Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable and reported in [All] Spring Framework.

Summary Security Bulletin: Sterling Control Center v6.2.1 and v6.3.1 is vulnerable in All Spring Framework for CVE-2024-22233 Publicly disclosed vulnerability. Vulnerability Details CVEID:CVE-2024-22233 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by a...

Security Bulletin: IBM Sterling Control Center v6.2.x and v6.3.x are vulnerable due to IBM Semeru Runtime vulnerabiliy

Summary IBM Semeru Runtime Quarterly CPU - Jul 2023 - Includes OpenJDK July 2023 CPU and CVE-2023-22049, CVE-2023-22036, CVE-2023-22006 affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to t...

Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable with IBM Semeru Runtime Quarterly CPU - Oct 2023

Summary IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807 and CVE-2023-5676 and affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable and reported in Apache ActiveMQ

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, with vulnerability 264654 . Vulnerability Details IBM X-Force ID: 264654 DESCRIPTION: Apache ActiveMQ NMS could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Body...

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2023-46604. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused ...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID: CVE-2024-21011 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. CVSS...

Security Bulletin: IBM Master Data Management vulnerable to denial of service from IBM Business Automation Workflow using Apache Johnzon

Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a remote attacker could exploit...

Security Bulletin: IBM Master Data Management is vulnerable to denial of service from Apache Commons Compress used in IBM Business Workflow Automation

Summary IBM Master Data Management v14.0 is vulnerable to denial of service from Apache commons compress used in IBM Business Workflow Automation. Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization fla...

Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability

Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-6119. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking serv...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service vulnerability in Multiple vendors [ CVE-2023-44487]

Summary Potential denial of service vulnerability in Multiple vendors CVE-2023-44487 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-444...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple Vim vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-0128 DESCRIPTION: Vim could allow a local attacker to obtain...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple Vim vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-0407 DESCRIPTION: Vim is vulnerable to a heap-based buffer...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2849 DESCRIPTION: Vim is vulnerable to a heap-based buffer...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy.( CVE-2023-45290)

Summary Potential Golang Go denial of service vulnerabilitiy. CVE-2023-45290 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45290 DESCRIPTION: Golang Go is...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go sensitive information disclosure vulnerabilitiy( CVE-2023-45289)

Summary Potential Golang Go sensitive information disclosure vulnerabilitiyCVE-2023-45289 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45289 DESCRIPTION:...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in IBM MQ

Summary IBM Virtualization Engine TS7700 is susceptible to three denial-of-service conditions CVE-2024-25016, CVE-2024-31919, CVE-2024-35116, a privilege escalation CVE-2024-31912 and a buffer overflow CVE-2024-25048 due to the use of IBM MQ. TS7700 uses IBM MQ for inter-process communication...

Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.

Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...

Security Bulletin: IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45073 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user t...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference CVE-2024-38477, executing arbitrary code due to an encoding issue in modrewrite CVE-2024-38474, and improper escaping in modrewrite resulting in acces...

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System

Summary There are multiple Unspecified and Denial of Service Java SE Vulnerabilities that affect IBM Java SDK shipped with IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attack...

Security Bulletin: Vulnerabilities in Golang Go affect IBM Cloud Pak System

Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. CVE-2023-45284, CVE-2023-45283 Vulnerability Details CVEID:CVE-2023-45284 DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the...

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed in IBM Cloud Pak System v2.3.4.0. Vulnerability Details CVEID:CVE-2023-38013 DESCRIPTION: IBM Cloud Pak System could disclose sensitive information in HTTP responses that could aid in further attacks...

Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System

Summary Vulnerabilities found in components packaged with Cloud Pak System, Beego, Node.js follow-redirects module, Prototypejs, jQuery, Golang go and go/crypto module. These vulnerabilities have been addressed in Cloud Pak System V2.3.4.0 and IBM V2.3.5.0. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2rBuffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z. Vulnerability Details Refer to the security bulletins listed in...

Security Bulletin: IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)

Summary IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy CVE-2023-0482 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analytic Server| 3.5...

Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136

Summary Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136 Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.1.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.1.1 Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by a...

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...

Security Bulletin: Mulitple Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights.

Summary Multiple Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights ICABI have ben addressed in Fixpacks 1.1.7.10 and 1.1.8.5 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [ CVE-2023-51767]

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-51767 Vulnerability Details CVEID:CVE-2023-51767 DESCRIPTION: OpenSSH could allow a local authenticated attacker to bypass security restrictions,...

Security Bulletin: Vulnerability in Log4j affects IBM Integrated Analytics System [CVE-2023-26464]

Summary Redhat provided Log4j is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26464 Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the...

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a...

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2022-1679]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-1679 Vulnerability Details CVEID:CVE-2022-1679 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on th...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerability has been addressed in this update. Please read the details for remediation...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat [CVE-2024-34750]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by a flaw when processing an HTTP/2 stream CVE-2024-34750. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read t...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp [CVE-2024-5569]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp, caused by an infinite loop flaw in the Path module CVE-2024-5569. Zipp is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow [CVE-2023-33976]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a a segfault when not given a rank 2 tensor in the arrayops.upperbound function CVE-2023-33976. TensorFlow is used by our Speech Service runtimes. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools [CVE-2024-6345]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools , caused by an error in the packageindex module. CVE-2024-6345. pypa/setuptools is used by our Speech Service runtimes. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi [CVE-2024-39689]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi, caused by the use of GLOBALTRUST root certificate CVE-2024-39689. Certifi python-certifi is used by our Speech Service runtimes. This vulnerabilitiy has been...

Security Bulletin: Vulnerabilities in Logback might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Logback. A local or remote attacker could exploit these vulnerabilities to cause a denial of service condition as described by the CVE in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2023-6481...

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to cause a denial of service condition, an authenticated attacker could exploit the vulnerability to gain...

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local authenticated attacker could exploit the vulnerability to cause the kernel to crash, to cause a denial of service condition, an attacker could exploit this vulnerability to...

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to make arbitrarily change the value stored in EAX while a SEV VM is running, to trigger int80 syscall handling at any given point, ...

Security Bulletin: Vulnerabilities in Golang Go and PostgreSQL might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and PostgreSQL . An attacker or remote attacker could exploit these vulnerabilities to create an zip file with contents that vary depending on the implementation reading the file, to obtain sensitive...