35665 matches found
Security Bulletin: IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201
Summary IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...
Security Bulletin:IBM Maximo Application Suite - IoT Component uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2024-47535
Summary IBM Maximo Application Suite - IoT Component uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2024-47535 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous...
Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and unauthorized data access attacks due to IBM Runtime Environment Java Technology Edition Version 8
Summary IBM Java 8 is used by IBM Sterling Connect:Direct for Unix in product configuration and management. IBM Sterling Connect:Direct for Unix is impacted by denial of service and unauthorized data access attacks due to IBM Java 8. IBM Sterling Connect:Direct for Unix has upgraded IBM Java 8 to...
Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service
Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, SQL injection, and others. The vulnerabilities have been addressed. CVE-2023-52425, CVE-2024-53908, CVE-2024-53907, CVE-2023-52426, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2024-21626,...
Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and arbitrary code execution attacks due to IBM Runtime Environment Java Technology Edition Version 17
Summary IBM Java 17 is used by IBM Sterling Connect:Direct for Unix in product configuration and management. IBM Sterling Connect:Direct for Unix is impacted by denial of service and arbitrary code execution attacks due to IBM Java 17. IBM Sterling Connect:Direct for Unix has upgraded IBM Java 17...
Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].
Summary IBM i is vulnerable to a user with the capability to compile or restore a program to gain elevated priviliges due to an unqualified library call as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...
Security Bulletin: This Power System update is being released to address CVE-2023-52881
Summary This affects the BMC's network transmission control protocol TCP interface which affects aspects of interfaces that use TCP including the BMC's secure shell SSH, HTTPS interfaces including the BMC's webserver, REST APIs, and ASMi web application, and event and subscriptions services. An...
Security Bulletin: Vulnerability in IBM Cloud Pak for Multicloud Management
Summary A vulnerability in IBM Cloud Pak for Multicloud Management has been delivered in a HotFix for 2.3 FP9 Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...
Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java CVE-2024-40094
Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java CVE-2024-40094. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-52304 (Low) detected in aiohttp-3.9.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-52304
Summary IBM Maximo Application Suite Predict Component uses CVE-2024-52304 Low detected in aiohttp-3.9.2-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-52304. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798, CVE-2024-12801
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798, CVE-2024-12801. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-47874
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl Publicly disclosed vulnerability found by Mend CVE-2024-47874. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798
Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52798 path-to-regexp-0.1.10.tgz (Publicly disclosed vulnerability found by Mend) CVE-2024-52798
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52798 path-to-regexp-0.1.10.tgz Publicly disclosed vulnerability found by Mend CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-56337
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar Publicly disclosed vulnerability found by Mend CVE-2024-56337. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38827...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-53981 python_multipart-0.0.17-py3-none-any.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-53981
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-53981 pythonmultipart-0.0.17-py3-none-any.whl Publicly disclosed vulnerability found by Mend CVE-2024-53981. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...
Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions
Summary bash, curl are used by Execution Engine for Apache Hadoop in all the components. CVE-2022-3715, CVE-2022-32221, CVE-2022-32207, CVE-2023-38545, CVE-2022-22576, CVE-2022-27781, CVE-2021-22926, CVE-2021-22946, CVE-2022-27782, CVE-2023-28319, CVE-2022-32206, CVE-2021-22922, CVE-2023-23916,...
Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Apache Mina SSHD package (CVE-2023-48795)
Summary The Apache Mina SSHD package is used by the z/TPF system as part of the z/TPF secure file transfer support. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability
Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-13176. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computatio...
Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause denial of service. CVE-2023-52881. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we nev...
Security Bulletin: Vulnerability in python-dns affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in python-dns affects IBM Storage Virtualize products and could cause denial of service. CVE-2023-29483. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service, caused by a flaw in stub resolver when a bad-in-some-way respons...
Security Bulletin: Vulnerabilities in bind affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in bind affect IBM Storage Virtualize products and could cause denial of service. CVE-2024-1737 CVE-2024-1975. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka nodes are vulnerable to privilege escalation [CVE-2024-31141]
Summary The Apache Kafka client is used by IBM App Connect Enterprise Certified Container for the Kafka client nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run toolkit flows containing Kafka nodes are vulnerable to privilege...
Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Directory (CVE-2024-45650)
Summary A Security Vulnerability was addressed in IBM Security Verify Directory. Vulnerability Details CVEID:CVE-2024-45650 DESCRIPTION: IBM Security Verify Directory 10.0 is vulnerable to a denial of service when sending an LDAP extended operation. CWE:CWE-754: Improper Check for Unusual or...
Security Bulletin: A Security Vulnerability discovered in IBM Security Verify Directory (CVE-2022-2068) has been addressed.
Summary A Security Vulnerability discovered in IBM Security Verify Directory Server containers has been addressed Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplie...
Security Bulletin: Vulnerability in openssl library (CVE-2024-5535) affects Power HMC.
Summary The openssl library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-5535 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the SSLselectnextproto API function when...
Security Bulletin: Vulnerability in bzip library (CVE-2019-12900) affects Power HMC.
Summary The bzip library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: bzip2 is vulnerable to a denial of service, caused by an out-of-bounds write flaw when there are many selectors in the...
Security Bulletin: Vulnerability in expact library (CVE-2024-50602) affects Power HMC.
Summary The expat library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-50602 DESCRIPTION: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser ca...
Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-52317) affects Power HMC.
Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52317 DESCRIPTION: Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response...
Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-52318) affects Power HMC.
Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52318 DESCRIPTION: Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31,...
Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-21217, CVE-2024-21208, CVE-2024-10917) affect Power HMC.
Summary The IBM Java SDK library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker...
Security Bulletin: IBM Db2 used by IBM Security Verify Governance - Container has multiple vulnerabilities
Summary IBM Security Verify Governance ISVG - Container uses IBM Db2. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: R statistical programming language - deserialization of untrusted leading to arbitrary code execution
Summary Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system when...
Security Bulletin: Multiple Vulnerabilities affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability ...
Security Bulletin: Security vulnerability found in package openssl shipped with IBM CICS TX Advanced.
Summary Security vulnerability found in package openssl shipped with IBM CICS TX Advanced. The versions of the packages have been updated. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-fr...
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2024-52798
Summary path-to-regexp-0.1.10.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl (CVE-2024-56326, CVE-2024-56201)
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56326, CVE-2024-56201. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible...
Security Bulletin: IBM Operational Decision Manager for Jan 2025 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-51504...
Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI. The Command Line Interface is unaffected. CVE-2024-21235 CVE-2024-21217 CVE-2024-21210 CVE-2024-21208 CVE-2024-10917 . Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION:...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty
Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-40094, CVE-2024-7254, CVE-2023-50314 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments
Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high...
Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.
Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to virtualenv-20.17.1-py3-none-any.whl CVE-2024-53899
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to virtualenv-20.17.1-py3-none-any.whl CVE-2024-53899. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-53899 DESCRIPTION: virtualenv before 20.26.6 allows command...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to bootstrap-4.6.2 CVE-2024-6531
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to bootstrap-4.6.2 CVE-2024-6531. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6531 DESCRIPTION: Node.js Bootstrap module is vulnerable to cross-site scripting...
Security Bulletin: Denial of Service vulnerability in jackson-core may affect IBM Business Automation Workflow - IBM X-Force ID: 220938
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 220938 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by an out of memory error when writing big decimal when the WRITEBIGDECIMALASPLAIN...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution [CVE-2024-21534]
Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON configuration. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...
Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2024-52365
Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-52365 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows...
Security Bulletin: Older Versions of Statistics Include an R Runtime with a Vulnerability in Zlib
Summary The version of zlib contained in the R language runtime that ships with IBM SPSS Statistics version 29 and lower contains a vulnerability related to a heap-based buffer over-read or buffer overflow in inflate. IBM SPSS Statistics is not directly affected, but is offering an upgrade for th...