35665 matches found
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Golang html package is vulnerable to cross-site scripting CVE-2023-3978. Golang Go is vulnerable to a denial of service CVE-2023-4528...
Security Bulletin: spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services (CVE-2024-22259)
Summary spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services CVE-2024-22259 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager
Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an authenticated or local authenticated attacker could exploit these vulnerabilities to cause a kernel panic, to cause a denial of service condition as described by the CVEs in the...
Security Bulletin: IBM Watson Query (Data Virtualization) on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)
Summary IBM Watson Query, also known as Data Virtualization, is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3...
Security Bulletin: IBM Security Guardium is affected by Kernel vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-26930 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by double free of the ha-vpmap pointer. By sending a specially crafted request, a local authenticated...
Security Bulletin: Vulnerabilities in OpenPrinting affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in OpenPrinting has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-35235 DESCRIPTION: OpenPrinting CUPS coul...
Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service
Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-46939 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caus...
Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service
Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2020-26555 DESCRIPTION: Bluetooth Core and Mesh Specifications could allow a...
Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by multiple vulnerabilities in IBM Java SE
Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...
Security Bulletin: TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE
Summary TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: A...
Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-25062)
Summary libxml2 is used in the DataPower Gateway's DB2 connector. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...
Security Bulletin: Multiple vulnerabilities in Go affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple vulnerabilities in Go affect IBM Robotic Process Automation for Cloud Pak. This bulletin identifies fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled...
Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI images are used by IBM Robotic Process Automation base containers. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to...
Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Remote Code Execution
Summary IBM Sterling B2B Integrator has addressed the remote code execution vulnerabilty Vulnerability Details CVEID:CVE-2024-31903 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition allow an attacker on the local network to execute arbitrary code on the system, caused by the deserializati...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.
Summary IBM Storage Protect Server, which uses IBM Db2, may be affected by multiple vulnerabilities that could result in denial of service or the loss of confidentiality, integrity, or availability. These vulnerabilities include CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308,...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2023-45288).
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of availability of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2...
Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included
Summary There are multiple vulnerabilities, used by IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-26643 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to page fault...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js vulnerabilities [ CVE-2024-27982, CVE-2024-27983]
Summary Potential vulnerabilities in Node.js CVE-2024-27982, CVE-2024-27983 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27982...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in pdfjs-dist
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of pdfjs-dist Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This...
Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable with IBM Semeru Runtime Quarterly CPU - Apr 2023
Summary IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK April 2023 CPU plus CVE-2023-25193 and CVE-2023-2597 and affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle Graal...
Security Bulletin: vulnerability in Netty affects IBM Workload Scheduler.
Summary IBM Workload Scheduler is affected by a vulnerability in Netty that can cause denial of service CVE-2024-29025 Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...
Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH and Linux. Vulnerabilities include, causing a denial-of-service condition, the elevation of privileges, remote execution of arbitrary code, HTTP header injection, HTML injection,...
Security Bulletin: Multiple Vulnerabilities in Golang Affect IBM Cloud Pak System
Summary Vulnerabilities in Golang affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-24789 DESCRIPTION: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an...
Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol
Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the systemd library. CVE-2023-48795, CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions,...
Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data
Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...
Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol
Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the libssh library. CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH...
Security Bulletin: Multiple Security Vulnerabilities were found in IBM Security Verify Access Appliance. (CVE-2024-49803, CVE-2024-49804, CVE-2024-49805, CVE-2024-49806)
Summary Multiple Security Vulnerabilities were addressed in the IBM Security Verify Access Appliance management interface. Vulnerability Details CVEID:CVE-2024-49803 DESCRIPTION: IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-46984 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw when...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation
Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...
Security Bulletin: IBM App Connect Enterprise is vulnerable to an attacker with deploy privilege (CVE-2025-0799)
Summary Malicious bar files could allow an attacker with deploy privilege to write arbitrary files on the file system for a running IBM App Connect Enterprise installation. Vulnerability Details CVEID:CVE-2025-0799 DESCRIPTION: IBM App Connect enterprise could allow an authenticated user to write...
Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition
Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high integrity impact, low confidentiality impat. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to t...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917 are affected by multiple vulnerabilities
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2024 Critical Patch Update, plus CVE-2024-10917. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...
Security Bulletin: Vulnerability with Eclipse Jetty, e2fsprogs, dnsjava , Apache Commons IO, Apache HTTP Server and Java SE affect IBM Cloud Object Storage Systems (Dec 2024)
Summary Vulnerability with Eclipse Jetty CVE-2024-9823, CVE-2024-6763, CVE-2024-8184, e2fsprogs CVE-2022-1304 dnsjava CVE-2024-25638, Apache Commons IO. CVE-2024-47554 , Apache HTTP ServerCVE-2024-40725 and Java SE CVE-2024-21217,CVE-2024-21235, CVE-2024-21210. This vulnerability has been address...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.
Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Mozilla Firefox arbitrary code execution vulnerability [CVE-2024-4367]
Summary Potential Mozilla Firefox arbitrary code execution vulnerability CVE-2024-4367 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-436...
Security Bulletin: IBM Cloud Pak for Data has a vulnerable base OS image due to kernel-headers ( CVE-2022-1012, CVE-2022-32250 )
Summary Kernel-headers used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-1012, CVE-2022-32250. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb...
Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH.
Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH. Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template...
Security Bulletin: Multiple vulnerabilities in Java affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in Java affect IBM Robotic Process Automation. java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21094...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote...
Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect Cloud Pak System
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Cloud Pak System . These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...
Security Bulletin: Vulnerabilities in Java SE affect watsonx.data
Summary Unspecified vulnerabilities in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact. These can impact watsonx.data. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Jav...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from kerberos 5, libxml2, go-jose, runc
Summary IBM MQ Operator and Queue manager container images are vulnerable to kerberos 5, libxml2, go-jose, runc. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2024-26461 DESCRIPTION: Kerberos 5 is vulnerable to a denial of service,...
Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to denial of service due to Netty vulnerability CVE-2024-29025
Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to denial of service due to Netty vulnerability CVE-2024-29025. This has been remediated. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rap...
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Containerized Identity Manager
Summary Multiple security vulnerabilities have been addressed in the update to IBM Security Verify Governance - Containerized Identity Manager component. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improp...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty
Summary IBM Cloud Pak for Data contains a vulnerable version of Netty Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...