35680 matches found
Security Bulletin: IBM Data Product Hub is vulnerable with IBM Semeru Runtime Quarterly CPU - Jul 2024 (CVE-2024-21131, CVE-2024-21144)
Summary IBM Data Product Hub has a dependency on IBM Semeru Runtime which is vulnerable CVE-2024-21131, CVE-2024-21144. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: A vulnerability in Nest affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45590).
Summary A vulnerability in Nest affects IBM Robotic Process Automation and may result in a denial of service. Nest is used by IBM Robotic Process Automation as part of its server side application framework. This bulletin identifies the security fix to apply to address the vulnerability...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45086)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569
Summary IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by ...
Security Bulletin: A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2024-40974).
Summary A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. RedHat UBI images are used by IBM Robotic Process Automation base containers. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerabilit...
Security Bulletin: A vulnerability in nginx affects IBM Robotic Process Automatin for Cloud Pak and may result in a denial of service (CVE-2024-7347)
Summary A vulnerability in nginx affects IBM Robotic Process Automatin for Cloud Pak and may result in a denial of service. nginx is used by IBM Robotic Process Automation as part of it's container deployment. This bulletin identifies the security fix to apply to address the vulnerability...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denia...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused ...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45071
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45072)
Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-45087, CVE-2023-50315)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45073)
Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45071)
Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45085
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)
Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45086
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMwa...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-35154, CVE-2024-45071, CVE-2024-35153)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-45086)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45087
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...
Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to this CVE-2024-6119
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to this CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-21131, CVE-2024-21144 and CVE-2024-21145)
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Versions 11 and 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An...
Security Bulletin: IBM PowerVM Novalink is vulnerable because GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields. (CVE-2024-40094)
Summary IBM PowerVM Novalink is vulnerable because GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service. By using introspection queries, a remote attacker could exploi...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, contains a vulnerability in the Google Protocol Buffers protobuf library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability in messagepack affects IBM Robotic Process Automation and my result in excessive CPU consumption (CVE-2024-48924).
Summary A vulnerability in messagepack affects IBM Robotic Process Automation and my result in excessive CPU consumption. Messagepack is used by IBM Robotic Process Automation to serialize and deserialize data. This bulleten identifies the fixes required to resolve the vulnerability. Vulnerabilit...
Security Bulletin: Vulnerability in Natural Language Toolkit (NLTK)( CVE-2024-39705) affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential arbitrary code execution vulnerability CVE-2024-39705 has been identified related to Natural Language Toolkit NLTK that affects IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, contains a vulnerability in the Google Protocol Buffers protobuf library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Ruby REXML denial of service vulnerability [ CVE-2024-35176]
Summary Potential Ruby REXML denial of service vulnerability CVE-2024-35176 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-35176...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy Proxy Envoy denial of service vulnerabilitiy(CVE-2024-30255)
Summary Potential Envoy Proxy Envoy denial of service vulnerabilitiyCVE-2024-30255 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-30255 DESCRIPTION: Envoy Pro...
Security Bulletin: IBM Sterling File Gateway myfg 2.0 has Access Control Vulnerabilities (CVE-2024-22316 CVE-2023-47159)
Summary IBM Sterling File Gateway myfg 2.0 has Access Control Vulnerabilities. Vulnerability Details CVEID:CVE-2024-22316 DESCRIPTION: IBM Sterling File Gateway could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. CWE:CWE-284:...
Security Bulletin: Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class (CVE-2024-47554)
Summary Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to MongoDB sensitive information disclosure vulnerability [ CVE-2024-5629]
Summary Potential sensitive information disclosure vulnerability in MongoDB CVE-2024-5629 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Apache Tomcat (CVE-2024-38286)
Summary Apache Tomcat is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of its web interface. Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of the TLS handshake process under certain configurations. By sending specially crafted requests, a remot...
Security Bulletin: IBM Master Data Management vulnerable to denial of service due to IBM WebSphere Application Server under certain configurations (CVE-2024-45085)
Summary IBM Master Data Management 11.6 is vulnerable to a denial of service from a specailly crafted request through IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31580]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has bee...
Security Bulletin: Vulnerability in Certifi python-certifi ( CVE-2024-39689) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability CVE-2024-39689 has been identified related to Certifi python-certifi that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-39689...
Security Bulletin: IBM Master Data Management is vulnerable to stored cross-site scripting from vulnerability found in IBM WebSphere Application Server (CVE-2024-45073)
Summary IBM Master Data Management Server 11.6, 12.0, and 14.0 are vulnerable from IBM WebSphere Application Server with vulnerability in stored cross-site scripting. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged...
Security Bulletin: Vulnerability in Python Software Foundation Black ( CVE-2024-21503) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential denial of service vulnerability CVE-2024-21503 has been identified related to Python Software Foundation Black that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: IBM WebSphere Application Server Liberty , which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)
Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2024-31913 CVE-2024-31914)
Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2024-31914 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp [CVE-2024-5569]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp, caused by an infinite loop flaw in the Path module CVE-2024-5569. Zipp is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM Master Data Management is vulnerable to cross-site scripting from vulnerability found in IBM WebSphere Application Server (CVE-2024-45071)
Summary IBM Master Data Management version 11.6, 12.0, and 14.0 are impacted by this vulnerability. IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intende...
Security Bulletin: IBM CICS TX Advanced and IBM CICS TX Standard are vulnerable to stored cross-site scripting (CVE-2024-41746).
Summary A webpage that is shipped as part of IBM CICS TX Advanced and IBM CICS TX Standard is vulnerable to stored cross-site scripting CVE-2024-41746. Updates to IBM CICS TX Advanced and IBM CICS TX Standard have been released to address this vulnerability. Vulnerability Details...
Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: Vulnerability in Elastic Elasticsearch ( CVE-2024-23444) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential sensitive information disclosure vulnerability CVE-2024-23444 has been identified related to Elastic Elasticsearch that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-38286)
Summary IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-38286 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of the TLS handshake process under certain configurations. By...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to OpenSSH arbitrary code execution vulnerability (CVE-2024-6387)
Summary Potential OpenSSH arbitrary code execution vulnerabilitiy CVE-2024-6387 has been identified that could affect IBM Watson CP4D Data Stores. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH coul...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)
Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused...