35598 matches found
Security Bulletin: Vulnerabilities in Python packages might affect IBM Storage Defender – Resiliency Service (CVE-2024-22195, CVE-2024-26130, CVE-2023-50782)
Summary IBM Storage Defender – Resiliency Service is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The...
Security Bulletin: axios-1.5.0.tgz and axios-1.5.1.tgz is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses axios-1.5.0.tgz and axios-1.5.1.tgz which is vulnerable to CVE-2023-45857 Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input...
Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow
Summary IBM Business Automation Workflow Configuration Editor packages a Node.js runtime. Vulnerabilities have been reported for Node.js. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by...
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-50447 DESCRIPTION: Pillow could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to an unspecified vulnerability and denial of service due to IBM Runtime Environment Java Technology Edition
Summary IBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by an unspecified vulnerability and denial of...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Scale (CVE-2023-46158, CVE-2023-44487)
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could provide weaker than expected security due to improper resource expiration handling. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Libert...
Security Bulletin: IBM Observability with Instana is affected by multiple vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana : CVE-2023-43646, CVE-2023-2454, CVE-2022-31197, CVE-2023-39533, CVE-2021-20218 Vulnerability Details CVEID:CVE-2023-43646 DESCRIPTION: Chai.js Assertion Library get-func-name is vulnerable to a denial of service,...
Security Bulletin: IBM Asset Data Dictionary Component uses netty-codec-http2-4.1.94, netty-handler-4.1.86 and netty-handler-4.1.92 which is vulnerable to CVE-2023-44487 and CVE-2023-34462
Summary IBM Asset Data Dictionary Component uses netty-codec-http2-4.1.94, netty-handler-4.1.86 and netty-handler-4.1.92 which is vulnerable to CVE-2023-44487 and CVE-2023-34462. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: Vulnerability in CloudPak for AIOPs [CVE-2023-46233]
Summary Vulnerability was addressed in IBM Cloud Pak for AIOps version 4.3.0 CVE-2023-46233 Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allow a remote attacker to obtain sensitive information, caused by the use of a weak cryptographic hash algorithm. By utilize...
Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following vulnerabilities in ntp. Vulnerability Details CVEID: CVE-2018-7185 DESCRIPTION: NTP is vulnerable to a denial of service. By sending specially crafted packets, a remote...
Security Bulletin: Multiple vulnerabilities in go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Summary Multiple vulnerabilities in the go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. These vulnerabilities are fixed. Vulnerability Details CVEID:CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509...
Security Bulletin: CVE-2022-41713 An issue was discovered in deep-object-diff version 1.1.0
Summary CVE-2022-41713 deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited. Vulnerability Details...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597
Summary All applicable Java SE CVEs published by Oracle as part of their April 2023 Critical Patch Update plus CVE-2023-2597. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: ELM Installer, IBM Engineering Lifecycle...
Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Asset Management application (CVE-2023-26048)
Summary There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Asset Management application CVE-2023-26048 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...
Security Bulletin: Multiple vulnerabilities exist in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager.
Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details...
Security Bulletin: IBM Rational Build Forge is vulnerable to a denial of service due to the use of Apache HTTP server (CVE-2022-29404).
Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-29404 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by no default limit on possible input size. By sending a specially...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.13 and earlier
Summary This fix upgrades to node 18.18.0 and grpc 1.58.0. Vulnerability Details CVEID:CVE-2023-4785 DESCRIPTION: Google gRPC is vulnerable to a denial of service, caused by a lack of error handling in the TCP server on posix-compatible platforms. By initiating a significant number of connections...
Security Bulletin: IBM OpenPages with Watson has addressed multiple vulnerabilities from CKEditor (CVE-2022-24728, CVE-2022-24729)
Summary CKEditor open source library used by IBM OpenPages with Watson. CKEditor reported multiple vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-24729 DESCRIPTION: CKEditor is vulnerable to a denial of service, caused by a regular expression deni...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffer protobuf-cpp (CVE-2022-1941)
Summary DFDL message parsing in IBM App Connect Enterprise is affected by a denial of service due to Google Protocol Buffer protobuf-cpp CVE-2022-1941. The fix includes 3.21.5. Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsin...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Google Guava (CVE-2023-2976)
Summary Google Guava is shipped with IBM Tivoli Netcool Impact as part of it's backend infrastructure. Information about a security vulnerability affecting Google Guava has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a loc...
Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2023-29409
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2023-29409 with details below. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)
Summary IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. This affects The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty versions 22.0.0.7 and prior...
Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2023-2828)
Summary A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2023-2828. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2023-2828 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw that allows the...
Security Bulletin: There is a vulnerability in Netty used by IBM Maximo Asset Management ( CVE-2022-24823)
Summary There is a vulnerability in Netty used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-24823 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when temporary storing uploads on the disk is enabled. By gaini...
Security Bulletin: Jettison component is vulnerable to CVE-2022-45685 and CVE-2022-45693 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Jettison package which is vulnerable to CVE-2022-45685 and CVE-2022-45693. Vulnerability Details CVEID:CVE-2022-45685 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending an overly long string usi...
Security Bulletin: IBM Java SDK update forJava deserialization filters (JEP 290) ignored during IBM ORB deserialization
Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 for Java deserialization filters JEP 290 ignored during IBM ORB deserialization that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues we...
Security Bulletin: A vulnerability in Microsoft ASP.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2022-29117)
Summary Microsoft ASP.NET is used by IBM Robotic Process Automation as part of the application framework. CVE-2022-29117 Vulnerability Details CVEID:CVE-2022-29117 DESCRIPTION: Microsoft ASP.NET and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request, a...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management
Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include gaining elevated privileges, obtaining sensitive information, causing the system to crash, causing denial of service conditions, an attacker could exploit the vulnerability to...
Security Bulletin: Watson Query potentially exposes adminstrator's key under some conditions due to CVE-2022-22410
Summary Watson Query is vulnerable to an internal attacker who can use an exposed administrator APIKEY to potentially alter system configuration or view customer data. The APIKEY is used to automatically create connections and assets to help reduce workload for the user. However, in some...
Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard
Summary Summary: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a...
Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines
Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Apr 2023. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle...
Security Bulletin: IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2455)
Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2023-2455 DESCRIPTION: PostgreSQL could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with row security policies disregard user ID changes aft...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842)
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js CVE-2023-0842. The latest Fix Pack includes xml2js version 5.0 Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-35890)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security CVE-2023-35890 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products a...
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2023-28513)
Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-28513 DESCRIPTION: IBM MQ, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. CVSS Base score: 5.9 CVSS Temporal Score: See:...
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-22978
Summary There is a vulnerability in Spring Security that could allow an remote attacker to bypass security restrictions and obtain access to the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1
Summary CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-45142 DESCRIPTION: Heimdal could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Vulnerabilities in Node.js, XStream, Linux kernel can affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, XStream, and Linux kernel. Vulnerabilities include causing a denial of service condition and HTTP request smuggling, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...
Security Bulletin: IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874)
Summary This Security Bulletin addresses security vulnerabilities that have been remediated CVE-2023-27871, CVE-2023-27873 and mitigated CVE-2023-27874 in IBM Aspera Faspex 4.4.2 PL3. Vulnerability Details CVEID:CVE-2023-27874 DESCRIPTION: IBM Aspera is vulnerable to an XML external entity...
Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21968 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to...
Security Bulletin: CVE-2022-4415 may affect IBM CICS TX Advanced 10.1
Summary CVE-2022-4415 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker to obtain sensitive information, caused by not respecting fs.suiddumpab...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2023. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes (CVE-2022-3162, CVE-2022-3294)
Summary Multiple vulnerabilities in Kubernetes used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-3162 DESCRIPTION: Kubernetes kube-apiserver could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization. An...
Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability in Apache Commons Text (CVE-2022-42889)
Summary A remote code execution vulnerability in Apache Commons Text used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-31030 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-24772 DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature verification when checking for tailing garbage byt...
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows may be vulnerable to arbitrary code execution due to [CVE-2021-43138]
Summary Node.js module async is used by IBM App Connect Enterprise Certified Container as part of the Node.js runtime. IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows may be vulnerable to arbitrary code execution. This bulletin provides patch...