35608 matches found
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google protobuf-java CVE-2022-3171, CVE-2022-3509 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM TS2900 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)
Abstract Download an update to the TS2900 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. Content DESCRIPTION: OpenSSL versions prior to 1.0.0 do not follow best security practices and need to be...
Security Bulletin: Multiple cross-site scripting vulnerabilities in JQuery affect IBM InfoSphere Information Server
Summary Multiple cross-site scripting vulnerabilities in JQuery used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Security Bulletin: IBM QRadar Network Packet Capture is using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The product has addressed these issues. Vulnerability Details CVEID: CVE-2021-42574 DESCRIPTION: Unicode could allow a remote attacker to execute arbitrary code ...
Security Bulletin: Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix Dynamic Server in Cloud Pak for Data
Summary This Security Alert addresses CVE-2021-44228, a vulnerability in Apache Log4j. Versions Affected: All Apache Log4j2 =2.14.1 on IBM Informix Dynamic Server in Cloud Pak for Data. Fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products
Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...
Security Bulletin: Apache Log4j vulnerability (CVE-2021-45046) affects IBM Sterling Partner Engagement Manager
Summary Apache Log4j is used by IBM Sterling Partner Engagement Manager for generating logs in all components and tools. This bulletin provides remediation for the reported vulnerability by upgrading Log4j jars to 2.16.0 in IBM Sterling Partner Engagement Manager. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM Storwize V7000 Unified (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296)
Summary A fix is available for IBM Storwize V7000 Unified, for the security vulnerabilities in Network Time Protocol NTP being used. Vulnerability Details Network Time Protocol NTP is used in IBM Storwize V7000 Unified for synchronizing time. CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protoco...
Security Bulletin: IBM WebSphere MQ is affected by a vulnerability in GSKit (CVE-2014-0076)
Summary A vulnerability in GSKit, which is included in IBM WebSphere MQ, can potentially allow key information about certain kinds of binary type Elliptic Curves used in Digital signatures during signing operations. Vulnerability Details CVE-ID:CVE-2014-0076 DESCRIPTION : An attacker running a...
Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability (CVE-2023-38408)
Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially crafted requests,...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary IBM Cognos Analytics is affected and considered vulnerable, based on current information, to vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to IBM Java (CVE-2022-40609)
Summary IBM Sterling Connect:Direct Web Services uses IBM® Runtime Environment Java™ Versions which has a remote code execution vulnerability. IBM Sterling Connect:Direct Web Services has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technolog...
Security Bulletin: CVE-2023-30441 affects IBM® SDK, Java™ Technology Edition
Summary CVE-2023-30441 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information usi...
Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU February 2013.
Abstract The IBM WebSphere Partner Gateway is shipped with an IBM Java SDK that is based on the Oracle SDK. The February 2013 Oracle Critical Patch Updates CPU contained various security vulnerability fixes for the Oracle JDKs. The IBM Java SDK that WebSphere Partner Gateway ship is similarly...
Security Bulletin: DS8000 Hardware Management Console is vulnerable to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary DS8000 Hardware Management Console which consumes Log4j, is subject to CVE-2021-45105 which could cause a denial of service and CVE-2021-45046 which could cause the leak of sensitive information and remote code execution in some environments and local code execution in all environments. I...
IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2020-9488 Exploit
Abstract IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305,CVE-2022-23302 and CVE-2020-9488 Exploit. Security Bulletin Content Summary IBM Sterling B2B Integrator and Sterling Filegateway Products ar...
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0. An attacker who can control log messages or log message parameters can execute arbitrary code leading to Remote Code Execution RCE attacks. IBM App Connect for Manufacturing 2.0 has addressed the vulnerability...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2022-36227 DESCRIPTION: libarchive s vulnerable to a denial of service, caused by a NULL pointer dereference flaw due to not check for an error after calling calloc function...
Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-4741) and denial of service (CVE-2024-5535, CVE-2024-4603) due to OpenSSL
Summary Vulnerabilities in OpenSSL could allow a remote attacker to execute arbitrary code CVE-2024-4741 or cause a denial of service CVE-2024-5535, CVE-2024-4603. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL...
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, and Base Module affected by multiple vulnerabilities (CVE-2023-28322, CVE-2023-28320, CVE-2023-28319, CVE-2023-28321)
Summary Vulnerabilities contained within libcurl a 3rd party component were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, and Base Modules. Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass securit...
Security Bulletin: Apache Commons Codec is vulnerable to PRISMA-2021-0055 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Codec which is vulnerable to PRISMA-2021-0055. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validati...
Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1656)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in Sep 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION:...
Security Bulletin: Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities
Summary Cloudera Data Platform Private Cloud Base with IBM products are affected by multiple Apache Log4j 1.x, 2.x vulnerabilities. Log messages are vulnerable to arbitrary code execution CVE-2022-23302, CVE-2021-44832, denial of service CVE-2021-45105, default file permissions CVE-2022-21704,...
Security Bulletin: Rational Test Automation Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary Apache Log4j vulnerability associated with the Rational Performance Tester Apache JMeter™ Test Extension impacts Rational Test Automation Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44228 , CVE-2021-45046)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44228...
Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library used by WebSphere Application Server. This affects the WebSphere Application Server Admin Console and the UDDI Registry Application. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module (CVE-2022-29247, CVE-2022-36077)
Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module CVE-2022-29247, CVE-2022-36077. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fixpack includes electron v21.2.0 Vulnerability Details CVEID:CVE-2022-36077...
Security Bulletin: AIX is vulnerable to denial of service due to zlib and zlibNX (CVE-2018-25032)
Summary A vulnerability in zlib and zlibNX could allow a remote attacker to cause a denial of service CVE-2018-25032. AIX uses zlib and zlibNX as part of its data compression functions. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...
Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Conductor
Summary Log4j is used by IBM Spectrum Conductor for generating logs in some of its components. This bulletin provides patches for the Log4Shell vulnaribility CVE-2021-44228 to IBM Spectrum Conductor. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attack...
Security Bulletins - Cognos Analytics and Cognos Business Intelligence
Problem Cognos Analytics and Cognos Business Intelligence Security Bulletins and Alerts. Resolving The Problem Tab navigation CA 11.0.x BI 10.2.2 BI 10.2.1 BI 10.2 Security bulletins and Alerts for Cognos Analytics 11.0.x. --- Published / Updated | Title January 2018 | Cognos Analytics is affecte...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2016-8743)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...
Security Bulletin: There is a vulnerability in Apache Commons BCEL used by IBM Maximo Asset Management (CVE-2022-42920)
Summary There is a vulnerability in Apache Commons BCEL used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By sending a...
Security Bulletin: Dom4j Vulnerability affects IBM SPSS Statistics (CVE-2018-1000632)
Summary There is a vulnerability in the version of Dom4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by...
Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., third party libraries that may be identified and exploited with automated tools. IBM QRadar WinCollect for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-1434 DESCRIPTION: OpenSSL is vulnerable to a...
Security Bulletin: Vulnerabilities in the AIX kernel (CVE-2021-38994, CVE-2021-38995)
Summary There are multiple vulnerabilities in the AIX kernel. Vulnerability Details CVEID: CVE-2021-38995 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...
Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2022-23307, CVE-2022-23302) and SQL injection due to Apache Log4j (CVE-2022-23305)
Summary IBM App Connect Enterprise & IBM Integration Bus are vulnerable to arbitrary code execution due to Apache Log4j CVE-2022-23307, CVE-2022-23302 and SQL injection due to Apache Log4j CVE-2022-23305. This affects the logging infrastructure in IBM App Connect Enterprise and IBM Integration Bu...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)
Summary IBM Security Access Manager for Enterprise Single Sign-On includes IBM WebSphere Application Server. IBM WebSphere Application Server in turn uses IBM HTTP Server. Information about vulnerabilities in IBM HTTP Server affecting IBM WebSphere Application Server has been published in a...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.73. This bulletin includes remediation for the Apache Log4j CVE-2021-44832 vulnerability. IBM Planning Analytics Workspace 2.0 has upgraded Apache Log4j to v2.17.1...
Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Workload Scheduler (CVE-2021-4104, CVE-2021-45046)
Summary This bulletin provides information for addressing the Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046 in IBM Workload Scheduler by remediating the vulnerabilities in IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty. Vulnerability Details Refer t...
Security Bulletin: Vulnerability in IBM Rational ClearCase (GSKit component) with potential for TLS Attack (CVE-2013-0169)
Summary The IBM GSKit component used in Rational ClearCase is susceptible to a Transport Layer Security protocol used in HTTPS vulnerability known as "Lucky Thirteen." The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzi...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obta...
Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu...
Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Jazz Reporting Service
Summary There are multiple vulnerabilities in Apache Xerces2 Java XML Parser is used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2012-0881, CVE-2013-4002, CVE-2022-23437 Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial...
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to HTTP header injection and affected by denial of services due to multiple vulnerabilities.
Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an HTTP header injection caused by improper validation, and affected by a denial of service in GraphQL Java, a denial of service in CyberNeko HTML, and a denial of service in protobuf-java as described in the vulnerabilit...
Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities
Summary IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pa...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44832)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the vulnerability CVE-2021-44832. Vulnerability Details...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Intrusion Prevention System (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Netwoik Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: glibc is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-45046. Vulnerabili...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) may affect IBM Watson Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability CVE-2021-44228 has been identified related to Apache Log4j that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer t...