35744 matches found
Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-34903 DESCRIPTION: GnuPG could allow a remote attacker to conduct spoofing attacks, caused by a flaw when processing secret-key information from keyring. By sending a...
Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to server-side forgery requests due to Kubernetes kube-apiserver (CVE-2022-3172)
Summary Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-3172 Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing a...
Security Bulletin: Vulnerability in Net-SNMP affects Netcool/OMNIbus SNMP Probe (CVE-2015-5621)
Summary Netcool/OMNIbus SNMP Probe is vulnerable to a denial of service, caused by Net-SNMP. Vulnerability Details CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmppdupar...
Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]
Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo...
Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2022-27782 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an easy connection reuse flaw for TLS and SSH. ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2022) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2022. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-0778, CVE-2022-1292)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in th...
Security Bulletin: OpenSSL vulnerability affects App Connect professional v7.5.4.
Summary OpenSSL vulnerability is addressed in ACP v7.5.5.0, customer can migrate to this version without incurring any additional cost. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused b...
Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)
Summary lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21. Vulnerability Details CVEID: CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable to a denial of service, caused by uncontrolled resource consumption in Date handler. By...
Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).
Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391)
Summary IBM Security SOAR uses an older version of Python 3.6 that may be identified and exploited. An update has been released which addresses these issues. The version of Python included in the latest version of IBM ® Security Soar is 3.8. Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION:...
Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2020-4590 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of...
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)
Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute...
Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-37713)
Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by insufficient logic on Windows systems when extracting tar files that...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Global Name Management (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
Summary WebSphere Application Server is shipped as a component of Global Name Management. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Multiple vulnerabilities in IB...
Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint are vulnerable to exposing sensitive information (CVE-2022-22391)
Summary IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to 4.3.2 may be vulnerable to the exposure of sensitive information CVE-2022-22391 by allowing authenticated users to obtain information they should not be able to access. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management
Summary Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management Vulnerability Details CVEID: CVE-2016-7051 DESCRIPTION: jackson-dataformat-xml is vulnerable to server-side request forgery, caused by a flaw in the XmlMapper. By using vectors related to a DTD, an attacker could...
Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)
Summary When added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. Vulnerability Details CVEID: CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable t...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of t...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server
Summary IBM HTTP Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825, CVE-2021-46143,...
Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020
Summary Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020 Vulnerability Details CVEID: CVE-2019-17267 DESCRIPTION: FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the...
Security Bulletin: Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System
Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Intrusion Prevention System. Vulnerability...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Storage Productivity Center (CVE-2015-1927)
Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Storage Productivity Center. Information about a security vulnerability CVE-2015-1927 affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-1927...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...
Security Bulletin: IBM OpenPages for Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Multiple vulnerabilities in the Apache Log4j CVE-2021-45105 and CVE-2021-45046 open source library used by IBM OpenPages for IBM Cloud Pak for Data's logging framework. The fix includes Apache Log4j 12.17.1. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerabl...
Security Bulletin: Cloud Pak for Security is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Cloud Pak for Security CP4S is vulnerable to denial of service and arbitrary code execution CVE-2021-45105, CVE-2021-45046, through the use of Apache Log4j's JNDI logging feature in CP4S Risk Manager component and SOAR component using Elastic Search. The vulnerabilities have been addresse...
Security Bulletin: Multiple Vulnerabilities in Java Runtime affects IBM SPSS Statistics Subscription
Summary Multiple vulnerabilities in Java Runtime Environment Version 8.0 used by IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JS...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID: CVE-2020-35522 DESCRIPTION: libtiff is vulnerable to a denial of service, caused by a memory malloc failure in tifpixarlog.c. By persuading a victim to open a...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
Summary There is a security advisory for openSSL1.1.1k which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-2341)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: A...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.20, used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java ...
Security Bulletin: Multiple vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager
Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IIBM SDK, Java Technology Edition has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: TS4500 is affected by CVE-2021-25217
Summary TS4500 is affected by CVE-2021-25217 if the product is configured for DHCP. Vulnerability Details CVEID: CVE-2021-25217 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by a buffer overrun in program code used to read and parse stored leases. A remote attacker from withi...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2021-29967,CVEID: CVE-2021-29964,CVEID: CVE-2021-29985,CVEID: CVE-2021-29970,CVEID: CVE-2021-29984,CVEID: CVE-2021-24002,CVEID: CVE-2021-29946,CVEID: CVE-2021-23995,CVEID: CVE-2021-23994,CVEID:...
Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management
Summary OpenSSL is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain ...
Security Bulletin: Vulnerabilities in autofs affect Power Hardware Management Console (CVE-2014-8169)
Summary autofs is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-8169 DESCRIPTION: Red Hat autofs could allow a local attacker to gain elevated privileges on the system, caused by an error when an interpreted language is...
Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-11022, CVE-2020-11023).
Summary IBM Aspera Webapps are vulnerable to cross-site scripting. See vulnerability details for more information. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A...
Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager
Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...
Security Bulletin: Potential vulnerability in OpenSSL
Summary A potential vulnerability has been identified related to OpenSSL. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By...
Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)
Summary App Connect Enterprise Certified Container may be vulnerable to a ReDoS regular expression denial of service flaw when processing URLs due to vulnerability CVE-2021-33502 Vulnerability Details CVEID: CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
Summary There is a security advisory for openSSL1.1.1g which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server
Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-26691 DESCRIPTION: Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...
Security Bulletin: A Vulnerability in OpenSSH and Multiple Vulnerabilities in OpenSSL affect IBM GPFS V3.5 for Windows
Summary OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used ...
Security Bulletin: BIND for IBM i is affected by CVE-2021-25214 and CVE-2021-25215
Summary BIND is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-25214 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a broken inbound incremental zone update IXFR. By sending a specially crafted IXFR, an attacker could exploit...