35692 matches found
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server
Summary GNU Binutils is used by IBM Netezza Platform Server. IBM Netezza Platform Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-18607 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the elflinkinputbfd in...
Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)
Summary IBM Planning Analytics Workspace is affected by multiple vulnerabilites. Spring is used in IBM Planning Analytics Workspace in Server Side Rest APIs as an indirect dependency by MongoDB that is used to store content CVE-2022-22950. FasterXML jackson-databind is used in IBM Planning...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21291)
Summary An unspecified vulnerability in Java SE - CVE-2022-21291 related to the VM component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...
Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-7656, CVE-2020-11022, CVE-2020-11023
Summary Cross Site Scripting vulnerabilities in jQuery might affect Process Portal in IBM Business Automation Workflow and IBM Business Process Manager BPM. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)
Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions,...
Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2021-35550 and CVE-2021-35603)
Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about multiple security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Vulnerabilities in Open Source OpenSSL affect IBM Cisco SAN switches and directors (CVE-2016-2177 CVE-2000-1254 CVE-2016-2178).
Summary Open Source OpenSSL is used by IBM Cisco SAN switches and directors. IBM Cisco SAN switches and directors has addressed the applicable CVEs. Vulnerability Details Relevant CVE Information: CVEID: CVE-2000-1254 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
Security Bulletin: Vulnerability in the AIX kernel (CVE-2021-38989)
Summary There is a vulnerability in the AIX pmsvcs kernel extension. Vulnerability Details CVEID: CVE-2021-38989 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...
Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - January 2022 CPU plus deferred CVE-2021-35550 and CVE-2021-35603
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020
Summary Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020 Vulnerability Details CVEID: CVE-2019-17267 DESCRIPTION: FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the...
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Security Network Intrusion Prevention System (CVE-2015-7575)
Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...
Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.
Summary WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript. These vulnerabilities are addressed in App connect professional v7.5.4.0 and v7.5.5.0, customer can migrate to these versions without...
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2341
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are affected by the CVE as described in the vulnerability details section. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Jav...
Security Bulletin: Operations Dashboard is vulnerable to Log4j CVE-2021-45105
Summary Security Bulletin: Operations Dashboard is vulnerable to Log4j CVE-2021-45105 with details below Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential...
Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-45046)
Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused b...
Security Bulletin: IBM Sterling Configure, Price, Quote uses Apache Log4j 2.x which is subject to CVE-2021-44228.
Summary IBM Sterling Configure, Price, Quote uses Apache Log4j to log messages. Log message parameters could execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote...
Security Bulletin: IBM Security Privileged Identity Manager NOT Affected by CVE-2021-44228 Exploit
Summary IBM Security Privileged Identity Manager NOT Affected by CVE-2021-44228 Exploit. Vulnerability Details After conducting extensive research on product code base, it is determined that all versions of IBM Security Privileged Identity Manager are not vulnerable to Java library Apache log4j v...
Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability.
Summary App Connect Professional have addressed the following vulnerability reported in GNU C Library. Vulnerability Details CVEID: CVE-2021-27218 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an error when invoking gbytearraynewtake with a buffer of 4GB or more on a...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2021-44228)
Summary WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Vulnerabilities in PostgreSQL, Apache, Golang Go, and Linux Kernel affect IBM Spectrum Copy Data Management
Summary Vulnerabilities in PostgreSQL, Apache, Golang Go, and Linux Kernel, such as execution of arbitrary code, denial of service, bypassing security restrictions, elevation of privileges, and obtaining sensitive information, may affect IBM Spectrum Copy Data Management. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their October 2021 Vulnerability Advisory, plus CVE-2021-41035. For more information please refer to OpenJDK's October 2021 Vulnerability Advisory and the X-Force database entries referenced below...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 70. Vulnerability Details CVEID: CVE-2021-3647 DESCRIPTION: Medialize URI.js...
Security Bulletin: FileNet Content Manager is affected by a HTTP Client vulnerability
Summary FileNet Content Manager has addressed the following HTTP Client v3.0.1 and v4.0.1 vulnerability. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote...
Security Bulletin: IBM Security Guardium Insights is affected by components with known vulnerabilities (CVE-2018-10237, CVE-2020-9488)
Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sendin...
Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. CVS...
Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-0448)
Summary Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0448 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JMX component could allow a remote attacker to obtain...
Security Bulletin: Vulnerability in bind (CVE-2020-8616 and CVE-2020-8617).
Summary BIND is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-8616 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the failure to limit the number of fetches performed when processing referrals. By...
Security Bulletin: Potential vulnerability in OpenSSL
Summary A potential vulnerability has been identified related to OpenSSL. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By...
Security Bulletin: Vulnerabilities in the Python, Python cryptography , and Urllib3 affect IBM Spectrum Discover.
Summary Vulnerabilities in Python, Python cryptography , and Urllib3 such as buffering problems, SSL certificate validations for HTTP & HTTPS, Bleichenbacher timing attacks in the RSA decryption API, may affect IBM Spectrum Discover. Vulnerability Details CVEID: CVE-2020-36242 DESCRIPTION:...
Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Optim Data Growth, Test Data Management and Application Retirement. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details If you run your own Java code...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 37 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs. Vulnerability...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2021-3449, CVE-2021-3450)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...
Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5
Summary OpenSSH vulnerabilities were disclosed on July 22 , August 10, and October19, 2016 by the OpenSSH Project. OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSH and OpenSSL are used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed...
Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center
Summary Multiple Apache Tomcat vulnerabilities affect IBM Control Center. See vulnerability details for descriptions. Vulnerability Details CVEID: CVE-2020-9484 DESCRIPTION: Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...
Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper...
Security Bulletin: Issues in IBM® Java™ SDK Technology Edition affects IBM Security Identity Manager Virtual Appliance (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)
Summary There are multiple vulnerabilities in IBM® Java™ SDK Technology Edition used by IBM Security Identity Manager Virtual Appliance. IBM Security Identity Manager Virtual Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified...
Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology
Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities
Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-13734 DESCRIPTION: Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in SQLite. By persuading a victim to visi...
Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server
Summary Muiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287)
Summary IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287 with details of each below. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If...
Security Bulletin: Vulnerability in Curl affects PowerSC (CVE-2020-8231)
Summary There is a vulnerability in Curl that affects PowerSC. Vulnerability Details CVEID: CVE-2020-8231 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the improper handling of the CURLOPTCONNECTONLY option. The raw data is sent over that...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM Z Development and Test Environment - Jan 2021
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Z Development and Test Environment. The issue was disclosed as part of the IBM Java SDK updates in October 2020 CVE-2020-14577 Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: An unspecifi...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 7 and 8 used by IBM MQ. IBM MQ has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14581 DESCRIPTION: An unspecifie...
Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware
Summary IBM GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14621)
Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An unspecified...
Security Bulletin: IBM Security Guardium is affected by vulnerabilities in DB2, which Guardium ships
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2008-4692 DESCRIPTION: An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector. CVSS Base...
Security Bulletin: Steps to update DataQuant Wrokstation ans DataQuant WebSphere plugins.
Summary Query is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML function. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Netty (CVE-2019-20445, CVE-2019-20444)
Summary Security vulnerabilities affect IBM Cloud Private Vulnerability Details CVEID: CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security, caused by non-proper handling of Content-Length and Transfer-Encoding in the HttpObjectDecoder.java. A remote attacker could exploi...
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs Vulnerability Details CVEID: CVE-2020-12655 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by a flaw in the xfsagfverify function in...