35608 matches found
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-24921).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go, caused by improper input validation, which may be exploited to cause a goroutine stack exhaustion CVE-2022-24921. Golang Go is included in some of the operators used in IBM...
Security Bulletin: OpenSSL Vulnerability Affects Watson Speech Services
Summary A Redhat OpenSSL Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to Node.js (CVE-2022-43548 & CVE-2022-35256)
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to Node.js CVE-2022-43548 & CVE-2022-35256. The fix includes Node.js 14.21.1 Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code o...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)
Summary IBM Sterling Connect:Direct Web Services has addressed a denial of service vulnerability due to FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...
Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)
Summary Multiple security vulnerabilities have been reported for Jackson JSON library that is used by IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused ...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603 with details below. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular...
Security Bulletin: Vulnerabilities in Log4j affects IBM Cloud Application Business Insights CVE-2021-44228
Summary Vulnerabilities in Log4j CVE-2021-44228 affects IBM Cloud Application Business Insights Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled...
Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By usi...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.25 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in April 2019. Vulnerability...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to loss of confidentiality due to CVE-2022-28615
Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to loss of confidentiality. This bulletin provides patch information...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to loss of confidentiality due to CVE-2022-32148
Summary The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands utilise Golang Go. The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to loss of confidentiality. This bulletin provides patch information t...
Security Bulletin: AIX is affected by arbitrary code execution [CVE-2022-40674] and denial of service [CVE-2020-10735] due to Python
Summary Vulnerabilities in Python could allow an attacker to execute arbitrary code CVE-2022-40674 or cause a denial of service CVE-2020-10735. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2022-40674 DESCRIPTION: libexpat could allow a remot...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.5. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker cou...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Open SSL is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-0778 Expat aka libexpat is used by IBM Robotic Process Automation for Cloud Pak as dependen...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty
Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages containerd, gnupg2, runc and IBM WebSphere Application Server Liberty that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-23648 DESCRIPTION...
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow a remote attacker to execute...
Security Bulletin: Multiple denial of service vulnerabilities in Apache Xerces affect IBM InfoSphere Information Server
Summary Multiple denial of service vulnerabilities in Apache Xerces used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. ...
Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud
Summary Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud July 2021 CPU. Vulnerability Details CVEID:CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system...
Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824)
Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerability. The vulnerability is caused by Node.js which could provide weaker than expected security, caused by an error related to the formatting logic of the console.table function...
Security Bulletin: JQuery UI shipped with IBM Tivoli Netcool Impact is vulnerable to XSS (CVE-2022-31160)
Summary JQuery UI is used by IBM Tivoli Netcool Impact as part of its UI framework. Information about a security vulnerability affecting JQuery UI has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting,...
Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Multiple Vulnerabilities found in Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a...
Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)
Abstract Earlier versions of the Transport Layer Security TLS protocol are affected by a publicly disclosed vulnerability that could allow information disclosure if an attacker is carrying out a man-in-the-middle attack. Customers can avoid the vulnerability by following workarounds recommended b...
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE
Abstract This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is...
Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)
Summary As per the BlackDuck Scan, there is one package qs QueryString which is vulnerable in the Service Portal. The qs QueryString package is coming from multer modules installed as npm package. Vulnerability Details CVEID:CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service,...
Security Bulletin: A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-25032)
Summary A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions Web Response Time agent. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.7
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Vulnerability Details CVEID: CVE-2015-1932 DESCRIPTION: IBM WebSphere Application Serv...
Security Bulletin: Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE)
Summary Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...
Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.
Summary Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrary code on the system...
Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester
Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2022-22473)
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.2.0. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987)
Summary This security vulnerability affects the Node.js got module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities due to its use of IBM JAVA (CVE-2021-35560, CVE-2021-35578, CVE-2021-35565, CVE-2021-35603)
Summary IBM Java is the runtime environment used by several components in IBM Cloud Pak for Multicloud Management Monitoring and contains several security vulnerabilities. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in...
Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2020-14577)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.6.5 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: A...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2022 Critical Patch Update, except for CVE-2022-21426 which will be described in a future bulletin. For more information please refer to Oracle's April 2022 CPU Advisory and the X-Force database...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078
Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for JavaScript templating. All IBM App Connect Enterprise Certified Container DesignerAuthoring operands, and IntegrationServer operands that run Designer flows may be vulnerable to code injection. This bulletin...
Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)
Summary A vulnerability in IBM JAVA JDK could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2022-21291...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal due to CVE-2022-24785
Summary Node.js module moment is used by IBM App Connect Enterprise Certified Container for processing dates and times. IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal. This bulletin provides patch information to address the reported vulnerability...
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2020-25717)
Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow remote authenticated attacker to gain elevated privileges . Vulnerability Details CVEID: CVE-2020-25717 DESCRIPTION: Samba could allow a remote authenticated attacker to gain elevated privileges o...
Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL
Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...
Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076)
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)
Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22898 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEWENV variables. By sending a specially-crafted...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System.
Summary OpenSSL used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2021-3712. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read wh...
Security Bulletin: Open Source OpenSSL, GNUTls, RHEL CVE-2016-8610 'SSL-Death-Alert' affects IBM Cisco switches and directors.
Summary Open Source OpenSSL is used by IBM Cisco switches and directors. IBM Cisco switches and directors has addressed the CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when...
Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)
Summary Node.js is vulnerable to a denial of service or could allow a remote attacker to bypass security restrictions. These vulnerabilities may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security...
Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35550).
Summary IBM License Metric Tool is vulnerable to attacks related to Java TLS vulnerability. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...
Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)
Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...
Security Bulletin: Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104)
Summary There is a vulnerability in the Apache log4j library shipped with WebSphere Service Registry and Repository. This vulnerability also affects IBM WebSphere Application Server which is shipped with WebSphere Service Registry and Repository. For both products this vulnerability has been...
Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-4104, CVE-2021-29469, CVE-2021-44531, CVE-2021-44531, CVE-2022-21824, CVE-2021-29899, CVE-2021-27290 )
Summary There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises. All issues listed below are fixed in RQA release 3.1.3 Vulnerability Details CVEID: CVE-2021-29899 DESCRIPTION: IBM Engineering Requirements Quality Assistant could allow an...