35665 matches found
Security Bulletin: IBM Cloud Container Service is affected by two container file system vulnerabilities
Summary IBM Cloud Container Service is affected by the following vulnerabilities which in some cases allow unauthorized access to the file system on the cluster worker nodes, including deletion of arbitrary files and directories. This document describes the issues and mitigations. It also describ...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Tivoli Composite Application Manager for SOA. Tivoli Composite Application Manager for SOA has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-2579 DESCRIPTION: An unspecified...
Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1105, CVE-2017-1297)
Summary IBM Spectrum Protect formerly Tivoli Storage Manager Server is affected by multiple IBM DB2 vulnerabilities that could allow a local user to overwrite DB2 files, cause a denial of service, or allow a local attacker to execute arbitrary code on the system. Vulnerability Details CVEID:...
Security Bulletin: IBM Tivoli Monitoring CPU utilization (CVE-2014-0963)
Summary IBM Tivoli Monitoring is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Tivoli Monitoring is affected by a problem with the handling ...
Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine
Summary There are multiple vulnerabilities in IBM Java Runtime Environment, Versions 7 and 8 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2017-10295 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel
Summary There are multiple vulnerabilities in Linux Kernel used by IBM QRadar Network Security. IBM QRadar Network Security has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6480 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused ...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Active Bypass
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Active Bypass. IBM Security Active Bypass has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability...
Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a Denial of Service attack, and Sensitive Information Exposure. (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
Summary OpenSSL vulnerabilities announced 12-3-15 this will also cover Node.js which consumes OpenSSL Vulnerability Details CVE-ID: CVE-2015-3194 Description: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when verifying certificates via a malformed routine. An...
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM InfoSphere Guardium
Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM InfoSphere Guardium. IBM InfoSphere Guardium has addressed the applicable...
Security Bulletin: Multiple vulnerabilities addressed in the IBM Emptoris Sourcing product (CVE-2017-1447, CVE-2017-1449, CVE-2017-1450, CVE-2017-1444)
Summary The security bulletin includes multiple vulnerabilities found and addressed in IBM Emptoris Sourcing across various versions of the product. Vulnerability Details CVEID: CVE-2017-1447 DESCRIPTION: IBM Emptoris Sourcing is vulnerable to cross-site scripting. This vulnerability allows users...
Security Bulletin: Multiple vulnerabilities in PHP and memcached libraries affect IBM Tealeaf Customer Experience
Summary The IBM Tealeaf Customer Experience PCA component uses versions of PHP and memcached with reported security issues. Vulnerability Details CVEID: CVE-2013-0179 DESCRIPTION: memcached is vulnerable to a denial of service, caused by an error in the processbindelete function within memcached....
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0799 DESCRIPTION: OpenSSL could allow a remote...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Controller. IBM Cognos Controller has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2105 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow,...
Security Bulletin: Vulnerabilities in OpenSSL affect Cognos Insight (CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by Cognos Insight. Cognos Insight has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Security vulnerability in OpenSSL (CVE-2017-3736)
Summary A potential vulnerability has been reported by the OpenSSL project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle January 2018 Critical Patch Update, plus one additional vulnerability Vulnerability Details CVE IDs: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603...
Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2016-0736 CVE-2016-2161 CVE-2016-8743)
Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypt...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7 that is used by IBM Integration Designer IID and WebSphere Integration Developer WID. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Message Broker shipped with IBM WebSphere Remote Server (CVE-2014-3566 and CVE-ID: CVE-2014-3568)
Summary IBM WebSphere Message Broker is shipped as a component of IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Message Broker has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM WebSphere...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand,
Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 ... "Business Unit":"code":"BU059","label":"IBM...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream,
Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 ... "Business...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Bouncy Castle bcprov-jdk (CVE-2025-14813, CVE-2026-5598)
Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2025-14813, CVE-2026-5598 reported for bcprov-jdk18on-1.81.jar. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JA...
Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics
Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002. Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to Cross-Site Scripting (CVE-2022-34330)
Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2022-34330 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code i...
Security Bulletin: Vulnerabilities in JetBrains Kotlin affects watsonx.data
Summary jetBrains Kotlin is vulnerable to sensitive data disclosure and to weaker than expected security. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: JetBrains Kotlin could allow a local authenticated attacker to obtain sensitive information, caused by...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 287 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-45802) affects Power HMC.
Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45802 DESCRIPTION: When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources...
Security Bulletin: Multiple Vulnerabilities in http-server affect Cloud Pak System
Summary Multiple Vulnerabilities in http-server affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution encoding issue in modrewrite. By sending a specially...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by a arbitrary code execution in OpenSSH server [CVE-2024-6387]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by arbitrary code execution in OpenSSH server, caused by a signal handler race condition CVE-2024-6387. Open SSH is a component of a glibc library that is included in our Speech Service Runtimes, but not actively...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed mutiple CVEs. Vulnerability Details CVEID:CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...
Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control
Summary Node.js is vulnerable to remote attacker to obtain sensitive information, denial of service, HTTP request smuggling and allow a local authenticated attacker to gain elevated privileges on the system. These vulnerabilities affect IBM Spectrum Control. CVE-2024-27983, CVE-2024-22019,...
Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System
Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...
Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)
Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details CVEID:CVE-2024-37532 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS Tempora...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.
Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticate...
Security Bulletin: Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1
Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing...
Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775)
Summary The Jose4j library is vulnerable to a denial of service, caused by improper input validation. It could also allow a remote attacker to obtain sensitive information using cryptographic attacks. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to...
Security Bulletin: IBM MQ Appliance is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2024-20952 and CVE-2023-33850)
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped in IBM MQ Appliance. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.
Summary IBM Rational Build Forge 8.0.0.26 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a...
Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining WS-2023-0429
Summary There is a vulnerability in Enterprise Security API for Java that could allow an remote attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...
Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.
Summary IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a special...
Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 267 Vulnerability Details CVEID:CVE-2024-20919 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause hi...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642
Summary snappy-java is used by the IBM Datapower Operations Dashboard as a compressor/decompressor for Java Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted...
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store...
Security Bulletin: IBM Copy Services manager is affected by IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676
Summary IBM Copy Services Manager is affected by All applicable Java SE CVEs published by Oracle as part of their October 2023 Critical Patch Update plus CVE-2023-5676. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...