35661 matches found
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection
Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38944 DESCRIPTION: IBM DataPower Gateway is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable syste...
Security Bulletin: Flex System Manager (FSM) June 2013 Java Vulnerabilities
Summary Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM. Vulnerability Details Abstract Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2468 CVSS Base Score:Â...
Security Bulletin: A vulnerability in Dojo affects IBM InfoSphere Information Server (CVE-2021-23450)
Summary A vulnerability in Dojo that is used by IBM InfoSphere Information Server is addressed. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2022-23772, CVE-2022-23773, CVE-2022-23806)
Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2022-23772 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-23362, CVE-2021-22918)
Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION: Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the fromUrl function in index.js. By...
Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM InfoSphere Global Name Management (CVE-2021-35578, CVE-2021-35550, CVE-2021-35603)
Summary There are multiple vulnerabilities in the Java used in IBM InfoSphere Global Name Management GNM. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere Global Name...
Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management
Summary Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management Vulnerability Details CVEID: CVE-2016-7051 DESCRIPTION: jackson-dataformat-xml is vulnerable to server-side request forgery, caused by a flaw in the XmlMapper. By using vectors related to a DTD, an attacker could...
Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23806
Summary Operations Dashboard is vulnerable to Go CVE-2022-23806 with details below Vulnerability Details CVEID: CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a...
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Security Network Intrusion Prevention System (CVE-2015-7575)
Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...
Security Bulletin: Vulnerabilities in Bash affect Network Intrusion Prevention System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM Security Network Intrusion Prevention System. Vulnerability Detail...
Security Bulletin: IBM QRadar SIEM can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)
Summary Previous releases of IBM QRadar Security Information and Event Manager, IBM QRadar Vulnerability Manager and IBM QRadar Risk Manager are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7. Vulnerability Details CVEID: CVE-2014-0453...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)
Summary IBM Sterling File Gateway is impacted by Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details CVEID: CVE-2021-4510...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104)
Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JMSAppender in Apache Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The fix includes Apache Log4j 2.17.1...
Security Bulletin: IBM® Disconnected Log Collector is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Apache Log4j is used by IBM® Disconnected Log Collector to log system events. This bulletin provides a remediation for the vulnerabilities, CVE-2021-45105 and CVE-2021-45046 by upgrading IBM® Disconnected Log Collector and thus addressing the exposure to the Apache Log4j vulnerabilities...
Security Bulletin: IBM® Security SOAR is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046).
Summary Apache Log4j, a dependency of Elasticsearch as used in IBM® Security SOAR, has known vulnerabilities CVE-2021-45105, CVE-2021-45046. These are addressed by upgrading IBM Security SOAR to the latest build of v42 or latest build of v43. The fix packages include Apache Log4j 2.17...
Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server
Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale for logging which is bundled in IBM Elastic Storage System. Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-4104, CVE-2021-45046).
Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies
Summary IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies that were inadvertently missed during previous scans. Vulnerability Details CVEID: CVE-2021-21409 DESCRIPTION: Netty is vulnerable to request smuggling, caused by improper validation of request...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2021-44228)
Summary WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Multiple vulnerabilities in jQuery-UI affect IBM Tivoli Netcool Impact (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)
Summary The jQuery-UI library is shipped as a component of Tivoli Netcool/Impact. Information about security vulnerabilities affecting jQuery-UI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site...
Security Bulletin: IBM Sterling Order Management is affected by Apache Commons BeanUtils security vulnerabilities (CVE-2019-10086)
Summary IBM Sterling Order Management use Apache Commons BeanUtils and are affected by some of the vulnerabilities that exist in this component. Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the syste...
Security Bulletin: Operations Dashboard is vulnerable to multiple Go vulnerabilities
Summary Operations Dashboard is vulnerable to multiple Go vulnerabilities with details of each below Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP85 and Version 8 SR6-FP30 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates. Vulnerability Details CVEID: CVE-2021-238...
Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability (CVE-2020-11612)
Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a...
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i
Summary Apache HTTP Server on IBM i is vulnerabile to the issues described in the vulnerability details section. IBM i has addressed the vulnerabilities in the Apache HTTP Server implementation as described in the remediation/fixes section. Vulnerability Details CVEID: CVE-2021-31618 DESCRIPTION:...
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect Power Hardware Management Console (CVE-2014-6512, CVE-2014-3566, CVE-2014-6457, CVE-2014-6558)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is used by Power Hardware Management Console. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the...
Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109)
Summary Open SSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a buffer underflow when deserializing untrusted...
Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341)
Summary This Security Bulletin provides steps for updating Java for Db2 Query Management Facility QMF Workstation and QMF Vision. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to...
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Type response...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat from v5.5.36 to v7.0.90 in IBM Platform Symphony 6.1.1 and from v6.0.43 to v8.5.32 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerability CVE-2018-8014 in Tomcat. Vulnerability Details CVE-ID:...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: A...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An...
Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-25215 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an assertion failure while answering queries fo...
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2021-3347 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gai...
Security Bulletin: Multiple vulnerabilities in the IBM® Runtime Environments, Java™ Technology Edition, Version 6 affects the IBM InfoSphere Optim Data Masking Solution.
Summary There are multiple vulnerabilities in the IBM Runtime Environments, Java Technology Edition, Version 6 CVE-2015-0488, CVE-2015-2808,CVE-2015-0410, CVE-2015-1916,CVE-2015-0204 that affect the IBM InfoSphere Optim Data Masking Solution. These issues were disclosed as part of the IBM Java SD...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.37 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerability CVE-2018-11784 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2018-11784 Description: Apache Tomcat could allow...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability (CVE-2020-1971)
Summary IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability CVE-2020-1971 with details below. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by...
Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation
Summary IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. Vulnerability Details CVEID: CVE-2018-18224 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In...
Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus
Summary Multiple vulnerabilities in Node.js and FasterXML jackson-databind may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly....
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 7 and 8 used by IBM MQ. IBM MQ has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14581 DESCRIPTION: An unspecifie...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle October 2020 Critical Patch Update minus CVE-2020-14781 and CVE-2020-14782. CVE-2020-14781 and CVE-2020-14782 will be covered by additional bulletins. Vulnerability Details CVEID: CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by TPF Toolkit. TPF Toolkit has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
Security Bulletin: A GNU C Library vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
Summary A GNU C Library vulnerability, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-10029 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by ...
Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant
Summary Versions of IBP images javaenv and dind before 2.5.1 release on 12082020 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID:...
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2020-14385 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by ...