35665 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Golang Go [CVE-2024-24789]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Golang Go, caused by a flaw with EOCDR comment length handling is inconsistent with other ZIP implementations in the archive/zip package. CVE-2024-24789. Golang Go is used by our Speech Service...
Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2024-52897)
Summary IBM MQ Appliance has addressed an exposure of sensitive information vulnerability. Vulnerability Details CVEID:CVE-2024-52897 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52898)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52898 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-51470)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-51470 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. CWE:CWE-754: Improper Check for Unusual or Exceptiona...
Security Bulletin: IBM MQ is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-21144)
Summary An issue was identified with IBM Semeru Runtime, version 17, which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impac...
Security Bulletin: IBM MQ affected by denial of service vulnerability (CVE-2024-51470)
Summary IBM MQ has addressed a denial of service vulnerability Vulnerability Details CVEID:CVE-2024-51470 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. CWE:CWE-754: Improper Check for Unusual or Exceptional Condition...
Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)
Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2024-52316, CVE-2024-52317, CVE-2024-52318)
Summary IBM Security SOAR uses an older version of Apache Tomcat that can be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.4.1 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-52318 DESCRIPTION:...
Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-25016)
Summary This vulnerability affects the MQ Client component of IBM Datapower Gateway . Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-36020)
Summary IBM MQ Appliance has addressed a kernel denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-36020 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the Ethernet Controller XL710 family driver. A remote authenticated attacker...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to stored cross-site scripting (CVE-2024-45071).
Summary The security issue described in CVE-2024-45071 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52897)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52897 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477
Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072).
Summary The security issue described in CVE-2024-45072 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to a denial of service (CVE-2024-45085).
Summary The security issue described in CVE-2024-45085 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2024-1737]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-1737 Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-51471)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-51471 DESCRIPTION: IBM MQ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38477) affects Power HMC.
Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52896)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-45085)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. It is vulnerable to a denial of service attack. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)
Summary The security issue described in CVE-2024-45086 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-45590)
Summary There is a vulnerability in expressjs body-parser used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerabl...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2024-1975]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-1975 Vulnerability Details CVEID:CVE-2024-1975 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error if a server hosts a zone...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-39573) affects Power HMC.
Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38474) affects Power HMC.
Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution...
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [ CVE-2024-25062]
Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-25062 Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using...
Security Bulletin: This Power System update is being released to address CVE-2024-26665
Summary When the BMC is configured to use IPv6, it is vulnerable to an attacker per CVE-2024-26665. Vulnerability Details CVEID:CVE-2024-26665 DESCRIPTION: Linux Kernel is vulnerable to a denial of service caused by out-of-bounds access when building IPv6 PMTU. By sending a specially crafted...
Security Bulletin: IBM Safer Payments vulnerable to a denial of service issue (CVE-2024-45662)
Summary Buffer overflow and uncontrolled memory allocation errors can occur in MCI when remote systems send arbitrary large requests, leading to Denial of Service. This vulnerability is addressed Vulnerability Details CVEID:CVE-2024-45662 DESCRIPTION: IBM Safer Payments could allow a remote...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi [CVE-2024-39689]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi, caused by the use of GLOBALTRUST root certificate CVE-2024-39689. Certifi python-certifi is used by our Speech Service runtimes. This vulnerabilitiy has been...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38473) affects Power HMC.
Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...
Security Bulletin: IBM MQ Appliance Console is affected by a password disclosure vulnerability (CVE-2024-52896)
Summary IBM MQ Appliance has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...
Security Bulletin: IBM Match 360 vulnerable to OpenSSH code execution (CVE-2024-6387)
Summary IBM Match 360 is vulnerable to remote OpenSSH code execution. OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary...
Security Bulletin: IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168
Summary IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: gRPC on Node.js is vulnerable to a denial of service, caused ...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting,...
Security Bulletin: A vulnerability in the IBM Robotic Process Automation windows installer could result in privilege escalation (CVE-2024-51448).
Summary IBM Robotic Process Automation could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server...
Security Bulletin: Vulnerability in less (CVE-2024-32487) affects Power HMC.
Summary The less library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-32487 DESCRIPTION: less could allow a remote attacker to execute arbitrary commands on the system. By using a newline character in the name of a...
Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities (CVE-2024-45099, CVE-2024-45642)
Summary IBM Security ReaQta is vulnerable to exposing sensitive information and also vulnerable to cross-site scripting. These vulnerabilities have been addressed in the latest update. Vulnerability Details CVEID:CVE-2024-45099 DESCRIPTION: IBM Security ReaQta is vulnerable to cross-site scriptin...
Security Bulletin: Vulnerability in libxml2 (CVE-2024-25062) affects Power HMC.
Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-21536]
Summary Node.js module http-proxy-middleware is used by IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring components, which are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-7254]
Summary The Google Protocol Buffers package is used by IBM App Connect Enterprise Certified Container for processing DFDL message definitions. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime that use the DFDL parser are vulnerable to denial of service. This...
Security Bulletin: Vulnerability in nghttp2 (CVE-2024-28182) affects Power HMC.
Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-47874]
Summary Starlette is used by IBM App Connect Enterprise Certified Container by the mapping assistance component . IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION:...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-45087)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-45071)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-45072)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590 This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of...
Security Bulletin: IBM App Connect Enterprise is vulnerable to allowing a privileged user to obtain JMS credentials. (CVE-2024-49338).
Summary IBM App Connect Enterprise is vulnerable to allowing a privileged user to obtain JMS credentials. CVE-2024-49338. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-49338 DESCRIPTION: IBM App Connect Enterprise under certain...