35665 matches found
Security Bulletin: IBM Robotic Process Automation may be vulnerable to denial of service due to microsoft.owin.security.cookies (CVE-2022-29117)
Summary microsoft.owin.security.cookies is used by IBM Robotic Process Automation as part of Miscrosoft ASP.NET. CVE-2022-29117 Vulnerability Details CVEID:CVE-2022-29117 DESCRIPTION: Microsoft ASP.NET and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request...
Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Multiple Vulnerabilities found in Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a...
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
Abstract Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013-0587| Moderate:...
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE
Abstract This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...
Security Bulletin: A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services
Summary A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details CVEID:CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused b...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is...
Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)
Summary As per the BlackDuck Scan, there is one package qs QueryString which is vulnerable in the Service Portal. The qs QueryString package is coming from multer modules installed as npm package. Vulnerability Details CVEID:CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service,...
Security Bulletin: A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-25032)
Summary A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions Web Response Time agent. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.7
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Vulnerability Details CVEID: CVE-2015-1932 DESCRIPTION: IBM WebSphere Application Serv...
Security Bulletin: Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE)
Summary Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...
Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.
Summary Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrary code on the system...
Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester
Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2022-22473)
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.2.0. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987)
Summary This security vulnerability affects the Node.js got module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities due to its use of IBM JAVA (CVE-2021-35560, CVE-2021-35578, CVE-2021-35565, CVE-2021-35603)
Summary IBM Java is the runtime environment used by several components in IBM Cloud Pak for Multicloud Management Monitoring and contains several security vulnerabilities. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in...
Security Bulletin: Vulnerability in IBM Java SDK affects IMSâ„¢ Enterprise Suite: Explorer for Development (CVE-2020-14577)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.6.5 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: A...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2022 Critical Patch Update, except for CVE-2022-21426 which will be described in a future bulletin. For more information please refer to Oracle's April 2022 CPU Advisory and the X-Force database...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078
Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for JavaScript templating. All IBM App Connect Enterprise Certified Container DesignerAuthoring operands, and IntegrationServer operands that run Designer flows may be vulnerable to code injection. This bulletin...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-24025 DESCRIPTION: node-sass...
Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)
Summary A vulnerability in IBM JAVA JDK could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2022-21291...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal due to CVE-2022-24785
Summary Node.js module moment is used by IBM App Connect Enterprise Certified Container for processing dates and times. IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal. This bulletin provides patch information to address the reported vulnerability...
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2020-25717)
Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow remote authenticated attacker to gain elevated privileges . Vulnerability Details CVEID: CVE-2020-25717 DESCRIPTION: Samba could allow a remote authenticated attacker to gain elevated privileges o...
Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL
Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...
Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076)
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)
Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22898 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEWENV variables. By sending a specially-crafted...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System.
Summary OpenSSL used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2021-3712. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read wh...
Security Bulletin: Open Source OpenSSL, GNUTls, RHEL CVE-2016-8610 'SSL-Death-Alert' affects IBM Cisco switches and directors.
Summary Open Source OpenSSL is used by IBM Cisco switches and directors. IBM Cisco switches and directors has addressed the CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when...
Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)
Summary Node.js is vulnerable to a denial of service or could allow a remote attacker to bypass security restrictions. These vulnerabilities may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security...
Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35550).
Summary IBM License Metric Tool is vulnerable to attacks related to Java TLS vulnerability. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...
Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)
Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...
Security Bulletin: Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104)
Summary There is a vulnerability in the Apache log4j library shipped with WebSphere Service Registry and Repository. This vulnerability also affects IBM WebSphere Application Server which is shipped with WebSphere Service Registry and Repository. For both products this vulnerability has been...
Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-4104, CVE-2021-29469, CVE-2021-44531, CVE-2021-44531, CVE-2022-21824, CVE-2021-29899, CVE-2021-27290 )
Summary There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises. All issues listed below are fixed in RQA release 3.1.3 Vulnerability Details CVEID: CVE-2021-29899 DESCRIPTION: IBM Engineering Requirements Quality Assistant could allow an...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Pak for Network Automation (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Cloud Pak for Network Automation to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker t...
Security Bulletin: Vulnerabilities in OpenSSL affect Network Intrusion Prevention System (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Intrusion Prevention System. IBM Security Intrusion Prevention System has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL could...
Security Bulletin: Jackson-databind vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-14439, CVE-2019-14379)
Summary Jackson-databind is vulnerable to a remote attacker obtaining sensitive information or executing arbitrary code on the system which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-14439 Description: FasterXML jackson-databin...
Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810)
Summary There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a...
Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)
Summary Node.js denial of service vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-9511 Description: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...
Security Bulletin: Cloud Pak for Security vulnerable to information exposure (CVE-2021-35567)
Summary Cloud Pak for Security v1.8.1.0 and earlier is vulnerable to CVE-2021-35567 due to the usage of Java SE in product components. This could allow an attacker to obtain potentially sensitve information. Cloud Pack for Security has issued a fix to address the issue. Vulnerability Details CVEI...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System.
Summary OpenSSL used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVEs CVE-2021-23840,CVE-2021-23841. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in...
Security Bulletin: Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)
Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system...
Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an issue within the channel process.(CVE-2021-39034)
Summary An issue was identified in the IBM MQ Version 9.1 queue manager channel process on Solaris platforms, that could be exploited by an attacker to cause a denial of service attack. Vulnerability Details CVEID: CVE-2021-39034 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack...
Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Enterprise contains a component called EDB failover manager EFM and uses a version of log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-45105...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to an Information Disclosure (CVE-2022-22310)
Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server Liberty have been published in a security bulletin. Vulnerability Details Refer to the securit...
Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Apache Log4j is used by IBM Security Access Manager for Enterprise Single Sign-On as part of its logging infrastructure. IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105 and...
Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797
Summary Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797 with details below Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header names. By sendin...
Security Bulletin: Due to Apache Log4j, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)
Summary There are vulnerabilities in the Apache Log4j open source library. The library is used by IBM CloudPak foundational services which is a dependency of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. The fix includes upgrade to Apache Log4j v2.17. Vulnerability Details CVEID:...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2021-4104, CVE-2021-45046)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: IBM WebSphere Service Registry and Repository is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution (CVE-2021-4104, CVE-2021-45046 and CVE-2021-44832)
Summary IBM WebSphere Application Server, which is included as a component of IBM WebSphere Service Registry and Repository, is vulnerable to the Apache Log4j vulnerabilities. Remediation information about the security vulnerabilities has been published in a security bulletin. The fix addresses t...
Security Bulletin: IBM Cloud Pak for Applications is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-44832)
Summary Multiple vulnerabilities in Apache Log4j affect IBM WebSphere Application Server which is bundled with IBM Cloud Pak for Applications CVE-2021-45105 and CVE-2021-44832. The fix addresses the vulnerabilities by removing Apache Log4j. Vulnerability Details Refer to the security bulletins...