Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, security restrictions bypass, sensitive information...

Security Bulletin: Multiple vulnerabilities in IBM Java and WebSphere may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java and WebSphere. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details"...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, highly sensitive information exposure,...

Security Bulletin: Vulnerability in urllib3 affects IBM Integrated Analytics System [CVE-2023-43804, CVE-2023-45803].

Summary The package urllib3 is used by IBM Integrated Anayltics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-43804, CVE-2023-45803. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive...

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

Security Bulletin: Due to use of International Components for Unicode, IBM Rational ClearQuest is vulnerable to buffer overflow.

Summary Multiple vulnerabilities in International Components for Unicode used within IBM Rational ClearQuest have been addressed CVE-2020-10531, CVE-2011-4599, CVE-2014-8146 Vulnerability Details CVEID:CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C++ is vulnerable to...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in another security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in April and July 2020, to the Node.js runtime and builtin modules, to other open source packages and to offering vulnerabilities discovered during security testin...

Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

Summary IBM Aspera Faspex may be vulnerable to exposing data improperly CVE-2022-22497 due to an incorrectly computed security token. Vulnerability Details CVEID:CVE-2022-2497 DESCRIPTION: GitLab Community Edition and GitLab Enterprise Edition could allow a remote authenticated attacker to obtain...

Security Bulletin: Vulnerabilities in GNU Binutils, Bootstrap, PortSmash, Node.js, and libarchive might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...

Security Bulletin: IBM Sterling Control Center is affected by multiple container-level vulnerabilities

Summary IBM Sterling Control Center container includes a vulnerable version of glibc at the OS level, affected by a denial of service Vulnerability Details CVEID:CVE-2024-33602 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory corruption by the Name Service Cache Daemon'...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 283 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regula...

Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 281. Vulnerability Details CVEID:CVE-2022-41722 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by a flaw in the filepath.Clean...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2023-50315)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: Daeja ViewONE may return unauthorised content

Summary An authenticated user of ViewONE may be able to access ViewONE cached content that they do not have repository authorisation to view. Vulnerability Details CVEID:CVE-2020-4720 DESCRIPTION: IBM Daeja ViewONE Professional, Standard & Virtual could allow an authenticated user to obtain...

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7769)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID:CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary...

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. Vulnerability Details...

Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.11 and IBM Planning Analytics Workspace 2.0.72. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytic...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2022-48195, CVE-2022-29577, CVE-2022-28367)

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker ...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in Watson NLP affect IBM Robotic Process Automation

Summary Multiple vulnerabilities in Watson NLP affect IBM Robotic Process Automation. Watson NLP is used by IBM Robotic Process Automation for Natural Language Understanding. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially crafte...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality, availability, and integrity impacts due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing confidentiality impact CVE-2024-21145, availability impact CVE-2024-21144, integrity impact CVE-2024-21131, and denial of service CVE-2024-27267 as described in t...

Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability (CVE-2023-38408)

Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially crafted requests,...

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Resty package for Golang Go (CVE-2023-45286).

Summary The HTTP and REST client library used in Golang Go by the IBM Storage Protect Server is vulnerable to potential exposure of sensitive information from the host system. This bulletin provides steps to mitigate these vulnerabilities. Vulnerability Details CVEID:CVE-2023-45286 DESCRIPTION: G...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center.

Summary IBM Storage Protect Operations Center may be impacted by multiple vulnerabilities CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267 in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of...

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-24790).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of integrity of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various...

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-24789).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24789 DESCRIPTION: Golang Go could all...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server.

Summary IBM Storage Protect Server may be impacted by multiple vulnerabilities CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267 in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of confidentiality,...

Security Bulletin: Out of bound read/write access vulnerability in IBM® SDK, Java™ Technology Edition version 8 may affect IBM Storage Protect Server (CVE-2024-3933)

Summary Unrestricted out-of-bound read / write access vulnerability CVE-2024-3933 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).

Summary IBM Storage Protect Server may be impacted by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of availability and integrity of the host system. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability ...

Security Bulletin: Denial of service in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-25026).

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by specially crafted request in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Serve...

Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by multiple Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 281 CVE-2024-24790, CVE-2023-24538, CVE-2023-24540, CVE-2022-1996 Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivat...

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA - Vulnerabilities addressed in IBM® License Key Server

Summary IBM Engineering Requirements Management DOORS Family is subject to multiple vulnerabilities in IBM License Key Server LKS Administration and Reporting Tool ART and Agent v9.0. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused...

Security Bulletin: Cross Site Scripting Vulnerability Affects IBM Watson Studio Local

Summary Cross Site Scripting Vulnerability Affects IBM Watson Studio Local Jupyter notebooks. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2024-49340 DESCRIPTION: IBM Watson Studio Local is vulnerable to cross-site request forgery which could allow an attacker to execut...

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...

Security Bulletin: Vulnerability in urllib3 affects IBM Integrated Analytics System [CVE-2023-43804, CVE-2021-33503].

Summary The urllib3 package is used by IBM Integrated Anayltics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-43804, CVE-2021-33503. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive...

Security Bulletin: Vulnerability in urllib3 affects IBM Integrated Analytics System [CVE-2023-43804]

Summary The urllib3 package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-43804. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information,...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Oct 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF003 Vulnerability Details CVEID:CVE-2018-15209 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer...

Security Bulletin: IBM Daeja ViewONE Virtual 5.0.14 iFix 5 addresses CVE-2017-9096

Summary IBM Daeja ViewONE Virtual 5.0.14 iFix 5 released on October 3, 2024 addresses the vulnerable library iText reported under CVE-2017-9096 by removing it. Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: iText PDF Library could allow a remote authenticated attacker to obtain sensitive...

Security Bulletin: Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation. IBM Robotic Process Automation uses Bouncy Catle Crypto for some cryptographic processing. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

Security Bulletin: A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2022-29153).

Summary A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-29153 DESCRIPTION: HashiCorp Consul and HashiCorp...

Security Bulletin: Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22081, CVE-2023-22067, and CVE-2023-5676 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability i...

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an attacker or local attacker could exploit these vulnerabilities to cause a denial of service condition and to execute code in the context of the kernel as described by the CVEs i...

Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to this CVE-2023-29483

Summary Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to this CVE-2023-29483 Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service, caused by a flaw in...

Security Bulletin: Vulnerability in Apache UIMA ( CVE-2022-32287) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability CVE-2022-32287 has been identified related to Apache UIMA that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-32287 DESCRIPTION:...