35608 matches found
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the...
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery.
Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by IBM CICS TX on Cloud. IBM CICS TX on Cloud has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...
Security Bulletin: IBM Aspera Orchestrator was vulnerable to denial of service due to an Apache HTTP Server vulnerability (CVE-2021-34798)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-34798 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in httpd core. By sending a specially crafted request, a...
Security Bulletin: IBM Aspera Orchestrator affected by OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)
Summary The following vulnerabilities have been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the logic during ...
Security Bulletin: IBM Process Mining is vulnerable to Prototype Pollution due to json-schema CVE-2021-3918
Summary json-schema is used by IBM Process Mining. CVE-2021-3918. The fix includes json-schema 0.4.0 Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of object...
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2021-28165)
Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty i...
Security Bulletin: Vulnerability in Lodash affects IBM Process Mining (Multiple CVEs)
Summary There is a vulnerability in Lodash that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Netty (CVE-2021-37136, CVE-2021-37137)
Summary IBM Sterling B2B Intergrator has addressed the security vulnerabilities in Netty. Vulnerability Details CVEID:CVE-2021-37136 DESCRIPTION: Netty netty-codec is vulnerable to a denial of service, caused by not allow size restrictions for decompressed data in the Bzip2Decoder. By sending a...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to multiple jsonwebtoken CVEs
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to jsonwebtoken CVE-2022-23541, CVE-2022-23539, CVE-2022-23529, CVE-2022-23540. The resolving fix includes jsonwebtoken version 9.0.0. A mitigation is provided for IBM Integration Bus Vulnerability...
Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management
Summary Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management. Vulnerabilities include denial of service, elevation of privileges, obtaining sensitive information, bypassing security restrictions, buffer overflow, and execution of arbitrary code on system...
Security Bulletin: A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
Summary A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details and a remediation/fix for this issue. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypas...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2019-11358).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input in Drupal core. CVE-2019-11358. jQuery is used by the runtime components included in IBM Watson Speech. Please read the...
Security Bulletin: Operations Dashboard is vulnerable to multiple Go CVEs
Summary Operations Dashboard is vulnerable to multiple Go CVEs with details below Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a specially-crafted...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to unsafe deserialization due to Apache MINA SSHD (CVE-2022-45047)
Summary Apache MINA SSHD is used by IBM Tivoli Netcool Impact as part of the Command Line Manager service. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to execute...
Security Bulletin: IBM DataPower Gateway subject to a memory leak in TCP source port generation (CVE-2022-1012)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation algorithm in the net/ipv4/tcp.c function. By sending a...
Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]
Summary Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-428...
Security Bulletin: Multiple Security Vulnerabilities exist in IBM Planning Analytics Express and IBM Cognos Express.
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Planning Analytics Express and IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. OpenSSL vulnerabilities were disclosed ...
Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is...
Security Bulletin: Multiple vulnerabilities in Apache Ant affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in Apache Ant used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By...
Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by multiple OpenSSL vulnerabilities
Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Tivoli Netcool System Service Monitors/Application Service Monitors. Content VULNERABILITY DETAILS: CVE Ids: CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108...
Security Bulletin: GSKit TLS Padding Vulnerability affects IBM Tivoli/Security Server on Asset and Service Management (CVE-2014-8730)
Summary IBM Tivoli/Security Directory Server ITDS/ISDS are affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details CVE-ID : CVE-2014-8730 DESCRIPTION : IBM Security Directory Server could allow a remote attacker to obtain...
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
Summary Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Vulnerability Details CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041...
Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere Application Server and WebSphere Application Server Hypervisor Edition. This vulnerability does not affect the IBM HTTP Server or versions of WebSphere Application Server prior ...
Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1283)
Summary Denial of service may affect IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403....
Security Bulletin: IBM Security Verify Governance is vulnerable to Denial of Service (CVE-2021-35578)
Summary IBM Security Verify Governance is vulnerable to denial of service by an unauthenticated attacker due to a vulnerability in Java SE related to the JSSE component CVE-2021-35578. The fix includes upgrading Java SE and Liberty to patched versions. Vulnerability Details CVEID:CVE-2021-35578...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx. Vulnerability Details CVEID:CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack,...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has multiple vulnerabilities associated with the Go runtime (CVE-2021-29923, CVE-2021-31525, CVE-2021-33194, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198)
Summary The Go runtime is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to interact with the operating system and provide utility functions. Vulnerability Details CVEID:CVE-2021-34558 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the...
Security Bulletin: OpenSSL vulnerabilities in the IBM Security Verify Information Queue web server (CVE-2021-3711, CVE-2021-3712)
Summary The web server in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older Node.js version with two known OpenSSL vulnerabilities. ISIQ v10.0.3 upgraded to a Node.js version that includes a newer OpenSSL to remediate the vulnerabilities. CVE-2021-3711, CVE-2021-3712 Vulnerability...
Security Bulletin: Enterprise Content Management System Monitor is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Enterprise Content Management System Monitor is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-45105 and CVE-2021-45046. Apache Log4j is used by Enterprise Content Management System Monitor as part of its logging infrastructure.The fix includes Apache Log4j v2.17.1...
Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Server (CVE-2021-35550, CVE-2021-35603)
Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Server and may be affected by the below vulnerabilities CVEs. Vulnerability Details CVEID: CVE-2021-35603...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to various attacks due to its use of redis (CVE-2021-32675, CVE-2021-32626, CVE-2021-32672)
Summary Redis is used by several components in IBM Cloud Pak for Multicloud Management Monitoring as an in-memory shared cache database. It is not exposed outside the cluster. Vulnerability Details CVEID: CVE-2021-32672 DESCRIPTION: Redis could allow a remote authenticated attacker to obtain...
Security Bulletin: A vulnerability in zlib affects IBM Common Inventory Technology (CIT).
Summary Zlib library before 1.2.12 used by IBM Common Inventory Technology is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruptio...
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server
Summary GNU Binutils is used by IBM Netezza Platform Server. IBM Netezza Platform Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-18607 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the elflinkinputbfd in...
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection
Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38944 DESCRIPTION: IBM DataPower Gateway is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable syste...
Security Bulletin: Flex System Manager (FSM) June 2013 Java Vulnerabilities
Summary Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM. Vulnerability Details Abstract Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2468 CVSS Base Score:Â...
Security Bulletin: A vulnerability in Dojo affects IBM InfoSphere Information Server (CVE-2021-23450)
Summary A vulnerability in Dojo that is used by IBM InfoSphere Information Server is addressed. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2022-23772, CVE-2022-23773, CVE-2022-23806)
Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2022-23772 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-23362, CVE-2021-22918)
Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION: Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the fromUrl function in index.js. By...
Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM InfoSphere Global Name Management (CVE-2021-35578, CVE-2021-35550, CVE-2021-35603)
Summary There are multiple vulnerabilities in the Java used in IBM InfoSphere Global Name Management GNM. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere Global Name...
Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management
Summary Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management Vulnerability Details CVEID: CVE-2016-7051 DESCRIPTION: jackson-dataformat-xml is vulnerable to server-side request forgery, caused by a flaw in the XmlMapper. By using vectors related to a DTD, an attacker could...
Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23806
Summary Operations Dashboard is vulnerable to Go CVE-2022-23806 with details below Vulnerability Details CVEID: CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a...
Security Bulletin: Vulnerabilities in Bash affect Network Intrusion Prevention System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM Security Network Intrusion Prevention System. Vulnerability Detail...
Security Bulletin: IBM QRadar SIEM can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)
Summary Previous releases of IBM QRadar Security Information and Event Manager, IBM QRadar Vulnerability Manager and IBM QRadar Risk Manager are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7. Vulnerability Details CVEID: CVE-2014-0453...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)
Summary IBM Sterling File Gateway is impacted by Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details CVEID: CVE-2021-4510...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104)
Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JMSAppender in Apache Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The fix includes Apache Log4j 2.17.1...
Security Bulletin: IBM® Disconnected Log Collector is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Apache Log4j is used by IBM® Disconnected Log Collector to log system events. This bulletin provides a remediation for the vulnerabilities, CVE-2021-45105 and CVE-2021-45046 by upgrading IBM® Disconnected Log Collector and thus addressing the exposure to the Apache Log4j vulnerabilities...
Security Bulletin: IBM® Security SOAR is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046).
Summary Apache Log4j, a dependency of Elasticsearch as used in IBM® Security SOAR, has known vulnerabilities CVE-2021-45105, CVE-2021-45046. These are addressed by upgrading IBM Security SOAR to the latest build of v42 or latest build of v43. The fix packages include Apache Log4j 2.17...
Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server
Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale for logging which is bundled in IBM Elastic Storage System. Vulnerability Details CVEID:...