35634 matches found
Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-4104, CVE-2021-45046).
Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies
Summary IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies that were inadvertently missed during previous scans. Vulnerability Details CVEID: CVE-2021-21409 DESCRIPTION: Netty is vulnerable to request smuggling, caused by improper validation of request...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2021-44228)
Summary WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Multiple vulnerabilities in jQuery-UI affect IBM Tivoli Netcool Impact (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)
Summary The jQuery-UI library is shipped as a component of Tivoli Netcool/Impact. Information about security vulnerabilities affecting jQuery-UI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site...
Security Bulletin: IBM Sterling Order Management is affected by Apache Commons BeanUtils security vulnerabilities (CVE-2019-10086)
Summary IBM Sterling Order Management use Apache Commons BeanUtils and are affected by some of the vulnerabilities that exist in this component. Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the syste...
Security Bulletin: Operations Dashboard is vulnerable to multiple Go vulnerabilities
Summary Operations Dashboard is vulnerable to multiple Go vulnerabilities with details of each below Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP85 and Version 8 SR6-FP30 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates. Vulnerability Details CVEID: CVE-2021-238...
Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability (CVE-2020-11612)
Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a...
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i
Summary Apache HTTP Server on IBM i is vulnerabile to the issues described in the vulnerability details section. IBM i has addressed the vulnerabilities in the Apache HTTP Server implementation as described in the remediation/fixes section. Vulnerability Details CVEID: CVE-2021-31618 DESCRIPTION:...
Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109)
Summary Open SSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a buffer underflow when deserializing untrusted...
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect Power Hardware Management Console (CVE-2014-6512, CVE-2014-3566, CVE-2014-6457, CVE-2014-6558)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is used by Power Hardware Management Console. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the...
Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341)
Summary This Security Bulletin provides steps for updating Java for Db2 Query Management Facility QMF Workstation and QMF Vision. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: A...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An...
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2021-3347 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gai...
Security Bulletin: Multiple vulnerabilities in the IBM® Runtime Environments, Java™ Technology Edition, Version 6 affects the IBM InfoSphere Optim Data Masking Solution.
Summary There are multiple vulnerabilities in the IBM Runtime Environments, Java Technology Edition, Version 6 CVE-2015-0488, CVE-2015-2808,CVE-2015-0410, CVE-2015-1916,CVE-2015-0204 that affect the IBM InfoSphere Optim Data Masking Solution. These issues were disclosed as part of the IBM Java SD...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.37 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerability CVE-2018-11784 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2018-11784 Description: Apache Tomcat could allow...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability (CVE-2020-1971)
Summary IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability CVE-2020-1971 with details below. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 7 and 8 used by IBM MQ. IBM MQ has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14581 DESCRIPTION: An unspecifie...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle October 2020 Critical Patch Update minus CVE-2020-14781 and CVE-2020-14782. CVE-2020-14781 and CVE-2020-14782 will be covered by additional bulletins. Vulnerability Details CVEID: CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by TPF Toolkit. TPF Toolkit has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
Security Bulletin: A GNU C Library vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
Summary A GNU C Library vulnerability, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-10029 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by ...
Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant
Summary Versions of IBP images javaenv and dind before 2.5.1 release on 12082020 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID:...
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2020-14385 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by ...
Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java S...
Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the...
Security Bulletin: IBM Cloud Private is vulnerable to multiple node.js vulnerabilities (CVE-2020-11080, CVE-2020-10531, CVE-2020-8172, CVE-2020-8174)
Summary IBM Cloud Private is vulnerable to multiple node.js vulnerabilities Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32 settings by default. By sending overly large...
Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on 5 June 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and...
Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...
Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)
Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...
Security Bulletin: Spice-server vulnerabilities affect IBM SmartCloud Entry (CVE-2016-0749 CVE-2016-2150 )
Summary SmartCloud Entry is vulerable to Spice-server vulnerabilities. Attackers could exploit them to cause improper bounds checking by smartcard interaction or bypass security restrictions Vulnerability Details CVEID: CVE-2016-0749 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer...
Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by multiple vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 53. Vulnerability Details CVEID: CVE-2018-16492 DESCRIPTION: Node.js extend...
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.
Summary IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file...
Security Bulletin: Vulnerability in Apache HTTPD affects IBM Integrated Analytics System
Summary Apache HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1312 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the failure to properly...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System
Summary Open Source OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2958 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.37 & Versions 7.0.10.45 used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in July 2019 Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.6.0 used by Rational Functional Tester RFT version 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details Rational Functional Tester has addressed the following: If you run your own...
Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903)
Summary Fixes a vulnerability reported in the libexpat parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files as well as parsing soap requests. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a...
Security Bulletin: A Security Vulnerability Has Been Identified In WebSphere Application Server shipped with IBM Tivoli Access Manager for e-business (CVE-2019-10086)
Summary WebSphere Application Server is shipped with IBM Tivoli Access Manager for e-business. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the...
Security Bulletin: API Connect is impacted by a vulnerability in PHP (CVE-2019-11043)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11043 DESCRIPTION: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocat...
Security Bulletin: Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local
Summary Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-9936 DESCRIPTION: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an...
Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)
Summary OpenSSH vulnerabilities affect IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11...
Security Bulletin: Vulnerability CVE-2017-7494 in Samba affects IBM i
Summary Samba is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7494 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper access to named pipe endpoints. By uploading a...