35665 matches found
Security Bulletin: IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH
Summary IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity chec...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-48795]
Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-48795 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-52881)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas fr...
Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)
Summary IBM Db2 Big SQL on Cloud Pak for Data is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and...
Security Bulletin: This Power System update is being released to address CVE-2024-41781
Summary An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID:CVE-2024-41781 DESCRIPTION: IBM PowerVM Platform KeyStore functionality can be compromised if an attacker gain...
Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities
Summary IBM Security Verify Governance ISVG ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2021-37137 DESCRIPTION: Netty netty-codec is vulnerable to a deni...
Security Bulletin: Vulnerabilities in Eclipse Jetty affect watsonx.data
Summary Eclipse Jetty is vulnerable to a denial of service attack and to disclosure of sensitive data attack. These affect watsonx.data. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...
Security Bulletin: Multiple security vulnerabilities were discovered in IBM Verify Identity Governance
Summary Multiple security vulnerabilities in IBM Java and IBM WebSphere Liberty have been addressed in the latest release of IBM Verify Identity Governance formerly known as IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server...
Security Bulletin: IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296.
Summary IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.ja which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.jar which is vulnerable to CVE-2024-30171, CVE-2023-33201, CVE-2023-33202, CVE-2024-29857, CVE-2024-30172, CVE-2024-8184, CVE-2024-6763, CVE-2024-49767,...
Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs.
Summary IBM Asset Data Dictionary uses...
Security Bulletin: Vulnerability in Apache Kafka affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Apache Kafka has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow...
Security Bulletin: Vulnerability in OpenSSL affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential denial of service vulnerability in OpenSSL has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is...
Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...
Security Bulletin: Vulnerability in OpenSSL affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in OpenSSL has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denia...
Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resour...
Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a...
Security Bulletin: Vulnerability in GraphQL Java affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in GraphQL Java has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...
Security Bulletin: Vulnerability in Rollup affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in Rollup has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47068 DESCRIPTION: Rollup is vulnerable to...
Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resour...
Security Bulletin: Vulnerability in Protocol Buffers affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in Protocol Buffers has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...
Security Bulletin: Vulnerability in REXML affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in REXML has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby...
Security Bulletin: Vulnerabilities in libexpat affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerabilities in libexpat has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide...
Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO i...
Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...
Security Bulletin: Vulnerability in GNOME GLibl affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in GNOME GLib has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a...
Security Bulletin: Vulnerability in source-map-support affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in all versions of the package source-map-suppor has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21540...
Security Bulletin: Vulnerability in Open Neural Network Exchange (ONNX) affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Open Neural Network Exchange ONNX has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-5187 DESCRIPTION: Open...
Security Bulletin: Vulnerability in Eclipse Vert.x toolkit affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Eclipse Vert.x toolkit has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1300 DESCRIPTION: A vulnerability...
Security Bulletin: IBM Aspera Shares is vulnerable to multiple high severity vulnerabilities (CVE-2022-1586, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2019-20838, CVE-2022-2068, CVE-2022-1587)
Summary This Security Bulletin addresses multiple high severity OpenSSL security vulnerabilities that have been remediated in IBM Aspera Shares 1.10.0 PL4. Vulnerability Details CVEID:CVE-2022-1586 DESCRIPTION: PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper input validation (CVE-2024-52901)
Summary A vulnerability in IBM InfoSphere Information Server due to improper input validation was addressed. Vulnerability Details CVEID:CVE-2024-52901 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to GUI to not load or stop working due to improper input...
Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-51460)
Summary An information disclosure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51460 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information when a detailed technical error message is...
Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Netty has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous...
Security Bulletin: Vulnerability in MIT Kerberos 5 (aka krb5) affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerabilities in MIT Kerberos 5 aka krb5 has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT...
Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...
Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Netty has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous...
Security Bulletin: Vulnerabilities in GStreamer affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerabilities in GStreamer has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47538 DESCRIPTION: GStreamer is a library fo...
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Eclipse Jetty has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is...
Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...
Security Bulletin: Vulnerabilities in Java SE affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerabilities in Java SE has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21208 DESCRIPTION: Vulnerability in Java SE...
Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538
Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Instana Observability is vulnerable to Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
Summary A vulnerability that could cause unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip was remediated in IBM Observability with Instana Build 289 CVE-2024-24790. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6...
Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Java SDK (CVE-2022-40609)
Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server traditional is vulnerable to cross-site scripting
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to a XML External Entity (XXE) injection vulnerability in the administrative console
Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Manageme...
Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)
Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java
Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...
Security Bulletin: IBM Engineering Lifecycle Optimization - Apache Derby: LDAP Injection Vulnerability In Authenticator
Summary A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF28 patch. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...