35692 matches found
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ansible
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ansible Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in http-proxy-middleware
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of http-proxy-middleware Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple CVEs in IBM Java SDK
Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise Runtime and IBM Integration Bus for z/OS Runtime. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit...
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Eclipse Lyo could allow a remote attacker to obtain sensitive information.
Summary Eclipse Lyo could allow a remote attacker to obtain sensitive information, caused by a flaw with not restrict DTD loading when working with RDF/XML when a TransformerFactory is initialized with the defaults. By sending a specially-crafted request, an attacker could exploit this...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.
Summary A race condition happened when a code sequence runs concurrently with other code, and the code sequence needs exclusive access to a shared resource, but a time window exists in which the shared resource can be modified by another code sequence. In security-critical code, a race condition...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.35 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability...
Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances (CVE-2024-41110).
Summary A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances. IBM Robotic Process Automation for Cloud Pak uses Go as part of it's operators. This bulletin identifies the fixes required to address the...
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary ulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208 and CVE-2024-10917 Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Ja...
Security Bulletin: Vulnerability in Open Source Jackson databind used in IBM Cloud Pak System (CVE-2020-8840)
Summary Vulnerability with unknown impact identified in jackson-databind used in IBM Cloud Pak System Software. IBM Cloud Pak System addressed vulnerability. It applies to IBM Cloud Pak System Software and Service. Vulnerability Details CVEID:CVE-2020-8840 DESCRIPTION: FasterXML jackson-databind...
Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation
Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49767 DESCRIPTION: Werkzeug is...
Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...
Security Bulletin: A vulnerability in commons.io affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2024-47554).
Summary A vulnerability in commons.io affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. commons.io is used by IBM Robotic Process Automation for Cloud Pak as part of its operator. This bulletin identifies the security fix to apply to address the...
Security Bulletin: IBM Engineering Requirements Management DOORS Next uses a CKEditor version affected by multiple vulnerabilities
Summary IBM Engineering Requirements Management DOORS Next uses a CKEditor version vulnerable to CVE-2021-33829 'Cross-site Scripting', CVE-2020-27193 'Cross-site Scripting', CVE-2021-26272 ReDoS, CVE-2021-41164 'Cross-site Scripting', CVE-2021-26271 ReDoS, CVE-2021-37695 'Cross-site Scripting',...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 287 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...
Security Bulletin: IBM Maximo Application Suite and IBM Maximo Application Suite - Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282
Summary IBM Maximo Application Suite and IBM Maximo Application Suite -Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to uspecified vulnerability in net/netip package in Golang Go CVE-2024-24790)
Summary A potential uspecified vulnerability in net/netip package in Golang Go CVE-2024-24790 has been identified that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTIO...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to The Bouncy Castle Crypto Package For Java denial of service vulnerabilitiy( CVE-2024-29857)
Summary A potential denial of service vulnerability CVE-2024-29857 has been identified related to The Bouncy Castle Crypto Package For Java that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-24788)
Summary A potential denial of service vulnerability CVE-2024-24788 has been identified related to Golang Go that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24788 DESCRIPTION:...
Security Bulletin: Vulnerability in Golang Go (CVE-2024-24784) affects IBM Watson CP4D Data Stores
Summary A potential denial of service vulnerability CVE-2024-24784 has been identified related to Golang Go that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24784 DESCRIPTION:...
Security Bulletin: CVE-2023-45288 - HTTP/2 CONTINUATION flood vulnerability affects IBM Watson CP4D Data Stores
Summary A potential vulnerability CVE-2023-45288 - HTTP/2 CONTINUATION flood has been identified that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker ma...
Security Bulletin: IBM Maximo Application Suite -Iot Component uses multiple third party jars which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite -Iot Component uses commons-codec-1.9.jar,classgraph-4.8.78.jar,guava-19.0.jar,commons-io-2.8.0.jar,json-20160212.jar,httpclient-4.5.2.jar,cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-2976, CVE-2018-10237, CVE-2020-8908,...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361
Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361 Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807
Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU
Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause lo...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs
Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerabili...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267
Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...
Security Bulletin: An Eclipse Jetty Denial of Service vulnerability affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE CVE-2024-9823. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a fla...
Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-456...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2024) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2024. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability ...
Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena
Summary A vulnerability has been identified in Apache Jena - jena-core-2.7.1.jar, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache...
Security Bulletin: Multiple Security vulnerablilites affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. Python is included in some container base images for IBM Robotic Process Automation for Cloud Pak. This bulleti...
Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation for Cloud Pak. IBM MQ is used as base imaged for IBM Robotic Process Automation for Cloud Pak messaging. This bulletin identifies the fixes required to address these vulnerabilites. Vulnerability Details...
Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system (IBM X-Force ID: 273241)
Summary A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system. This bulletin identifies the fix to address this vulnerability. Vulnerability Details IBM X-Force ID: 273241 DESCRIPTION: GitLab Runner could provide...
Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs...
Security Bulletin: vulnerability in Apache Commons HttpClient affects IBM Workload Automation.
Summary IBM Workload Automation is affected by a vulnerability in Apache Commons HttpClient that can cause Authorization Bypass CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and oth...
Security Bulletin:Due to use of WebSphere Application Server traditional, IBM Workload Automation is vulnerable to a server-side request forgery (SSRF) vulnerability
Summary WebSphere Application Server traditional is used by IBM Workload Automation CVE-2024-22329 Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...
Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a server-side forgery attack,
Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-22354 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...
Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a denial of service,
Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-25026 Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service...
Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.
Summary IBM Workload Automation has vulnerability in OpenSSL CVE-2024-4603 Vulnerability Details CVEID:CVE-2024-4603 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVPPKEYparamcheck or EVPPKEYpubliccheck function. By parsing a specially craft...
Security Bulletin: vulnerability in libcURL affects IBM Workload Automation.
Summary IBM Workload Automation has vulnerability in libcURL CVE-2024-7264 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the the GTime2str function. By sending a specially...
Security Bulletin: Vulnerability in XStream library affects App Connect Professional
Summary There is vulnerability in the XStream library used by App Connect Professional. App Connect Professional has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in...
Security Bulletin: Due to the use of Eclipse Jetty, IBM App Connect Professional is vulnerable to bypass security restrictions
Summary Eclipse Jetty is used within IBM App Connect Professional Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by improper validation on the authority segment of a URI in the HttpURI class. By sending a...
Security Bulletin: Due to the use of Eclipse Jetty, IBM App Connect Professional is vulnerable to bypass security restrictions
Summary Eclipse Jetty is used within IBM App Connect Professional Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by improper validation on the authority segment of a URI in the HttpURI class. By sending a...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2
Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF17 patch Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...
Security Bulletin: Vulnerability in OpenSSL affect BM Spectrum Control
Summary OpenSSL is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking...
Security Bulletin: Vulnerabilities in IBM Java SE affect BM Spectrum Control
Summary IBM Java SE is vulnerable to allow a remote attacker to cause High confidentiality ,high integrity impact. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...
Security Bulletin: Vulnerability in expressjs body-parser affect BM Spectrum Control
Summary expressjs body-parser is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending ...
Security Bulletin: Vulnerability in Axios affect BM Spectrum Control
Summary Axios is vulnerable to server-side request forgery, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...