35665 matches found
Security Bulletin: A GNU C Library vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
Summary A GNU C Library vulnerability, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-10029 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by ...
Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant
Summary Versions of IBP images javaenv and dind before 2.5.1 release on 12082020 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID:...
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2020-14385 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by ...
Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java S...
Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the...
Security Bulletin: IBM Cloud Private is vulnerable to multiple node.js vulnerabilities (CVE-2020-11080, CVE-2020-10531, CVE-2020-8172, CVE-2020-8174)
Summary IBM Cloud Private is vulnerable to multiple node.js vulnerabilities Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32 settings by default. By sending overly large...
Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on 5 June 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and...
Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...
Security Bulletin: Spice-server vulnerabilities affect IBM SmartCloud Entry (CVE-2016-0749 CVE-2016-2150 )
Summary SmartCloud Entry is vulerable to Spice-server vulnerabilities. Attackers could exploit them to cause improper bounds checking by smartcard interaction or bypass security restrictions Vulnerability Details CVEID: CVE-2016-0749 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer...
Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)
Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...
Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by multiple vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 53. Vulnerability Details CVEID: CVE-2018-16492 DESCRIPTION: Node.js extend...
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.
Summary IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file...
Security Bulletin: Vulnerability in Apache HTTPD affects IBM Integrated Analytics System
Summary Apache HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1312 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the failure to properly...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2958 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.37 & Versions 7.0.10.45 used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in July 2019 Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.6.0 used by Rational Functional Tester RFT version 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details Rational Functional Tester has addressed the following: If you run your own...
Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903)
Summary Fixes a vulnerability reported in the libexpat parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files as well as parsing soap requests. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a...
Security Bulletin: A Security Vulnerability Has Been Identified In WebSphere Application Server shipped with IBM Tivoli Access Manager for e-business (CVE-2019-10086)
Summary WebSphere Application Server is shipped with IBM Tivoli Access Manager for e-business. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the...
Security Bulletin: API Connect is impacted by a vulnerability in PHP (CVE-2019-11043)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11043 DESCRIPTION: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocat...
Security Bulletin: Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local
Summary Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-9936 DESCRIPTION: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an...
Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)
Summary OpenSSH vulnerabilities affect IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11...
Security Bulletin: Vulnerability CVE-2017-7494 in Samba affects IBM i
Summary Samba is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7494 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper access to named pipe endpoints. By uploading a...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i
Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tlsdecryptticket function ...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Service Tester
Summary Eclipse Jetty contains vulnerabilities that may allow a remote attacker to obtain sensitive information, cause execution of scripts without their knowledge and experience denial of service attacks. Vulnerability Details CVEID: CVE-2019-10241 DESCRIPTION: Eclipse Jetty is vulnerable to...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2019-10086)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Cast Iron
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron. WebSphere Cast Iron has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability Vulnerability Details...
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
Summary Open Source Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPUs could allow a local attacker to obtain sensitive information, caused by utilizing sequences ...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM Netezza Host Management (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Netezza Host Management. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but...
Security Bulletin: Vulnerabilities in Bash affect IBM Netezza Host Management (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM Netezza Host Management. Vulnerability Details CVE-ID: CVE-2014-62...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Netezza Platform Software
Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Netezza Platform Software for CVEs CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512. These issues were disclosed on August 6, 2014 by the OpenSSL Project...
Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
Summary IBM QRadar Network Security is affected by Linux kernel vulnerabilities Vulnerability Details CVEID: CVE-2018-14646 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the netlinknscapable function in the net/netlink/afnetlink.c. By...
Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities
Summary IBM MessageSight has addressed the following Java vulnerabilities: CVE-2019-2698: An attacker can use a maliciously crafted font to exploit a flaw in the JDK's font parsing code CVE-2019-2697: An attacker can use a maliciously crafted font to exploit a flaw in the JDK's font parsing code...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.30 used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerabili...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to...
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0732)
Summary IBM RackSwitch firmware products listed below have addressed the following vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging
Summary Security Vulnerabilities affect IBM Cloud Private Logging Vulnerability Details CVEID: CVE-2018-10904 DESCRIPTION: glusterfs could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper validation of file paths in the trusted.io-stats-dump extend...
Security Bulletin: IBM Security Directory Server is affected by multiple vulnerabilities in GSKit
Summary IBM Security Directory Server has addressed the following vulnerabilities caused by issues in GSKit. Vulnerability Details CVEID: CVE-2018-1427 DESCRIPTION: IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. CVSS Base Score...
Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034)
Summary IBM WebSphere Cast Iron Solution has addressed the following vulnerabilities reported in Apache Tomcat v7. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the...
Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows
Summary IntelR Manycore Platform Software Stack IntelR MPSS for Linux and Windows have addressed the following vulnerabilities in cURL/libcurl. Vulnerability Details Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in...
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in NTP. Vulnerability Details Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in NTP. Vulnerability Details CVE-ID: CVE-2015-7973 Description: NTP...
Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities
Summary IBM MQ Appliance has addressed the following glibc vulnerabilities. Vulnerability Details CVEID: CVE-2017-15804 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted fil...
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037)
Summary Publicly disclosed vulnerabilities in Apache Tomcat. Vulnerability Details CVEID: CVE-2018-8034 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a missing host name verification when using TLS with the WebSocket client. An attacker could...
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2018-16840)
Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2018-16840 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a hea...
Security Bulletin: IBM Tivoli Common Reporting (TCR) 2018Q2 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities
Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM®...
Security Bulletin: OpenSSH vulnerability affects IBM Spectrum Protect Plus (CVE-2017-15906)
Summary OpenSSH is vulnerable to a denial of service vulnerability which affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only mode. A remote...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018. Vulnerability Details CVEID: CVE-2018-2579 DESCRIPTION: An unspecified vulnerability in Oracle Jav...