35634 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient
Summary A vulnerability in Apache httpclient used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority...
Security Bulletin: ICU Vulnerability Affects IBM Control Center (CVE-2020-10531)
Summary International Components for Unicode ICU for C/C++ is vulnerable to a heap-based buffer overflow, caused by an integer overflow. Vulnerability Details CVEID: CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C is vulnerable to a heap-based buffer overflow, caused ...
Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)
Summary WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sendi...
Security Bulletin: IBM Waston Machine Learning Acclerator is affected by a Python vulnerability
Summary There is a vulnerability in Python used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator havs addressed the applicable CVE, CVE-2021-3177 by upgrade python to version 3.7.10 Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An...
Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2019-19049 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the unittestdataadd function in drivers/of/unittest.c. A remote attacker could exploit this...
Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager (CVE-2020-14803, CVE-2020-27221).
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle January 2021 Critical Patch Update. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances.
Summary Multiple Security Vulnerabilities have been fixed in both the IBM Security Access Manager and IBM Security Verify Access appliances. Vulnerability Details CVEID: CVE-2019-17498 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when connecting to a...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when unmarshalling. By manipulating the processed input stream, a remot...
Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)
Summary opensaml-2.6.4.jar vulnerable to CVE-2015-1796, Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority...
Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway vulnerable to denial of service (CVE-2020-11612)
Summary A vulnerability was identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoder...
Security Bulletin: OpenSSL for IBM i is affected by CVE-2020-1971
Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit...
Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability (CVE-2020-7676)
Summary IBM MQ Appliance has addressed a cross-site scripting vulnerability. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject...
Security Bulletin: IBM API Connect V5 is vulnerable to cross-site scripting in jQuery (CVE-2015-9251)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-craft...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An...
Security Bulletin: A GNU glibc vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
Summary A GNU glibc vulnerability, listed below, affects IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-1752 DESCRIPTION: GNU glibc could allow a local attacker to execute arbitrary code on the system, cause...
Security Bulletin: An unspecified vulnerability in Java SE or Oracle Java SE could allow an unauthenticated attacker
Summary An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. An unspecified vulnerability in Java SE related to the 2D component could allow an...
Security Bulletin: Vulnerabilities in Net-SNMP library affect IBM Spectrum Control (CVE-2020-15861, CVE-2020-15862)
Summary Net-SNMP could allow a local authenticated attacker to gain elevated privileges on the system Vulnerability Details CVEID: CVE-2020-15861 DESCRIPTION: Net-SNMP could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of symlinks by...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager for Wireline July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601
Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager. This issues is disclosed as part of the IBM Java SDK updates for July 2020. Information about a security vulnerability affecting IBM WebSphere Application Server has...
Security Bulletin: Rational Developer for System z is affected due to vulnerabilities in IBM Java IBM SDK, Java Technology Edition - Jan 2014
Summary This advisory covers security vulnerability updates for the January IBM Java IBM SDK, Java Technology Edition releases that affect Rational Developer for System z. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow th...
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2019-3846 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiexupdatebssdescwithie function in...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2015-0899, CVE-2014-0114, CVE-2016-1181 and CVE-2016-1182)
Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in t...
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358)
Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Vulnerability Details CVEID: CVE-2020-15358 DESCRIPTION: SQLite is vulnerable to a heap-based buffe...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2020-9283 DESCRIPTION: Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2014-3508, CVE-2014-3511)
Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Sterling Connect:Direct for Microsoft Windows. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-3508 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...
Security Bulletin: Multiple Vulnerabilities affect IBM Sterling External Authentication Server
Summary Three Eclipse Jetty request smuggling vulnerabilities were addressed by IBM Sterling External Authentication Server. Vulnerability Details CVE-ID: CVE-2017-7656 Description: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Apr 2020 CPU (CVE-2020-2805, CVE-2020-2803, CVE-2020-2757, CVE-2020-2756)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Apr 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability...
Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed multiple security vulnerabilities in jackson-databind Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown impact and attack...
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
Summary Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE Vulnerability Details CVEID: CVE-2019-3900 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error when handling incoming packets in the handlerx function...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind
Summary Multiple vulnerabilities in Jackson databind that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2019-12384 DESCRIPTION: FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to...
Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced
Summary Multiple vulnerabilities with IBM Java version shipped with IBM Transformation Extender Advanced. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2018-2663 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE...
Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL.
Summary IBM API Connect had addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-2791 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Audit Plug-in component could allow an authenticated attacker to cause low confidentiality impact...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and...
Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway
Summary Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVSS Base score: 8.1 CVSS Temporal Score: See:...
Security Bulletin: IBM MQ certified container is vulnerable to multiple vulnerabilities within IBM MQ.(CVE-2019-4655, CVE-2019-4560, CVE-2019-4614, CVE-2019-4620)
Summary Multiple vulnerabilities were found within IBM MQ which is packaged with the IBM MQ certified container. Vulnerability Details CVEID: CVE-2019-4655 DESCRIPTION: IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow ...
Security Bulletin: Multiple vulnerabilities exist in IBM Planning Analytics Local
Summary Vulnerabilities found in several components have been addressed in IBM Planning Analytics 2.0.5. There are vulnerabilities in IBM® Runtime Environment Java™ Version 7. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Multiple vulnerabilities affect componen...
Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168)
Summary IBM Sterling B2B Integrator is vulnerable to a robot security vulnerability. This could allow an attacker to obtain encrypted data in clear text. Vulnerability Details CVEID: CVE-2017-6168 DESCRIPTION: F5 BIG-IP virtual servers configured with a Client SSL profile could allow a remote...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-3092)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-5573, CVE-2016-5597)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple Vulnerabilities in python affects IBM Watson Studio Local
Summary Security Bulletin: Multiple Vulnerabilities in python affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-14647 DESCRIPTION: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2016-3610 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has high confidentiality impact, hi...
Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i
Summary Samba is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-15275 DESCRIPTION: Samba could allow a remote attacker to obtain sensitive information, caused by a heap memory information leak. By sending a specially crafted request, an attacker...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10116 DESCRIPTION: An unspecified...
Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)
Summary IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification
Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2019. Vulnerability Details CVEID: CVE-2019-11775...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 7.0.10.50 used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs. These issues were disclosed as part of the IBM® Runtime Environment Java™ updates in July 2019...
Security Bulletin: Multiple vulnerabilities in BIND affects IBM Netezza Host Management
Summary BIND is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2776 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an assertion failure in buffer.c while a nameserver is building...
Security Bulletin: Multiple vulnerabilities in NTP and OpenSSL affect IBM Netezza Firmware Diagnostics
Summary Open Source NTP and OpenSSL are used by IBM Netezza Firmware Diagnostics. IBM Netezza Firmware Diagnostics Support Tools has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused...
Security Bulletin: Multiple Security Vulnerabilities affecting IBM Netezza Host Management
Summary IBM Netezza Host Management is affected by multiple Open Source security vulnerabilities in: GNU glibc, NTP address spoofing and NTP, NTPd and ntpcrypto.c disclosure. Vulnerability Details CVE-ID: CVE-2014-9297 Description: Network Time Protocol NTP Project NTP daemon ntpd could allow a...