35661 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-55565]
Summary Node.js module nanoid is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module nanoid...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to an attacker with deploy privilege [CVE-2025-0799]
Summary IBM App Connect Enterprise Certified Container is vulnerable to an attacker with deploy privilege. Malicious bar files could allow an attacker with deploy privilege to write arbitrary files in the container for a running IBM App Connect Enterprise Certified Container IntegrationRuntime or...
Security Bulletin: IBM Sterling Control Center is vulnerable to Apache Commons Compress (CVE-2024-26308, CVE-2024-25710)
Summary Apache Commons Compress jar vulnerabilities are impacting IBM Sterling Control Center v6.3.1 and v6.2.1. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2024 and January 2025
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF039 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2023-48161 DESCRIPTION: GifLib Project GifLib could allow a local attacker to obtain sensitive information, caused by a heap-based buff...
Security Bulletin: IBM Sterling Control Center is vulnerable to Apache Commons IO (CVE-2024-47554)
Summary Apache Commons IO jar vulnerability is impacting IBM Sterling Control Center v6.3.1 and v6.2.1 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessivel...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2024-10963 DESCRIPTION: A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...
Security Bulletin: IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171
Summary IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow ...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat
Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...
Security Bulletin: IBM Storage Defender Data Protect vulnerable to CVE-2024-45801 due to dependency on Open Source library.
Summary IBM Storage Defender Data Protect is vulnerable to CVE-2024-45801 due to dependency on Open Source library. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in dept...
Security Bulletin: Vulnerability in Node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability inOpenSSL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability inOpenSSL has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in Jinja affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Jinja has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in UriComponentsBuilder affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in UriComponentsBuilder has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in TensorFlow affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in TensorFlow has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in urllib3 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in urllib3 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Security Bulletin: A Security Vulnerability was discoverd in IBM Security Verify Access and IBM Verify Identity Access (CVE-2025-0161)
Summary A Security Vulnerability was addressed in IBM Security Verify Access and IBM Verify Identity Access where a local user could execute arbitrary code. Vulnerability Details CVEID:CVE-2025-0161 DESCRIPTION: IBM Security Verify Access Appliance could allow a local user to execute arbitrary co...
Security Bulletin: Vulnerability in PostgreSQL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in PostgreSQL has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in GNU Wget affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in GNU Wget has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Security Bulletin: The following vulnerabilities can affect IBM Storage Scale System and IBM Storage Scale are now included
Summary The following vulnerabilities can affect IBM Storage Scale System and IBM Storage Scale and could provide weaker than expected security are now fixed. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability...
Security Bulletin: Vulnerability in Werkzeug affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Werkzeug has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses affects watsonx.data
Summary The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2024-53990 DESCRIPTION: The AsyncHttpClient AHC library allows Java applications to easily...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-11187 DESCRIPTION: It is possible to construct a zone such that some queries ...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in nanoid
Summary IBM Watson Discovery for Cartridge contains a vulnerable version of nanoid Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop...
Security Bulletin: An unspecified IBM SDK, Java Technology Edition vulnerability affects InfoSphere Data Replication
Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. B...
Security Bulletin: InfoSphere Data Replication is affected by postgresql vulnerbility
Summary InfoSphere Data Replication uses postgresql. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to information disclosure due to hbase-client
Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child...
Security Bulletin: InfoSphere Data Replication is affected by a Snappy-Java vulnerability (CVE-2023-43642)
Summary InfoSphere Data Replication uses Snappy-Java. This bulletin identifies the steps to take to address the vulnerability in that package. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in golang.org/x/net
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of golang.org/x/net Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-core
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of tomcat-embed-core Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 throu...
Security Bulletin: IBM Aspera Shares is vulnerable to bypass security restrictions and an external entity injection (CVE-2024-45409, CVE-2025-0162)
Summary SAML-Toolkits Ruby SAML and Stats Collector are used by IBM Aspera Shares as part of Ruby-SAML authentication library and Stats Collector XML parsing logic. Vulnerability Details CVEID:CVE-2024-45409 DESCRIPTION: SAML-Toolkits Ruby SAML could allow a remote attacker to bypass security...
Security Bulletin: Multiple vulnerabilities in IBM's Common Cryptographic Architecture (CCA) (CVE-2024-22340, CVE-2024-41760, CVE-2024-49823)
Summary IBM Common Cryptographic Architecture CCA is used to interface with the IBM Hardware Security Module HSM. Multiple vulnerabilities have been discovered in CCA that could allow a remote user to cause a denial of service CVE-2024-49823 or to obtain sensitive information CVE-2024-22340,...
Security Bulletin: Hibernate Hibernate Validator could allow a remote attacker to bypass security restriction which affects watsonx.data
Summary Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2020-10693 DESCRIPTION: Hibernate Hibernate Validator could allow a remote...
Security Bulletin: Snappy is a compression/decompression library which affects watsonx.data
Summary Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2024-36124 DESCRIPTION: iq80 Snappy is a compression/decompression library. When...
Security Bulletin: JSch could allow a remote attacker to traverse directories on the system which affects watsonx.data
Summary JSch could allow a remote attacker to traverse directories on the system, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2016-5725 DESCRIPTION: JSch could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request ...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to uncontrolled resource consumption due to commons-io.
Summary Commons.io is used by the ds-runtime microservice as part of the read/write functionality. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service and nonstandard cookie parsing due to hbase-client.
Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client API for HBase. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to HTML attribute injection due to Jinja package (CVE-2024-22195)
Summary Jinja is used by DataStage on Cloud Pak for Data as part of HTML templating. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitra...
Security Bulletin: Vulnerability with DataStage on Cloud Pak for Data related to urllib3
Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to the vulnerability found. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib3 is vulnerable to CRLF injection,...
Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ and Eclipse Jetty
Summary There are vulnerabilities in IBM® Semeru Java™ and Eclipse Jetty used by IBM Cognos Command Center. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Comman...
Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Cross-Site Scripting (CVE-2024-56338)
Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2024-56338 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary...
Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Information Disclosure (CVE-2024-52905)
Summary IBM Sterling B2B Integrator has addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2024-52905 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive database information to a privileged user. CWE:CWE-497: Exposure of Sensitive...
Security Bulletin: IBM Sterrling B2B Integrator is Vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO (CVE-2024-47554)
Summary IBM Sterling B2B Integrator has addressed the uncontrolled resource consumption vulnerability from Apache Commons IO Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReade...
Security Bulletin: Security Vulnerability in Apache MINA SSHD Affects IBM Sterling B2B Integrator (CVE-2024-41909)
Summary IBM Sterling B2B Integrator has addressed the security vulnerability from Apache MINA SSHD Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION: Apache MINA SSHD could allow a remote attacker to bypass security restrictions. An attacker who can intercept traffic between the client and...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest [CVE-2024-4741, CVE-2024-2511, CVE-2024-5535, CVE-2024-4603, CVE-2024-6119]
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed mutiple CVEs. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to hbase-client
Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...
Security Bulletin: IBM Sterling File Gateway is Vulnerable to Information Disclosure (CVE-2024-47109)
Summary IBM Sterling File Gateway has addressed the information disclosure security vulnerability Vulnerability Details CVEID:CVE-2024-47109 DESCRIPTION: IBM Sterling File Gateway UI could disclosure the installation path of the server which could aid in further attacks against the system...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1
Summary Pip is used by the DataStage on Cloud Pak for Data px-runtime microservice as part of package installation. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial...
Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Denial of Service in Amazon Ion (CVE-2024-21634)
Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability from Amazon Ion Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds writes due to hbase-client
Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client HBase API. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Use...