Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

Security Bulletin: A vulnerability in commons.io affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2024-47554).

Summary A vulnerability in commons.io affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. commons.io is used by IBM Robotic Process Automation for Cloud Pak as part of its operator. This bulletin identifies the security fix to apply to address the...

Security Bulletin: IBM Engineering Requirements Management DOORS Next uses a CKEditor version affected by multiple vulnerabilities

Summary IBM Engineering Requirements Management DOORS Next uses a CKEditor version vulnerable to CVE-2021-33829 'Cross-site Scripting', CVE-2020-27193 'Cross-site Scripting', CVE-2021-26272 ReDoS, CVE-2021-41164 'Cross-site Scripting', CVE-2021-26271 ReDoS, CVE-2021-37695 'Cross-site Scripting',...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 287 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

Security Bulletin: IBM Maximo Application Suite and IBM Maximo Application Suite - Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282

Summary IBM Maximo Application Suite and IBM Maximo Application Suite -Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to uspecified vulnerability in net/netip package in Golang Go CVE-2024-24790)

Summary A potential uspecified vulnerability in net/netip package in Golang Go CVE-2024-24790 has been identified that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTIO...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to The Bouncy Castle Crypto Package For Java denial of service vulnerabilitiy( CVE-2024-29857)

Summary A potential denial of service vulnerability CVE-2024-29857 has been identified related to The Bouncy Castle Crypto Package For Java that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-24788)

Summary A potential denial of service vulnerability CVE-2024-24788 has been identified related to Golang Go that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24788 DESCRIPTION:...

Security Bulletin: Vulnerability in Golang Go  (CVE-2024-24784) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-24784 has been identified related to Golang Go that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24784 DESCRIPTION:...

Security Bulletin: CVE-2023-45288 - HTTP/2 CONTINUATION flood vulnerability affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-45288 - HTTP/2 CONTINUATION flood has been identified that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker ma...

Security Bulletin: IBM Maximo Application Suite -Iot Component uses multiple third party jars which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite -Iot Component uses commons-codec-1.9.jar,classgraph-4.8.78.jar,guava-19.0.jar,commons-io-2.8.0.jar,json-20160212.jar,httpclient-4.5.2.jar,cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-2976, CVE-2018-10237, CVE-2020-8908,...

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361 Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a...

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a...

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause lo...

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerabili...

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

Security Bulletin: An Eclipse Jetty Denial of Service vulnerability affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE CVE-2024-9823. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a fla...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-456...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2024. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability ...

Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena

Summary A vulnerability has been identified in Apache Jena - jena-core-2.7.1.jar, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache...

Security Bulletin: Multiple Security vulnerablilites affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. Python is included in some container base images for IBM Robotic Process Automation for Cloud Pak. This bulleti...

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation for Cloud Pak. IBM MQ is used as base imaged for IBM Robotic Process Automation for Cloud Pak messaging. This bulletin identifies the fixes required to address these vulnerabilites. Vulnerability Details...

Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system (IBM X-Force ID: 273241)

Summary A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system. This bulletin identifies the fix to address this vulnerability. Vulnerability Details IBM X-Force ID: 273241 DESCRIPTION: GitLab Runner could provide...

Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs...

Security Bulletin: vulnerability in Apache Commons HttpClient affects IBM Workload Automation.

Summary IBM Workload Automation is affected by a vulnerability in Apache Commons HttpClient that can cause Authorization Bypass CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and oth...

Security Bulletin:Due to use of WebSphere Application Server traditional, IBM Workload Automation is vulnerable to a server-side request forgery (SSRF) vulnerability

Summary WebSphere Application Server traditional is used by IBM Workload Automation CVE-2024-22329 Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a server-side forgery attack,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-22354 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a denial of service,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-25026 Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service...

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in OpenSSL CVE-2024-4603 Vulnerability Details CVEID:CVE-2024-4603 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVPPKEYparamcheck or EVPPKEYpubliccheck function. By parsing a specially craft...

Security Bulletin: vulnerability in libcURL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in libcURL CVE-2024-7264 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the the GTime2str function. By sending a specially...

Security Bulletin: Vulnerability in XStream library affects App Connect Professional

Summary There is vulnerability in the XStream library used by App Connect Professional. App Connect Professional has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in...

Security Bulletin: Due to the use of Eclipse Jetty, IBM App Connect Professional is vulnerable to bypass security restrictions

Summary Eclipse Jetty is used within IBM App Connect Professional Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by improper validation on the authority segment of a URI in the HttpURI class. By sending a...

Security Bulletin: Due to the use of Eclipse Jetty, IBM App Connect Professional is vulnerable to bypass security restrictions

Summary Eclipse Jetty is used within IBM App Connect Professional Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by improper validation on the authority segment of a URI in the HttpURI class. By sending a...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2

Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF17 patch Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...

Security Bulletin: Vulnerability in OpenSSL affect BM Spectrum Control

Summary OpenSSL is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking...

Security Bulletin: Vulnerabilities in IBM Java SE affect BM Spectrum Control

Summary IBM Java SE is vulnerable to allow a remote attacker to cause High confidentiality ,high integrity impact. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

Security Bulletin: Vulnerability in expressjs body-parser affect BM Spectrum Control

Summary expressjs body-parser is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending ...

Security Bulletin: Vulnerability in Axios affect BM Spectrum Control

Summary Axios is vulnerable to server-side request forgery, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...

Security Bulletin: The remote Windows host has at least one service installed that uses an unquoted service path which affect IBM Spectrum Control

Summary Description: The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service. Vulnerability Details Refe...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an...

Security Bulletin: Vulnerability in XStream affect BM Spectrum Control

Summary XStream is vulnerable to denial of service, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...

Security Bulletin: Apache Kafka vulnerability affect IBM Spectrum Control

Summary Apache Kafka vulnerable to local authenticated attacker to gain elevated privileges on the system affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused ...

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-43176)

Summary A vulnerability caused by improper authorization checks could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Vulnerability Details CVEID:CVE-2024-43176 DESCRIPTION: IBM OpenPages could allow an...

Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by...

Security Bulletin: Vulnerability in Golang Go ( CVE-2023-39325) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2023-39325 has been identified related to Golang Go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: Golang...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple CUPS ivulnerabilities

Summary Multiple vulnerabilities in CUPS has been identified that affect IBM Watson CP4D Data Stores.This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker...

Security Bulletin: Vulnerability in Elasticsearch (CVE-2023-49921) affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-49921 has been identified related to Elasticsearch that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49921 DESCRIPTION: An issue was...

Security Bulletin: Vulnerability in Elasticsearch (CVE-2023-49921) affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-49921 has been identified related to Elasticsearch that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49921 DESCRIPTION: An issue was...