Security Bulletin: IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504

Summary IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50572 DESCRIPTION: JLine is vulnerable to a...

Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45071)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45086

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-45087)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a cross-site scripting vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-45073)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38314 DESCRIPTION: IBM Maximo Application Suite - Monitor Component could...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weak...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution [CVE-2024-47175]

Summary OpenPrinting libppd is present as a Red Hat package in the IBM App Connect Enterprise Certified Container images used by the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin...

Security Bulletin: IBM Data Product Hub uses Node.js axios & elliptic modules which are vulnerable (CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461)

Summary IBM Data Product Hub has dependencies on Node.js axios & elliptic modules which are vulnerable CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2024-42461...

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-5535]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-5535 Vulnerability Details CVEID:CVE-2024-5535 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the...

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52898)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52898 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-9143]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused b...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in OpenSSL [CVE-2024-6119]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in OpenSSL, caused by an error when performing certificate name checks CVE-2024-6119. OpenSSL is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-46696, CVE-2024-46697]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-46696, CVE-2024-46697 Vulnerability Details CVEID:CVE-2024-46696 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy( CVE-2024-24783)

Summary Potential Golang Go denial of service vulnerabilitiy CVE-2024-24783 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24783 DESCRIPTION: Golang Go is...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION:...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-45087, CVE-2023-50315)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45073)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45087

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874 Vulnerability Details CVEID:CVE-2024-47874 DESCRIPTION: Starlette is an Asynchronous Server Gateway Interface ASGI...

Security Bulletin: PVR0546850 - Express - CVE-2024-45590 (Publicly disclosed vulnerability)

Summary This Security Bulletin is created to reflect the remedian done for PVR0546850 - Express - CVE-2024-45590 Publicly disclosed vulnerability. The 'bodyparser' has been upgraded to version 1.20.3 in PowerHA GUI Rel 7.2.9 in order to resolve this PVR. Vulnerability Details CVEID:CVE-2024-45590...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Protocol Buffers protobuf-go denial of service vulnerability [ CVE-2024-24786]

Summary Potential denial of service vulnerability in Protocol Buffers protobuf-go CVE-2024-24786 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities may affect IBM Decision Optimization for Cloud Pak for Data (CVE-2024-42459, CVE-2024-42460 and CVE-2024-42461)

Summary There are multiple vulnerabilities in Node.js Elliptic used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module coul...

Security Bulletin: Out of bound read/write access vulnerability in IBM® SDK, Java™ Technology Edition version 8 may affect IBM Storage Protect Operations Center (CVE-2024-3933)

Summary Unrestricted out-of-bound read / write access vulnerability CVE-2024-3933 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Operations Center. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).

Summary IBM Storage Protect Operations Center may be impacted by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of availability and integrity of the host system. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to a denial of service (CVE-2024-45085).

Summary The security issue described in CVE-2024-45085 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM Storage Protect Server is susceptible to multiple authentication related vulnerabilities due to coreDNS (CVE-2022-2837, CVE-2022-2835, CVE-2024-0874).

Summary The IBM Storage Protect Server is susceptible to authentication-related vulnerabilities linked to coreDNS. These vulnerabilities may allow authenticated attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-2837 DESCRIPTION: coreDNS could allow a remote...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38473) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable due to Axios vulnerability (CVE-2024-39338)

Summary IBM Sterling External Authentication Server SEAS uses Axios, which is vulnerable to Server-side Request Forgery SSRF. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)

Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-47874]

Summary Starlette is used by IBM App Connect Enterprise Certified Container by the mapping assistance component . IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-45085)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. It is vulnerable to a denial of service attack. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security weakness in GNU Emacs [CVE-2024-39331]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security weakness in GNU Emacs, caused by a code injection flaw in org-link-expand-abbrev in lisp/ol.el CVE-2024-39331. GNU Emacs is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details...

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-51471)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-51471 DESCRIPTION: IBM MQ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the...

Security Bulletin: IBM MQ Console is affected by a denial of service vulnerability (CVE-2024-51471)

Summary IBM MQ has addressed a denial of service vulnerability in the IBM MQ console Vulnerability Details CVEID:CVE-2024-51471 DESCRIPTION: IBM MQ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38477) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM InfoSphere Information Server is affected by an XXE vulnerability in IBM WebSphere Application Server Liberty (CVE-2024-22354)

Summary An XML External Entity Injection XXE vulnerability in IBM WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application...

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service attack originating in IBM WebSphere Application Server Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service. This vulnerability is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Product...

Security Bulletin: IBM WebSphere Application Server Liberty , which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attack...

Security Bulletin: A vulnerability in Microsoft .NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-43485)

Summary A vulnerability in Microsoft .NET affects IBM Robotic Process Automation and may result in a denial of service CVE-2024-43485. IBM Robotic Process Automation uses .NET as the development framework. This bulletin identifies the fix to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerabilities in requests, setuptools , python-certifi & urllib3 can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore [CVE-2024-35195,CVE-2024-6345,CVE-2024-39689,CVE-2024-37891]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in requests, setuptools , python-certifi & urllib3 which include bypass security restrictions , by using download functions to inject and execute arbitrary code on the system, weaker...

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2024-27270]

Summary Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Patterns . Vulnerability Details CVEID:CVE-2024-27270 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This...

Security Bulletin: Vulnerability in OpenSSL affect Cloud Pak System[CVE-2024-0727]

Summary Vulnerability identified in OpenSSL affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could...