Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-34156)

Summary A potential Golang Go denial of service vulnerability CVE-2024-34156 has been identified that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is...

Security Bulletin: There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-31141)

Summary There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused by a...

Security Bulletin: Denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by...

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to stack overflow due to improper input validation (CVE-2024-7254)

Summary protobuf java is used by IBM QRadar SIEM Amazon Web Services protocol, and has known vulnerabilities. The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number ...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat (CVE-2024-56337, CVE-2024-52316 and CVE-2024-50379)

Summary IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat:...

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254. This bulletin contains information regarding the vulnerability and its...

Security Bulletin: IBM App Connect Enterprise is vulnerable to backtracking due to path-to-regexp (CVE-2024-52798)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to backtracking due to path-to-regexp. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions...

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to security restrictions being bypassed (CVE-2024-52316).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to security restrictions being bypassed CVE-2024-52316. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2024-52316 DESCRIPTION: Apache Tomcat could allow a...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx_10_9_universal2.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52304

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx109universal2.whl Publicly disclosed vulnerability found by Mend CVE-2024-52304. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Rational Developer for i is vulnerable to a buffer overflow attack (CVE-2024-47072)

Summary IBM Rational Developer for i contains functionality that is affected by the following issue. CVE-2024-47072 is a denial of service attack in the Debugger XML profile serialization function. This bulletin identifies the steps to take to address this vulnerability as described in the...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-6119)

Summary IBM Security SOAR uses an older version of the Python cryptography/openssl library which has a known vulnerability. An update has been released which address this issue. It is recommended upgrading to Version 51.0.4.1 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-611...

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2024-40094).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2024-40094. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION:...

Security Bulletin: IBM Edge Application Manager is vulnerable to an authorization bypass.

Summary IBM Edge Application Manager is vulnerable to an authorization bypass CVE-2024-45337. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentatio...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty may affect IBM SPSS Analytic Server

Summary Multiple vulnerabilities in WebSphere Application Server Liberty may affect IBM SPSS Analytic Server CVE-2024-7254, CVE-2023-50314 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Tivoli Netcool Impact

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerabili...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-51471, CVE-2024-51470, CVE-2024-52898, CVE-2024-52897, CVE-2024-52896 Vulnerability Details Refer to the security bulletins...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor CVE-2024-52798, CVE-2024-47764, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2024-52798, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917, CVE-2024-47764. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 288 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0...

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary BM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a remote attacker or local authenticated attacker could exploit these vulnerabilities to cause a denial of service condition as described by the CVEs in the "Vulnerability Details"...

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an authenticated or local attacker or local authenticated attacker could exploit these vulnerabilities to execute arbitrary code on the system, to cause a denial of service...

Security Bulletin: Vulnerability in HSQLDB might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by vulnerability in HSQLDB. An attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-41853 DESCRIPTION: HSQLDB...

Security Bulletin: Vulnerabilities in JSON-java, Hutool and Jettison might affect IBM Storage Copy Data Management.

Summary IIBM Storage Copy Data Management can be affected by vulnerabilities in JSON-java, Hutool and Jettison . Vulnerabilities include a remote attacker could exploit these vulnerabilities to cause a denial of service as described by the CVEs in the "Vulnerability Details" section. Vulnerabilit...

Security Bulletin: Vulnerabilities in Snappy, OpenSSL and cURL libcurl might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Snappy, OpenSSL and cURL libcurl. An attacker, a local attacker or a remote attacker could exploit these vulnerabilities to cause JVM to crash, to cause a crash or memory contents to be sent to the peer, to bypass...

Security Bulletin: Vulnerabilities in Apache Commons Collections, Apache Synapse, Oracle WebLogic Server, MuleSoft and Red Hat JBoss might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Colections, Apache Synapse, Oracle WebLogic Server, MuleSoft and Red Hat JBoss. Vulnerabilities include an attacker could exploit these vulnerabilities to execute arbitrary code on the system, allow remo...

Security Bulletin: Vulnerability in OrientDB might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by a vulnerability in OrientDB. An attacker could exploit this vulnerability to execute arbitrary OS commands on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2017-11467...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-core

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of tomcat-embed-core Vulnerability Details CVEID:CVE-2024-52316 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a flaw when using a custom Jakarta Authenticati...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF Vulnerability Details CVEID:CVE-2024-7006 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference flaw tifdirinfo.c. By sending a specially crafted request, a...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in express-4.19.2.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of express-4.19.2.tgz Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker coul...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Hibernate Validator

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Hibernate Validator. Vulnerability Details CVEID:CVE-2023-1932 DESCRIPTION: Hibernate Validator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty Common

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Netty Common Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in zookeeper

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of zookeeper Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM SDK

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM SDK Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.3.6.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.3.6.gem . Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in cookie

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of cookie Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attacker to bypass security restrictions, caused by improper input validation by the cookie name, path, and...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ansible

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ansible Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in http-proxy-middleware

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of http-proxy-middleware Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple CVEs in IBM Java SDK

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise Runtime and IBM Integration Bus for z/OS Runtime. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit...

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Eclipse Lyo could allow a remote attacker to obtain sensitive information.

Summary Eclipse Lyo could allow a remote attacker to obtain sensitive information, caused by a flaw with not restrict DTD loading when working with RDF/XML when a TransformerFactory is initialized with the defaults. By sending a specially-crafted request, an attacker could exploit this...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.

Summary A race condition happened when a code sequence runs concurrently with other code, and the code sequence needs exclusive access to a shared resource, but a time window exists in which the shared resource can be modified by another code sequence. In security-critical code, a race condition...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.35 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability...

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances (CVE-2024-41110).

Summary A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances. IBM Robotic Process Automation for Cloud Pak uses Go as part of it's operators. This bulletin identifies the fixes required to address the...

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary ulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208 and CVE-2024-10917 Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Ja...

Security Bulletin: Vulnerability in Open Source Jackson databind used in IBM Cloud Pak System (CVE-2020-8840)

Summary Vulnerability with unknown impact identified in jackson-databind used in IBM Cloud Pak System Software. IBM Cloud Pak System addressed vulnerability. It applies to IBM Cloud Pak System Software and Service. Vulnerability Details CVEID:CVE-2020-8840 DESCRIPTION: FasterXML jackson-databind...

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49767 DESCRIPTION: Werkzeug is...