022-40960, CVE-2022-40957, CVE-2022-40959 Vulnerability Details CVEID:CVE-2022-42932 DESCRIPTION:...
Security Bulletin: Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus
Summary There are multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus CVE-2022-32223, CVE-2022-32213, CVE-2022-32212, CVE-2022-2097,CVE-2022-32214, CVE-2022-32215. The resolving fix includes node js 14.20.0 and openSSL 1.1.1q...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service due to CVE-2017-15412 and CVE-2016-5131
Summary libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the base operating system packages. IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information...
Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2020-10735 DESCRIPTION: Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int type in PyLongFromString. A remo...
Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to server-side forgery requests due to Kubernetes kube-apiserver (CVE-2022-3172)
Summary Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-3172 Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing a...
Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]
Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.
Abstract IBM Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013:1140|...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo...
Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2022-27782 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an easy connection reuse flaw for TLS and SSH. ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2022) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2022. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-0778, CVE-2022-1292)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in th...
Security Bulletin: IBM Rational Build Forge is affected by Apache Http Server version used in it. (CVE-2022-22719)
Summary IBM Rational Build Forge is affected by the CVE-2022-22719 Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a random memory area, a remote attacker could exploit this...
Security Bulletin: OpenSSL vulnerability affects App Connect professional v7.5.4.
Summary OpenSSL vulnerability is addressed in ACP v7.5.5.0, customer can migrate to this version without incurring any additional cost. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused b...
Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).
Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...
Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2020-4590 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of...
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)
Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute...
Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-37713)
Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by insufficient logic on Windows systems when extracting tar files that...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Global Name Management (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
Summary WebSphere Application Server is shipped as a component of Global Name Management. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Multiple vulnerabilities in IB...
Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint are vulnerable to exposing sensitive information (CVE-2022-22391)
Summary IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to 4.3.2 may be vulnerable to the exposure of sensitive information CVE-2022-22391 by allowing authenticated users to obtain information they should not be able to access. Vulnerability Details...
Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)
Summary When added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. Vulnerability Details CVEID: CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable t...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of t...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server
Summary IBM HTTP Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825, CVE-2021-46143,...
Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)
Summary There is a vulnerability in the AIX audit user commands. Vulnerability Details CVEID:CVE-2021-38955 DESCRIPTION: IBM AIX could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. CVSS Base score: 4.4 CVSS...
Security Bulletin: Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System
Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Intrusion Prevention System. Vulnerability...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Storage Productivity Center (CVE-2015-1927)
Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Storage Productivity Center. Information about a security vulnerability CVE-2015-1927 affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-1927...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...
Security Bulletin: IBM OpenPages for Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Multiple vulnerabilities in the Apache Log4j CVE-2021-45105 and CVE-2021-45046 open source library used by IBM OpenPages for IBM Cloud Pak for Data's logging framework. The fix includes Apache Log4j 12.17.1. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerabl...
Security Bulletin: Vulnerability inApache Log4j - CVE-2021-45046 may affect IBM Watson Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability inApache Log4j - CVE-2021-45046 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to detai...
Security Bulletin: Cloud Pak for Security is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Cloud Pak for Security CP4S is vulnerable to denial of service and arbitrary code execution CVE-2021-45105, CVE-2021-45046, through the use of Apache Log4j's JNDI logging feature in CP4S Risk Manager component and SOAR component using Elastic Search. The vulnerabilities have been addresse...
Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect for Space Management (CVE-2021-44832)
Summary A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect for Space Management includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix packages include Apache Log4j 2.17.1. Vulnerability Details...
Security Bulletin: IBM Data Model for Energy and Utilities is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library is used by IBM Data Model for Energy and Utilities. This affects the Industry Models - Glossary Tools optional component. The fix includes Apache Log4j v2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...
Security Bulletin: Multiple Vulnerabilities in Java Runtime affects IBM SPSS Statistics Subscription
Summary Multiple vulnerabilities in Java Runtime Environment Version 8.0 used by IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JS...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID: CVE-2020-35522 DESCRIPTION: libtiff is vulnerable to a denial of service, caused by a memory malloc failure in tifpixarlog.c. By persuading a victim to open a...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
Summary There is a security advisory for openSSL1.1.1k which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-2341)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: A...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.20, used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java ...
Security Bulletin: Multiple vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager
Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IIBM SDK, Java Technology Edition has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson 11.2.1 Vulnerability Details CVEID: CVE-2017-12620 DESCRIPTION: Apache OpenNLP could allow a remote attacker to obtain sensitive information, caused by an XXE attack when loading models or dictionaries that...
Security Bulletin: TS4500 is affected by CVE-2021-25217
Summary TS4500 is affected by CVE-2021-25217 if the product is configured for DHCP. Vulnerability Details CVEID: CVE-2021-25217 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by a buffer overrun in program code used to read and parse stored leases. A remote attacker from withi...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2021-29967,CVEID: CVE-2021-29964,CVEID: CVE-2021-29985,CVEID: CVE-2021-29970,CVEID: CVE-2021-29984,CVEID: CVE-2021-24002,CVEID: CVE-2021-29946,CVEID: CVE-2021-23995,CVEID: CVE-2021-23994,CVEID:...