35598 matches found
Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server and used by IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the...
Security Bulletin: Due to use of Apache Log4j, IBM Content Navigator is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary Apache Log4j is used by IBM Content Navigator as part of its third party logging infrastructure. The fix removes Apache Log4j. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled...
Security Bulletin: IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server operands that use the JDBC connector may be vulnerable to remote code execution due to CVE-2021-44228
Summary Log4J is used by IBM App Connect Enterprise Certified Container for logging when generating a bar file that contains a JDBC connector and when running a flow that contains a JDBC connector. IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server...
Security Bulletin: Vulnerabilitiy affects IBM Observability with Instana
Summary Vulnerabilities detected in Node.js versions before v14.17.5 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a...
Security Bulletin: IBM Security Guardium is affected by Sweet32: Birthday attacks on 64-bit block ciphers in TLS (CVE-2016-2183)
Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block cipher, used as a part of the SSL/TLS protocol. This vulnerability is known as the SWEET32 Birthday attack. IBM Security Guardium has fixed this vulnerability...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MQ Appliance
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Details CVEID:...
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of Apache Tomcat libraries CVE-2005-3164, CVE-2005-4836, CVE-2005-4838, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128, CVE-2007-5333, CVE-2008-1232, CVE-2008-2370, CVE-2008-4308, CVE-2009-0781,...
Security Bulletin: IBM MQ Blockchain bridge is vulnerable to multiple issues within protobuf-java-core (CVE-2022-3510, CVE-2022-3509)
Summary Multiple issues were identified within protobuf-java-core which is used by fabric gateway which is used by IBM MQ Blockchain bridge to provide Blockchain functionality to IBM MQ. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...
Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in ICU [CVE-2017-14952 and CVE-2020-10531]
Summary These vulnerabilties affect only those customers who have configured a binary transform action using a tx-map. IBM has addressed the CVEs. CVE-2017-14952 and CVE-2020-10531 Vulnerability Details CVEID:CVE-2017-14952 DESCRIPTION: International Components for Unicode ICU for C/C++ could all...
Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed multiple Spring Framework security vulnerabilites. Vulnerability Details CVEID:CVE-2013-4152 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error...
Security Bulletin: IBM UrbanCode Velocity CVE-2021-44228, Apache Log4j
Summary IBM UrbanCode Velocity is vulnerable to CVE-2021-44228, Apache Log4j in the web client. The other IBM UrbanCode Velocity services are built upon JavaScript which use Log4js and based on current knowledge and analysis, we believe are not affected. Vulnerability Details CVEID: CVE-2021-4422...
Security Bulletin: Is Blueworks Live affected by CVE-2021-44228 (Log4j Vulnerability)?
Summary Is Blueworks Live affected by CVE-2021-44228 Log4j Vulnerability? Vulnerability Details Please refer to the Flash Alert published here: Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. Off Related...
Security Bulletin: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE
Summary Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command. Vulnerability Details CVEID: CVE-2016-5725...
Security Bulletin: IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities (CVE-2015-4852, CVE-2015-6420, CVE-2017-15708)
Summary Jazz for Service Management is affected with multiple vulnerabilities CVE-2015-4852, CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID: CVE-2017-15708 DESCRIPTION: In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse...
Security Bulletin: IBM Security Access Manager Appliance has released a fix in response to the vulnerabilities known as Spectre and Meltdown
Summary IBM has released the following fixes for IBM Security Access Manager Appliance in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions Affected Product Name | Affecte...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL
Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2023-5678, CVE-2023-6129, CVE-2023-6237 or obtain sensitive information CVE-2023-5363. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2023-5363...
Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products
Summary Multiple vulnerabilities in the Linux kernel could allow an authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2020-10732 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the...
Security Bulletin: Vulnerability in Apache Log4j affects Operations Dashboard ( CVE-2021-45046)
Summary The Operations Dashboard has addressed the following CVE-2021-45046 vulnerability. Vulnerability Details CVEID:CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the...
Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178)
Summary ISC BIND on IBM i is vulnerable to a denial of service attack due to memory leaks in the DNSSEC verification code and a flaw in resolver code to degrade performance as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC BIND with a fix as describ...
Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.
Summary Transform Services for IBM i is vulnerable to denial of service, heap memory buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities in Independent JPEG Group IJG JPEG library and zlib library as described in the vulnerability details section...
Security Bulletin: Apache Log4j vulnerability affects IBM Business Automation Workflow (CVE-2021-44228)
Summary Process Federation Server PFS, shipped with IBM Business Automation Workflow BAW, is vulnerable to a vulnerability caused by log4j. The vulnerability is included in the ElasticSearch client library used by PFS. The ElasticSearch vulnerable library was also shipped in offline documentation...
Security Bulletin: Due to Apache Log4j vulnerability, Novalink could allow a remote attacker to execute arbitrary code on the system. (CVE-2021-44228)
Summary Novalink uses Apache Log4j 2 for logging system/application events for diagnostics. This bulletin provides a remediation for the vulnerability CVE-2021-44228 by updating PowerVM Novalink. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker t...
Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.11 and IBM Planning Analytics Workspace 2.0.72. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytic...
Security Bulletin: Vulnerability in WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2022-21496 and CVE-2022-21299)
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...
Security Bulletin: Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack
Summary IBM Tivoli Storage Manager FastBack is affected by multiple security vulnerabilities such as stack based buffer overflow, command injection and remote code execution. These vulnerabilities may cause the server to crash, elevate privileges, or disclose information. Vulnerability Details...
Security Bulletin: Content Manager OnDemand for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary Apache Log4j is used by Content Manager OnDemand for Multiplatforms as part of its logging infrastructure. CVE-2021-44228 This fix includes Apache Log4j V2.17.1. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code o...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server shipped with IBM Security Identity Manager due to January 2022 CPU plus deferred CVE-2021-35550 and CVE-2021-35603
Summary IBM WebSphere Application Server is shipped with IBM Security Identity Manager about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Transformation Extender Advanced is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)
Summary IBM Transformation Extender Advanced, previously known as IBM Standards Processing Engine, uses Apache Log4j as part of its logging infrastructure. An arbitrary remote code execution vulnerability has been addressed. The fix incudes Apache Log4j 2.17.1. Vulnerability Details CVEID:...
Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty
Summary Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary cod...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...
Security Bulletin: IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425)
Summary IBM HTTP Server, which is used by IBM WebSphere Application Server, is vulnerable to a denial of service due to libexpat using a specially crafted request. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a fla...
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22313 DESCRIPTION: IBM QRadar Dat...
Security Bulletin: IBM Tivoli Network Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-1757)
Summary Apache log4j V1 is used by IBM Tivoli Network Manager as part of its logging infrastructure. This fix removed Apache log4j V1CVE-2019-1757 Vulnerability Details CVEID:CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by...
Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation
Summary Multiple vulnerabilities in IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2021-26701 DESCRIPTION: Microsoft .NET Core and Visual Studio could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploi...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Control Center (CVE-2020-9488)
Summary Apache Log4j is vulnerable to a man-in-the-middle attack Vulnerability Details CVEID: CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this...
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)
Summary The following vulnerability in OpenSSL has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2012-4929 DESCRIPTION: The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome,Qt, and other products, can encrypt compressed data...
Security Bulletin: Vulnerability in Apache Commons affects IBM i (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM i. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: Code injection vulnerability affect IBM Business Automation Workflow (CVE-2022-42920)
Summary IBM Business Automation Workflow packages Apache Commons BCEL. A code injection vulnerability affecting BCEL was reported. CVE-2022-42920 Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an...
Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2022-21305, CVE-2022-21291)
Summary IBM MQ Internet Pass-Thru has addressed the following vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru. Vulnerability Details CVEID: CVE-2022-21305 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM...
Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities
Summary Vulnerabilities contained within Eclipse Jetty a 3rd party component were identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway MEG. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046)
Summary Apache Log4j has vulnerabilities that affect IBM Sterling B2B Integrator. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...
Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Global Mailbox (CVE-2021-45046)
Summary IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-45046 and is used for logging. Mitigation steps detailed below. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an...
Security Bulletin: IBM Observability by Instana and IBM Observability with Instana - Server and Agents are vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary Vulnerabilities detected in Apache Log4j affects IBM Observability by Instana and IBM Observability with Instana. The CVE numbers are: CVE-2021-45105 and CVE-2021-45046. These vulnerabilities have been addressed in both the Server and Agent components. The fix includes Apache Log4j v2.17...
Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2022-30613)
Summary IBM QRadar SIEM is vulnerable to information disclosure. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2022-30613 DESCRIPTION: IBM QRadar could disclose sensitive information via a local service to a privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...
Security Bulletin: RC4 Bar Mitzvah Attack for SSL/TLS (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...
Security Bulletin: Deserialization vulnerability affect IBM Business Automation Workflow BPM Event Emitters - CVE-2022-1471
Summary A vulnerable copy of snakeyaml is packaged with BPMEventEmitters and CaseEventEmitters in IBM Business Automation Workflow. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google protobuf-java CVE-2022-3171, CVE-2022-3509 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM TS2900 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)
Abstract Download an update to the TS2900 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. Content DESCRIPTION: OpenSSL versions prior to 1.0.0 do not follow best security practices and need to be...