35608 matches found
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 37 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs. Vulnerability...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2021-3449, CVE-2021-3450)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...
Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5
Summary OpenSSH vulnerabilities were disclosed on July 22 , August 10, and October19, 2016 by the OpenSSH Project. OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSH and OpenSSL are used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed...
Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center
Summary Multiple Apache Tomcat vulnerabilities affect IBM Control Center. See vulnerability details for descriptions. Vulnerability Details CVEID: CVE-2020-9484 DESCRIPTION: Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...
Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper...
Security Bulletin: Issues in IBM® Java™ SDK Technology Edition affects IBM Security Identity Manager Virtual Appliance (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)
Summary There are multiple vulnerabilities in IBM® Java™ SDK Technology Edition used by IBM Security Identity Manager Virtual Appliance. IBM Security Identity Manager Virtual Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified...
Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology
Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...
Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2019-17558)
Summary Apache Solr is vulnerable to Remote Code Execution. This has been addressed. Vulnerability Details CVEID: CVE-2019-17558 DESCRIPTION: Apache Solr could allow a remote attacker to execute arbitrary code on the system. By providing a Velocity template through the VelocityResponseWriter, an...
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities
Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-13734 DESCRIPTION: Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in SQLite. By persuading a victim to visi...
Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server
Summary Muiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287)
Summary IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287 with details of each below. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If...
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-13434, CVE-2020-13435)
Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Vulnerability Details CVEID: CVE-2020-13435 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a...
Security Bulletin: Vulnerability in Curl affects PowerSC (CVE-2020-8231)
Summary There is a vulnerability in Curl that affects PowerSC. Vulnerability Details CVEID: CVE-2020-8231 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the improper handling of the CURLOPTCONNECTONLY option. The raw data is sent over that...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM Z Development and Test Environment - Jan 2021
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Z Development and Test Environment. The issue was disclosed as part of the IBM Java SDK updates in October 2020 CVE-2020-14577 Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: An unspecifi...
Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware
Summary IBM GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14621)
Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An unspecified...
Security Bulletin: IBM Security Guardium is affected by vulnerabilities in DB2, which Guardium ships
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2008-4692 DESCRIPTION: An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector. CVSS Base...
Security Bulletin: Steps to update DataQuant Wrokstation ans DataQuant WebSphere plugins.
Summary Query is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML function. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Netty (CVE-2019-20445, CVE-2019-20444)
Summary Security vulnerabilities affect IBM Cloud Private Vulnerability Details CVEID: CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security, caused by non-proper handling of Content-Length and Transfer-Encoding in the HttpObjectDecoder.java. A remote attacker could exploi...
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs Vulnerability Details CVEID: CVE-2020-12655 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by a flaw in the xfsagfverify function in...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Predictive Insight
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Predictive Insight. IBM Predictive Insight has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability...
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Apache Tomcat 7.099 (CVE-2020-13935)
Summary Apache Tomcat 7.099 is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an...
Security Bulletin: IBM Event Streams is affected by multiple Java vulnerabilities
Summary IBM Event Streams is affected by multiple Java vulnerabilities in the Java runtime Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager for Wireline April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654
Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager. This issues is disclosed as part of the IBM Java SDK updates for April 2020. Information about a security vulnerability affecting IBM WebSphere Application Server ha...
Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for UNIX (CVE-2016-2183)
Summary An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for UNIX uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allo...
Security Bulletin: WML CE: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Summary Tensorflow uses SQLite as its embedded SQL database engine. SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c so it has been updated to 3.32.3 in WML CE. Vulnerability Details CVEID: CVE-2020-13435 DESCRIPTION: SQLite is vulnerable to a denial of service,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2019 and January 2020. Vulnerability Details CVEID: CVE-2020-2593...
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Cloud App Management (CVE-2020-2593)
Summary An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. This vulnerability has been addressed by IBM Cloud App Management in a later...
Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities
Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2019-10092 DESCRIPTION: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacke...
Security Bulletin: Security Vulnerability in OpenSSL affect IBM Netezza Analytics
Summary OpenSSL is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification...
Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097)
Summary Aspera Web Application Faspex, Console, Shares, Orchestrator have affected the following Apache vulnerabilities. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of...
Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), )
Summary Aspera Web Applications Faspex, Console, Shares have addressed the following Apache vulnerabilities. Vulnerability Details CVEID: CVE-2019-10081 DESCRIPTION: HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory ...
Security Bulletin: Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local
Summary Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-5482 DESCRIPTION: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVSS Base score: 6.3 CVSS Temporal Score: See:...
Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019, July 2019 and October 2019. IBM Cognos Business Intelligence...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool/OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack...
Security Bulletin: IBM i is affected by DHCP vulnerabilities (CVE-2015-8605 and CVE-2016-2774).
Summary IBM i DHCP is vulnerable to several security vulnerabilities. Vulnerability Details CVEID: CVE-2015-8605 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by the failure to properly check the UDP payload length. By sending a specially crafted packet with an invalid IPv4 U...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2015-2638 DESCRIPTION: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete...
Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud Integration (CVE-2015-3197)
Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud Integration, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct...
Security Bulletin: Vulnerabilities in Bash affect IBM PureData System for Operational Analytics (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM PureData System for Operational Analytics. Vulnerability Detai...
Security Bulletin: L1TF - L1 Terminal Fault Attack affect IBM Netezza Host Management
Summary Open Source Linux Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPUs could allow a local attacker to obtain sensitive information, caused by a flaw in the...
Security Bulletin: IBM Cloud Private for Data is affected by a privilege escalation vulnerability in Kubernetes API server
Summary IBM Cloud Private for Data is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2018-1002105 DESCRIPTION: Kubernetes could allow a...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-zb
Summary AT&T has released versions 1801-zb for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer.
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Releases 1801-w and 1801-y
Summary AT&T has released versions 1801-w and 1801-y for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libxml2 (CVE-2016-9318 CVE-2016-9597)
Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in libxml2. Vulnerability Details CVEID: CVE-2016-9318 Description: Libxml2 cou...
Security Bulletin: Vulnerability in IBM Java Runtime affect IBM SONAS (CVE-2016-0705)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, that is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs. Vulnerability Details IBM SONAS is shipped with Java. Java is required for SONAS administration, for executing SONAS specific commands on...
Security Bulletin: Apache Struts Vulnerability Can Affect IBM Sterling Order Management (CVE-2018-11776)
Summary IBM Sterling Order Management uses Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error...
Security Bulletin: Vulnerabilities in libjpeg affect IBM BladeCenter Advanced Management Module (AMM)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libjpeg. Vulnerability Details CVEID: CVE-2018-11813 DESCRIPTION: libjpeg is vulnerable to a denial of service, caused by a large loop in the readpixel function in rdtarga.c. By persuading a vict...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7 & 8 and IBM® Runtime Environment Java™ Versions 6,7 & 8 used by IBM Security Access Manager software and appliances. These issues were disclosed as part of the IBM Java SDK updates in January 2018...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on March 1, 2016 by the...