35608 matches found
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthorized attacker causing integrity impact (CVE-2021-2163)
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to unauthorized attacker causing integrity impact as described in the vulnerability details section. IBM i has addressed the vulnerabilities with a fix as described in the remediation/fixes...
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow a remote attacker to execute...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Redis is used by IBM Robotic Processing Automation for Cloud Pak as part of in memory database processing. Vulnerability Details CVEID:CVE-2021-41099 DESCRIPTION: Redis is vulnerable to an heap-based buffer overflow, caused by improper bounds checking in the underlying string library. By...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Java is used by IBM Robotic Process Automation for Cloud Pak as part of several container services that run Java applications. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated...
Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]
Summary IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation due to Java (CVE-2022-21541, CVE-2022-21540)
Summary Java is used by IBM Robotic Process Automation as part of the RPA infrastructure to run UMS and license management services CVE-2022-21541, CVE-2022-21540. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could all...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM App Connect Enterprise and IBM Integration Bus
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 includes Oracle April 2022 CPU. The fix includes IBM Jav...
Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU
Abstract Multiple security vulnerabilites exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server. Content The IBM WebSphere Application Server is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released April 2013 critical patch updates CP...
Security Bulletin: IBM QRadar SIEM and QRadar Risk Manager can be affected by three vulnerabilities in the IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)
Abstract CVE-2013-0440 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE. CVE- 2013-0443 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect confidentiality and integrity...
Security Bulletin: Potential Security exposure in IBM HTTP Server CVE-2013-1896 PM89996
Abstract Potential Security exposure in IBM HTTP Server for WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-1896 DESCRIPTION: IBM HTTP Server may be vulnerable to a denial of service, caused by a malicious request when using the optional moddav module. CVSS: CVSS Base...
Security Bulletin: IBM WebSphere Business Services Fabric – Information regarding a security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)
Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in IBM WebSphere Business Services Fabric. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities that...
Security Bulletin: IBM WebSphere Lombardi Edition – Information regarding security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)
Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in IBM WebSphere Lombardi Edition. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities that have...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo fo...
Security Bulletin: Vulnerabilities in IBM Db2, Golang Go, and Logback may affect the IBM Spectrum Protect Server (CVE-2022-30631, CVE-2022-30633, CVE-2022-1705, CVE-2022-22389, CVE-2022-22390, CVE-2021-42550, CVE-2022-30629)
Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2, Golang Go, and Logback such as denial of service, HTTP request smuggling, obtaining sensitive information, and execution of arbitrary code. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang Go is...
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-45346)
Summary A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Systems Director (CVE-2014-3509, CVE-2014-3511)
Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Systems Director. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details Abstract There are multiple vulnerabilities in OpenSSL that is used by IBM Systems Director. These issues were...
Security Bulletin: Multiple vulnerabilities in zlib affects IBM Common Inventory Technology (CIT)
Summary zlib compression library is vulnerable to a denial of service attack. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to...
Security Bulletin: Vulnerability in Diffie-Helman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4000)
Summary The LogJam Attack on Diffie-Hellman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis. Vulnerability Details CVEID : CVE-2015-4000 DESCRIPTION : The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure t...
Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.6
Summary IBM® Security SOAR includes an older version of IBM JDK that may be identified and exploited. An update has been released which addresses these issues. The version of IBM JDK included in the latest version of SOAR App Host and IBM Security Soar is 8.0.7.10. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )
Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-46143 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: Vulnerability in Json-schema library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-3918)
Summary Json-schema is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component CVE-2021-3918. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modificatio...
Security Bulletin: IBM Spectrum Symphony is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Spectrum Symphony is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boo...
Security Bulletin: IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities ( CVE-2021-44832)
Summary Apache Log4j is used by as part of its logging infrastructure by IBM Analytic Accelerator Framework for Communication Service Providers AAF and IBM Customer and Network Analytics for Communications Service Providers and Datasets CNA. These products are vulnerable to CVE-2021-44832. The fi...
Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary cod...
Security Bulletin: Vulnerabilities in Golang Go, OpenSSL, Python, and XStream affect IBM Spectrum Copy Data Management
Summary Vulnerabilities in Golang Go, OpenSSL, Python, and XStream, such as bypassing security restrictions and denial of service, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2022 - Includes Oracle January 2022 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...
Security Bulletin: IBM® PureData System for Operational Analytics is vulnerable to arbitrary code execution, remote code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
Summary IBM PureData System for Operational Analytics appliance contains a hardware component called Hardware Management Console HMC, MTM: 9042-CR8. This component contains log4j 2.1 at a level lower than 2.17.1 and is vulnerable to arbitrary code execution, remote code execution and denial of...
Security Bulletin: Crypto Hardware Initialization and Maintenance is vulnerable to arbitrary code execution due to Apache Log4j (CVE 2021-4104, CVE 2022-23302, CVE 2022-23305, CVE 2022-23307)
Summary Crypto Hardware Initialization and Maintenance CHIM as shipped with IBM Common Cryptographic Architecture CCA for MTM 4767 is affected by several vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2022-23303, CVE 2022-23305 and CVE 2022-23307. CHIM is using Apache Log4j for internal loggi...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22947)
Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID:CVE-2021-22947 DESCRIPTION: cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw when connecting to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to...
Security Bulletin: A security vulnerability in golang affects IBM Cloud Automation Manager
Summary A security vulnerability in golang affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-23772 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, ...
Security Bulletin: Mobilefirst is affected by a log4j vulnerability (CVE-2021-4104)
Summary A vulnerability in the Apache Log4j open source library has been reported in CVE-2021-4104. The version of log4j bundled within MFP 8.0 is 1.x and hence impacted by vulnerability CVE-2021-4104. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities
Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...
Security Bulletin: Vulnerability in Node.js-CVE-2021-23362, CVE-2021-22921, CVE-2021-22918, CVE-2021-27290 may affect IBM Watson Assistant for IBM Cloud Pak for Data.
Summary Potential vulnerabilities in Node.js CVE-2021-23362, CVE-2021-22921, CVE-2021-22918, CVE-2021-27290 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION:...
Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server -...
Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware
Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for VMware. IBM Spectrum Protect Snapshot for VMware has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL...
Security Bulletin: IBM Cloud Pak for Automationis vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 have been reported for the log4j-core-2.x library, which is packaged in several components of IBM Cloud Pak for Automation. This fix upgrades all copies of log4j-core-2.x to 2.17.0. Vulnerability Details CVEID:...
Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components
Summary Cloud Pak for Automation has released cummulative security fixes addressing vulnerabilities in several of its components. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrar...
Security Bulletin: A vulnerability in Apache log4j (CVE-2021-45105) affects IBM Operations Analytics Predictive Insights
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. Apache Log4j versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups which allows a Denial...
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-45105, CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift due to its use of the Strimzi operator. The below fix package includes Apache...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-45105) affects IBM Workload Scheduler 9.5
Summary Apache Log4j 2.16, that is affected by CVE-2021-45105, is installed with IBM Workload Scheduler 9.5.0.5 in jdbc driver for informix/Onedb rdbms. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fro...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to log4j (CVE-2021-44228)
Summary A vulnerability has been identified in Apache Log4j. Automation Assets in IBM Cloud Pak for integration utilizes Log4j CVE-2021-44228. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server
Summary Security Vulnerabilities in WebSphere Liberty affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim t...
Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Versions 7.0, 7.1, and 8.0 used by CICS Transaction Gateway for Multiplatforms CICS TG. CICS TG has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered wi...
Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-8610 and CVE-2017-3731 )
Summary OpenSSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By...
Security Bulletin: Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600)
Summary Opensh is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-5600 DESCRIPTION: OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication...
Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities
Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm main process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to...
Security Bulletin: Potential vulnerability with Node.js lodash module
Summary A potential vulnerability has been identified related to Node.js lodash module. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servic...
Security Bulletin: Vulnerability in SSLv3 affects IBM InfoSphere Optim Performance Manager (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM InfoSphere Optim Performance Manager OPM. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: IBM InfoSphere Optim Performance Manager...
Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect IBM InfoSphere Optim Masking On Demand
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Optim Masking on Demand. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with th...