35661 matches found
Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-40094).
Summary IBM Storage Protect Operations Center may be affected by denial of service caused by failure to consider ExecutableNormalizedFields in Open-source GraphQL Java library used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java ak...
Security Bulletin: IBM Storage Protect Server may be vulnerable to denial-of-service attack due to Golang Go (CVE-2024-45338)
Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is vulnerable to a denial-of-service DoS attack due to inefficient regular expression complexity in golang.org/x/net. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-34158, CVE-2024-34155, CVE-2024-34156).
Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is affected by multiple vulnerabilities that could lead to a denial-of-service DoS attack on the host system. This bulletin provides the necessary steps to mitigate these vulnerabilities. Vulnerability Details...
Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-9823)
Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to deial-of-service attack due to issues with OutofMemory errors related with DosFilter. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty's DosFilter which can be...
Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-6763)
Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to an open redirect attack due to issues with HttpURI parsing and validation checks. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servle...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server ( CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071)
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, loss of confidentiality, integrity or availability. CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071. This bulletin identifies the...
Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot
Summary There is a vulnerable library tomcat-embed-core, in version 10.1.34, transitively used in BAMOE 9, linked from the Spring Boot version used by BAMOE libraries, has been fixed in BAMOE 9.2.0, along with more CVE fixes published in the Security Bulletin 7229574. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0. Vulnerability Details CVEID:CVE-2023-51079 DESCRIPTION: MVEL is vulnerable to a denial of service, caused by a TimeOut error...
Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-3596...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Snowflake JDBC driver
Summary Multiple vulnerabilities in the Snowflake JDBC driver that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Python
Summary Multiple vulnerabilities in Python that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-9287 DESCRIPTION: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jinja
Summary Multiple vulnerabilities in Jinja that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format...
Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-55895)
Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-55895 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes kubelet (CVE-2024-10220)
Summary A vulnerability in Kubernetes kubelet that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-10220 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2024-31141)
Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect privilege manageme...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Netty (CVE-2024-47535)
Summary A vulnerability in Netty that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in XStream (CVE-2024-47072)
Summary A vulnerability in XStream that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted binar...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to an observable response discrepancy (CVE-2024-51477)
Summary An observable response discrepancy vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51477 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated to obtain sensitive username information due to an observable respons...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2024-38827)
Summary A vulnerability in VMware Tanzu Spring Security that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a locale dependent...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty . This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Open Container Initiative runc (CVE-2024-45310)
Summary A vulnerability in Open Container Initiative runc that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by a race condition...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework
Summary Multiple vulnerabilities in VMware Tanzu Spring Framework that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to...
Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-7577)
Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7577 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive user credentials from log files during new installation of the product. CWE:CWE-532...
Security Bulletin: IBM InfoSphere Information Server may be affected by an information disclosure vulnerability (CVE-2024-43186)
Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-43186 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information that is stored locally under certain...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-4741)
Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the SSLfreebuffers API function. By...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL
Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server...
Security Bulletin: Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services
Summary Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services CVE-2024-8184, CVE-2024-6763, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2021-28170, CVE-2023-48795, CVE-2023-33201, CVE-2023-33202, CVE-2023-4218, CVE-2023-36478,...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Axis
Summary Multiple vulnerabilities in Apache Axis that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2010-1632 DESCRIPTION: Apache Axis2/Java is vulnerable to a denial of service, caused by an error when handling XML DTD Document Type Declaration data. A...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons IO (CVE-2024-47554)
Summary A denial of service vulnerability in Apache Commons IO that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-6119)
Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking server certificate...
Security Bulletin: Vulnerability in Golang Go affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Golang Go has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in libexpat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in libexpat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Oracle Java affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Oracle Java has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Python CPython affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Python CPython has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in archive/zip affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in archive/zip has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in PAM affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in PAM has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in golang.org/x/net/http2 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in golang.org/x/net/http2 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...
Security Bulletin: Vulnerability in Apache ZooKeeper affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Apache ZooKeeper has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Versions of the package cross-spawn before 7.0.5 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Versions of the package cross-spawn before 7.0.5 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to detail...
Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product.
Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws in JAVA. : An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts, as described in the "Vulnerability Details...
Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product.
Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws in JAVA. : An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts, as described in the "Vulnerability Details...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2025-26791]
Summary IBM Security SOAR uses an older version of DOMpurify that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack 51.0.5.1 . Vulnerability Details CVEID:CVE-2025-26791...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-12797)
Summary IBM Security SOAR uses an older version of the Python cryptography/openssl library which has a known vulnerability. An update has been released which address this issue. It is recommended upgrading to Version 51.0.5.1 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-127...
Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP
Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: The function X509VERIFYPARAMadd0policy is...
Security Bulletin: Mulltiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop
Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing based side channel exists in the...