35680 matches found
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js braces module denial of service vulnerability [ CVE-2024-4068]
Summary Potential Node.js braces module denial of service vulnerability CVE-2024-4068 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40...
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).
Summary IBM Storage Protect Operations Center may be impacted by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of availability and integrity of the host system. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45071)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45073)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45071)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is vulnerable to HTML injection (CVE-2024-51472)
Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-51472 DESCRIPTION: IBM DevOps Deploy /...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45071)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45073)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45073)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31580]
Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting (CVE-2024-45087)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to spring-webmvc-6.1.12 (CVE-2024-38816)
Summary IBM Sterling Connect:Direct Web Services uses spring webmvc jar, Spring Security could allow a remote attacker to obtain sensitive information, caused by a path traversal attack in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux...
Security Bulletin: Due to use of Node.js IBM DataPower Gateway vulnerable to denial of service (CVE-2024-45590)
Summary Node.js is used by IBM DataPower Gateway as part of the user interface. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting (CVE-2024-45087)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)
Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to server-side request (CVE-2024-39338)
Summary There is a vulnerability in Axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43796)
Summary There is a vulnerability in expressjs express used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to...
Security Bulletin: Apache Commons IO used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-47554)
Summary The Apache Commons IO used by Identity Insight is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service (CVE-2024-45085)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM MQ for HPE NonStop Server is vulnerable to a denial of service attack (CVE-2024-51470)
Summary IBM MQ for HPE NonStop Server has addressed a denial of service vulnerability CVE-2024-51470. Vulnerability Details CVEID:CVE-2024-51470 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. CWE:CWE-754: Improper Che...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2024-38808)
Summary A vulnerability in VMware Tanzu Spring Framework that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...
Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-33601]
Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-33601 Vulnerability Details CVEID:CVE-2024-33601 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure...
Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-2961]
Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-2961 Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM MQ Appliance Console is affected by a password disclosure vulnerability (CVE-2024-52896)
Summary IBM MQ Appliance has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)
Summary IBM App Connect Enterprise Connector Discovery is vulnerable to a remote attack due to jsonpath-plus. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting (CVE-2024-45087)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: Vulnerability in idna ( CVE-2024-3651) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential denial of service vulnerability CVE-2024-3651 has been identified related to idna that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3651...
Security Bulletin: BM SPSS Collaboration and Deployment Services is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)
Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to an XML External Entity XXE injection vulnerability Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products a...
Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-46696, CVE-2024-46697]
Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-46696, CVE-2024-46697 Vulnerability Details CVEID:CVE-2024-46696 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM DataPower Operator vulnerable to DoS due to use of Go (CVE-2024-34155, CVE-2024-34156)
Summary The affected calls are used by DataPower Operator for processing messages exchanged with Kubernetes and IBM DataPower Gateway. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending...
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure under specific conditions (CVE-2024-40679)
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. Vulnerability Details CVEID:CVE-2024-40679 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to an...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...
Security Bulletin: IBM Match 360 is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)
Summary IBM Match 360 is vulnerable to an XML External Entity XXE injection because of a vulnerable found in IBM Websphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...
Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387
Summary IBM Db2 Big SQL on Cloud Pak for Data embeds a variant of the IBM Db2 database server that runs in MPP mode. For MPP functionality such as scale-out, internally the server uses the secure shell SSH protocol for inter-pod communication. SSH protocol is not exposed to external users or...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch denial of service vulnerabilitiy.( CVE-2024-23450)
Summary Potential Elastic Elasticsearch denial of service vulnerabilitiy. CVE-2024-23450 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23450 DESCRIPTION:...
Security Bulletin: IBM InfoSphere Information Server is affected by an XXE vulnerability in IBM WebSphere Application Server Liberty (CVE-2024-22354)
Summary An XML External Entity Injection XXE vulnerability in IBM WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application...
Security Bulletin: Vulnerabilities in Apache Commons IO library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-47554)
Summary Apache Commons IO library is used by Tivoli Netcool/OMNIbus WebGUI as part of Apache POI dependency for Seasonal Event Graphs export feature. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43799)
Summary There is a vulnerability in pillarjs send used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site...
Security Bulletin: Vulnerability in idna ( CVE-2024-3651) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential denial of service vulnerability CVE-2024-3651 has been identified related to idna that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3651...
Security Bulletin: IBM Master Data Management is vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server (CVE-2024-45072)
Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user coul...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Produc...
Security Bulletin: Financial Transaction Manager v4 is impacted by a denial of service(DoS) vulnerability in WebSphere Liberty (CVE-2024-25026)
Summary IBM WebSphere Application Server Liberty is bundled with Financial Transaction Manager. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...
Security Bulletin: Vulnerability in Async ( CVE-2024-39249) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential denial of service vulnerability CVE-2024-392498 has been identified related to Async that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-39249...
Security Bulletin: Vulnerability in tqdm ( CVE-2024-34062) may affect IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential arbitrary code execution vulnerability CVE-2024-34062 has been identified related to tqdm that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788
Summary Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788 with details below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-43788 DESCRIPTION: Webpack and Rspack are...
Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-3.1.3-py3-none which is vulnerable to CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SAP My Travel Requests privilege excalation vulnerability [ CVE-2024-32731]
Summary Potential SAP My Travel Requests privilege excalation vulnerability CVE-2024-32731 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Jetty (CVE-2024-8184)
Summary Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the ThreadLimitHandler.getRemote function. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust the server memory and results in a denial of service...