35608 matches found
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.9.0 ESR + CVE-2020-12410) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-12410 Vulnerability Details CVEID: CVE-2020-12410 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By...
Security Bulletin: BEAST security vulnerability in IBM Tivoli Netcool Performance Manager for Wireline( CVE-2011-3389)
Summary Browser Exploit Against SSL/TLS a.k.a. BEAST vulnerability is observed. In TLS 1.0 and earlier, it is possible to predict the Initialization Vector IV of the block cipher encryption. This allows a man-in-the-middle attacker to guess the plaintext being encrypted. The affected products are...
Security Bulletin: A vulnerability in jQuery affects IBM WIoTP MessageGateway (CVE-2020-7656)
Summary There is a vulnerability in jQuery that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this...
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Sterling Connect:Express for UNIX (CVE-2015-4000, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Sterling Connect:Express for UNIX. Sterling Connect:Express for UNIX has...
Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal
Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306...
Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance
Summary Multiple vulnerabilities have been idintified in openssl, gnutl, mysql, kernel, glibc and ntp shipped with SmartCloud Entry Appliance. SmartCloud Entry Appliance has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable t...
Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry
Summary Multiple vulnerabilities have been identified in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util. coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util shipped with IBM SmartCloud Entry Appliance. IBM SmartCloud Entry Appliance has addressed the vulnerabilities...
Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry
Summary SmartCloud Entry is vulerable to libxml2 vulnerabilities. An attacker could exploit these vulnerabilities to obtain sensitive information, execute arbitrary codes, or cause a denial of service, segmentation faults or crahes CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler
Summary OpenSSL vulnerabilities CVE-2019-1559 and CVE-2018-5407 were disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs Vulnerability Details CVE-ID: CVE-2018-5407 Description: Multiple SMT/Hyper-Threading architecture...
Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000)
Summary A port used by VADP is reported to be vulnerable to Logjam CVE-2015-4000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2019-2989...
Security Bulletin: Security vulnerability with Eclipse Git Team Provider affects Rational Application Developer (CVE-2014-9390)
Summary This vulnerability affects users on Windows and Mac OS X but not typical UNIX users. Even though the issue may not affect Linux users, if you are a hosting service whose users may fetch from your service to Windows or Mac OS X machines, you are strongly encouraged to update to protect suc...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability Details CVEID: CVE-2019-2766 DESCRIPTION: An unspecified vulnerability in Oracle Ja...
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2019-6977) (CVE-2019-6978)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in PHP Vulnerability Details CVEID: CVE-2019-6978 DESCRIPTION: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2018-2579 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an...
Security Bulletin: Multiple vulnerabilities in Xstream affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in XStream was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2013-7285 DESCRIPTION: XStream could allow a remote attacker to execute arbitrary code on the system, caused by an error in the XMLGenerator API. An attacker could...
Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerability (CVE-2018-20843)
Summary IBM HTTP Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Multiple...
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
Summary Open Source Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPUs could allow a local attacker to obtain sensitive information, caused by utilizing sequences ...
Security Bulletin: IBM Cloud Private for Data is affected by an issue with runc used by Docker
Summary IBM Cloud Private for Data is affected by an issue with runc used by Docker. The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host. Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: Runc could allow a loc...
Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics
Summary Security vulnerabilities that affect ICU, that is embedded in IBM Cognos Analytics, have been addressed. Cognos Analytics consumes Bootstrap and Jcraft Jsch. The versions of these components have been upgraded to addressed known vulnerabilities. A vulnerability has been addressed in which...
Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities
Summary IBM Security Privileged Identity Manager has addressed the following security vulnerabilities. Vulnerability Details CVEID: CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuerystrInput function. A remot...
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to a denial of service (CVE-2019-10072)
Summary Open source Apache Tomcat vulnerable to a publicly disclosed vulnerability Vulnerability Details CVEID: CVE-2019-10072 Description: Apache Tomcat is vulnerable to a denial of service, caused by HTTP/2 connection window exhaustion on write. By failing to send WINDOWUPDATE messages, a remot...
Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities
Summary IBM MessageSight has addressed the following Java vulnerabilities: CVE-2018-12549: Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system. CVE-2018-12547: Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jiosnprintf...
Security Bulletin: Apache HTTP Server vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager ( CVE-2018-17199).
Summary Apache HTTP Server vulnerability has been identified in WebSphere Application Server. WebSphere Application Server is shipped with Tivoli Netcool Performance Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulleti...
Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2018-10237)
Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Potenti...
Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows
Summary IntelR Manycore Platform Software Stack IntelR MPSS for Linux and Windows have addressed the following vulnerabilities in cURL/libcurl. Vulnerability Details Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in...
Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch products
Summary IBM Flex System Networking Switch products have addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM Flex System Networking Switch products have addressed the following vulnerabilities in libxml2. Vulnerability Details: CVE-ID: CVE-2016-3627 Description:...
Security Bulletin: Vulnerabilities in OpenSSL affect Juniper EX Series Network Switches sold by IBM for use in IBM Products (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by Juniper EX Series Network Switches sold by IBM for use in IBM Products. Juniper has...
Security Bulletin: Vulnerability in Open SSL affects IBM System Networking products
Summary Open SSL used in the System Networking Products is impacted by the CVEs as outlined in the details below. Vulnerability Details Abstract Open SSL used in the System Networking Products is impacted by the CVEs as outlined in the details below. Content Vulnerability Details: CVE-ID:...
Security Bulletin: Vulnerabilities in Bash affect IBM Flex System FC5022 16Gb Fibre Channel SAN Switch (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Vulnerability Details Abstract Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities. Bash is used by IBM Flex System FC5022 16Gb Fibre Channel SAN...
Security Bulletin: OpenSSL vunerability
Summary IBM MessageSight has addressed the following vulnerability. OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm ...
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private Cloud Foundry (CVE-2018-3646, CVE-2018-3615, CVE-2018-3620)
Summary IBM Cloud Private Cloud Foundry is vulnerable to multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction executio...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Monitoring. IBM Monitoring has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsin...
Security Bulletin: A Vulnerability in Apache Santuario affects IBM Cúram (CVE-2013-2172)
Summary IBM Cúram is shipped with a third party library called Santuario, which is vulnerable to a Java spoofing attack. Vulnerability Details CVEID: CVE-2013-2172 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to conduct spoofing attacks, caused by the failure ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL...
Security Bulletin: A vulnerability in Python affects PowerKVM
Summary PowerKVM is affected by a vulnerability in Python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the...
Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2018-2973)
Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-2973 DESCRIPTION: An unspecifie...
Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0739)
Summary A security vulnerability has been identified in OpenSSL that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-2783 and CVE-2018-2814)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Developer for z Systems. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details | Subscribe to My Notifications to be notified of important product...
Security Bulletin: Vulnerabilities in IBM Tivoli System Automation for Integrated Operations Management (Several CVE's)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by IBM Tivoli System Automation for Integrated Operations Management. These issues were disclosed as part of the IBM Java SDK updates in July 2014. CVE-2014-3086, CVE-2014-4227, CVE-2014-4262,...
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities
Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release ...
Security Bulletin: Vulnerabilities in ClearCase OpenSSL Component (CVE-2013-4353, CVE-2013-6450, CVE-2013-6449)
Summary The OpenSSL component shipped as a part of IBM Rational ClearCase has issued a security advisory. This component is used in making SSL connections in the base CC/CQ integration and in making SSL connections via user Perl modules. On the UNIX/Linux platforms, OpenSSL can also be used by th...
Security Bulletin: Multiple security vulnerabilities have been identified in GSKit shipped with IBM Rational ClearCase
Summary Vulnerabilities have been addressed in the GSKit component of IBM Rational ClearCase. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel...
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Rational ClearCase (CVE-2016-3426)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Versions 6, 7, and 8, which are used by IBM Rational ClearCase. This issue was disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3426 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in October 2016. The IBM Development Package for Apache Spark has addressed t...
Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle January 2014 Critical Patch Update Vulnerability Details CVE IDs: CVE-2014-0428 CVE-2014-0422 CVE-2013-5907 CVE-2014-0415 CVE-2014-0410 CVE-2013-5889 CVE-2014-0417 CVE-2014-0387 CVE-2014-0424 CVE-2013-5878 CVE-2014-0373 CVE-2014-0375 CVE-2014-0403...
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in October 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-10345...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in July 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-10198 DESCRIPTIO...