35665 matches found
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Pydantic
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Pydantic. Vulnerability Details CVEID:CVE-2024-3772 DESCRIPTION: Regular expression denial of service in Pydanic 2.4.0, 1.10.13 allows remote attackers to cause denial of service via a crafted email string. CWE:CWE-1333:...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of ssh: Prefix truncation attack on Binary Packet Protocol BPP Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability Requests
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Psf Requests Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation vulnerability...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Async
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Async Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By sending a...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in JWT
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic module
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic module Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by a flaw with BER-encoded signatures are allowed. By...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial of service, caused by a flaw in the decode function. By sending a specially crafted JSON Web Encryption JWE token...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in source-map-support
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of source-map-support. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function. CWE:CWE-22: Improper...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic. Vulnerability Details CVEID:CVE-2024-48949 DESCRIPTION: The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg"...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in fast-xml-parser
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of fast-xml-parser. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moment
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moment. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Protocol Buffers protobuf-go
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Protocol Buffers protobuf-go. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function wh...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in pypa/setuptools
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of pypa/setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. By persuading a...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Bouncy Castle Crypto Package For Java
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Bouncy Castle Crypto Package For Java Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importin...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in HTTP/2 protocol
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of HTTP/2 protocol Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Gunicorn
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Gunicorn Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Joda.org Joda-Time
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Joda.org Joda-Time Vulnerability Details CVEID:CVE-2024-23080 DESCRIPTION: Joda.org Joda-Time is vulnerable to a denial of service, caused by a NullPointerException flaw in the...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Socket.IO
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Socket.IO Vulnerability Details CVEID:CVE-2024-38355 DESCRIPTION: Socket.IO is vulnerable to a denial of service. By sending a specially crafted Socket.IO packet, a remote attacker could exploit this vulnerability to trigg...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Node.js jose module
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Node.js jose module Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a specially crafted reques...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Certifi python-certifi
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Certifi python-certifi Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aio-libs aiohttp
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aio-libs aiohttp Vulnerability Details CVEID:CVE-2024-30251 DESCRIPTION: aio-libs aiohttp is vulnerable to a denial of service, caused by an infinite loop flaw. By sending specially crafted POST requests, a remote attacker...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in tqdm
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of tqdm Vulnerability Details CVEID:CVE-2024-34062 DESCRIPTION: tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially crafted...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Natural Language Toolkit (NLTK)
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Natural Language Toolkit NLTK Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moby
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moby. Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine,...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in medikoo es5-ext
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of medikoo es5-ext. Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...
Security Bulletin: There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms (CVE-2023-22045 and CVE-2023-22049).
Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms CVE-2023-22045 and CVE-2023-22049. An update to CICS Transaction Gateway for Multiplatforms has been released to address these vulnerabilities...
Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could allow arbitrary code execution or denial of service. CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-5178 CVE-2023-45871 . Vulnerability Details CVEID:CVE-2023-6356 DESCRIPTION: Linux Kernel is...
Security Bulletin: Vulnerabilities in bind and dnsmasq affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in bind and dnsmasq affect IBM Storage Virtualize products and could denial of service. CVE-2022-2795 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 CVE-2023-4408 CVE-2023-5517 CVE-5679 CVE-2023-6516 CVE-2023-50387 CVE-2023-50868 . Vulnerability Details CVEID:CVE-2022-2795...
Security Bulletin: Vulnerability in nghttp2 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in nghttp2 affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-28182. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to versio...
Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause side-channel leakage. CVE-2023-6240. Vulnerability Details CVEID:CVE-2023-6240 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a Marvin...
Security Bulletin: Vulnerability in python3 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". Due to this issue, it is possible that values will not be returned in accordance with the latest information...
Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-32681]
Summary The requests package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-32681 Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking...
Security Bulletin: Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms
Summary Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms. The Apache Derby package version has been updated. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security...
Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-43804]
Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-43804 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information,...
Security Bulletin: Vulnerability in idna affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-3651]
Summary The idna package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-3651. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted...
Security Bulletin: Vulnerability in zipp affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-5569]
Summary The zipp package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-5569. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path...
Security Bulletin: Multiple Vulnerabilities in containers of IBM Workload Scheduler component of IBM Workload Automation
Summary Multiple vulnerabilities, that impacts containers only, were addressed in IBM Workload Scheduler component of IBM Workload Automation 10.1.0.5 and 10.2.3 Vulnerability Details CVEID:CVE-2022-48564 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the readints...
Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328)
Summary There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure. Vulnerability Details CVEID:CVE-2024-22328 DESCRIPTION: IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to travers...
Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty
Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw ...
Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty
Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management due to Apache Kafka Client(CVE-2024-31141)
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management, allowing external parties access to files or directories due to Apache Kafka Client. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Netty (CVE-2024-47535)
Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Netty (CVE-2024-47535)
Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1135]
Summary The gunicorn package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...
Security Bulletin: IBM JRS (Jazz Reporting Service) uses a web link with untrusted references to an external site.
Summary IBM JRS Jazz Reporting Service uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application produces links to untrusted...
Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)
Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...