Security Bulletin: Vulnerability in pypa/setuptools affects watsonx.data

Summary pypa/setuptools is vulnerable to arbitrary code execution attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. ...

Security Bulletin:Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request,...

Security Bulletin: Vulnerabilities in Apache Kafke affect watsonx.data

Summary Apache Kafka is vulnerable to denial of service attacks and to arbitrary code executed on the system attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By...

Security Bulletin: Vulnerabilities in WebMvc.fn and WebFlux.fn affect watsonx.data

Summary The functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314

Summary Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sending a...

Security Bulletin: Vulnerability in json-path affects watsonx.data

Summary json-path is vulnerable to a stack-based buffer overflow allowing an attacker to cause an uncontrolled recursion which results in a denial of service condition. This affects watsonx.data. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of servic...

Security Bulletin: Vulnerabilities in Apache Solr affect watsonx.data

Summary Apache Solr is vulnerable to upload of arbritrary files attacks and to exposure of sensitive information attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Apache Solr could allow a remote attacker to upload arbitrary files, caused by the...

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34454 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By sending a specially crafted...

Security Bulletin: Vulnerability in SpringBoot affects watsonx.data

Summary Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-27772 DESCRIPTION: Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system, cause...

Security Bulletin: Vulnerabilities in JetBrains Kotlin affects watsonx.data

Summary jetBrains Kotlin is vulnerable to sensitive data disclosure and to weaker than expected security. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: JetBrains Kotlin could allow a local authenticated attacker to obtain sensitive information, caused by...

Security Bulletin: Vulnerabilities in SnakeYAML affects wtsonx.data

Summary SnakeYAML is vulnerable to a denial of service attacks and to execute arbitrary code on the system attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML...

Security Bulletin: Vulnerability in Spring WebMvc affects watsonx.data

Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functiona...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION:...

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology, version 17. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts. CVSS Source: IBM...

Security Bulletin: IBM Technical Support Appliance - possible excessive use of CPU

Summary HTTPS protocol is used during web session by a TSA user as well as data transfers from TSA to IBM. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps...

Security Bulletin: IBM B2B Sterling Integrator is vunerable to Denial of Service attack due to Netty

Summary IBM B2B Sterling Integrator is affected by a Denial of Service vulnerability in Netty. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

Security Bulletin: IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH

Summary IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity chec...

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-48795]

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-48795 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9...

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-52881)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas fr...

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)

Summary IBM Db2 Big SQL on Cloud Pak for Data is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and...

Security Bulletin: This Power System update is being released to address CVE-2024-41781

Summary An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID:CVE-2024-41781 DESCRIPTION: IBM PowerVM Platform KeyStore functionality can be compromised if an attacker gain...

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities

Summary IBM Security Verify Governance ISVG ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2021-37137 DESCRIPTION: Netty netty-codec is vulnerable to a deni...

Security Bulletin: Vulnerabilities in Eclipse Jetty affect watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service attack and to disclosure of sensitive data attack. These affect watsonx.data. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

Security Bulletin: Multiple security vulnerabilities were discovered in IBM Verify Identity Governance

Summary Multiple security vulnerabilities in IBM Java and IBM WebSphere Liberty have been addressed in the latest release of IBM Verify Identity Governance formerly known as IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296.

Summary IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.ja which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.jar which is vulnerable to CVE-2024-30171, CVE-2023-33201, CVE-2023-33202, CVE-2024-29857, CVE-2024-30172, CVE-2024-8184, CVE-2024-6763, CVE-2024-49767,...

Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Asset Data Dictionary uses...

Security Bulletin: Vulnerability in Apache Kafka affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Apache Kafka has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow...

Security Bulletin: Vulnerability in OpenSSL affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability in OpenSSL has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is...

Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

Security Bulletin: Vulnerability in OpenSSL affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in OpenSSL has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denia...

Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resour...

Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a...

Security Bulletin: Vulnerability in GraphQL Java affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in GraphQL Java has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

Security Bulletin: Vulnerability in Rollup affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Rollup has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47068 DESCRIPTION: Rollup is vulnerable to...

Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resour...

Security Bulletin: Vulnerability in Protocol Buffers affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Protocol Buffers has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...

Security Bulletin: Vulnerability in REXML affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in REXML has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby...

Security Bulletin: Vulnerabilities in libexpat affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in libexpat has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide...

Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO i...

Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...

Security Bulletin: Vulnerability in GNOME GLibl affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in GNOME GLib has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a...

Security Bulletin: Vulnerability in source-map-support affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in all versions of the package source-map-suppor has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21540...

Security Bulletin: Vulnerability in Open Neural Network Exchange (ONNX) affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Open Neural Network Exchange ONNX has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-5187 DESCRIPTION: Open...

Security Bulletin: Vulnerability in Eclipse Vert.x toolkit affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Eclipse Vert.x toolkit has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1300 DESCRIPTION: A vulnerability...

Security Bulletin: IBM Aspera Shares is vulnerable to multiple high severity vulnerabilities (CVE-2022-1586, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2019-20838, CVE-2022-2068, CVE-2022-1587)

Summary This Security Bulletin addresses multiple high severity OpenSSL security vulnerabilities that have been remediated in IBM Aspera Shares 1.10.0 PL4. Vulnerability Details CVEID:CVE-2022-1586 DESCRIPTION: PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper input validation (CVE-2024-52901)

Summary A vulnerability in IBM InfoSphere Information Server due to improper input validation was addressed. Vulnerability Details CVEID:CVE-2024-52901 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to GUI to not load or stop working due to improper input...

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-51460)

Summary An information disclosure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51460 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information when a detailed technical error message is...