35059 matches found
Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control
Summary Node.js is vulnerable to remote attacker to execute arbitrary commands. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-36138 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by the incomplete fi...
Security Bulletin: Vulnerability in OpenSSL affect IBM Spectrum Control
Summary OpenSSL is vulnerable to execution of arbitrary code on the system. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...
Security Bulletin: IBM WebSphere Application Server Liberty vulnerability affect IBM Spectrum Control
Summary IBM WebSphere Application Server Liberty is vulnerable to XML External Entity Injection XXE attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Libert...
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-40680)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-40680 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. CVSS Base score: 6.2 CVSS Temporal Score:...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Scale System
Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Serve...
Security Bulletin: IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253.
Summary IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local...
Security Bulletin: Vulnerabilities in Elasticsearch affect watsonx.data
Summary Elasticsearch is vulnerable to local authenticated attacks to obtain sensitive information and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-31417 DESCRIPTION: Elasticsearch could allow a local authenticated attacker to obtain sensitive...
Security Bulletin: Vulnerability in Netty affects watsonx.data
Summary Netty is vulnerable to a denial of service. For CVE-2019-9518, a remote attacker could cause watsonx.data to consume excessive CPU resources by sending a set of frames without an end-of-stream flag, eventually causing a denial of service condition. This would affect watsonx.data. For...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (July 2024) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in July 2024. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified...
Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2024 CPU
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to unqualified library calls [CVE-2024-38330].
Summary IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to programs making unqualified library calls as described in the vulnerability details section. This bulletin identifies the steps to take to address the...
Security Bulletin: IBM Security QRadar Offenses Forwarder App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2023-26159, CVE-2022-40023, CVE-2022-25883)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...
Security Bulletin: IBM Master Data Management affected by vulnerabilites in IBM WebSphere Application Server to cross-site scripting (CVE-2024-35153)
Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in IBM WebSphere Application Server. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131 and CVE-2024-27267 Vulnerability Details CVEID:CVE-2024-21147...
Security Bulletin: ISC BIND on IBM i is vulnerable to a remote attacker causing a denial of service due to multiple vulnerabilities.
Summary Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to a denial of service due to queries to an excessively large resolver database CVE-2024-1737, serving stale cache data content CVE-2024-4076, sending SIG 0 signed requests CVE-2024-1975, and sending a flood of DNS...
Security Bulletin: IBM Aspera Shares improved security for user session handling (CVE-2024-38315)
Summary IBM Aspera Shares has addressed a vulnerability related to user session handling. Vulnerability Details CVEID:CVE-2024-38315 DESCRIPTION: IBM Aspera Shares does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...
Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-29857.
Summary IBM Maximo Application Suite uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-29857. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable ...
Security Bulletin: IBM Maximo Application Suite uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067.
Summary IBM Maximo Application Suite uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of servic...
Security Bulletin: IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067.
Summary IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Pallets Werkzeug could allow a remote attacker to...
Security Bulletin: IBM Maximo Application Suite uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to CVE-2023-29483.
Summary IBM Maximo Application Suite uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to CVE-2023-29483. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service,...
Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty information disclosure vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: IBM Transformation Extender Advanced is affected by a vulnerability in its dependencies
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable in it's dependencies on Apache Commons FileUpload Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused b...
Security Bulletin: Potential Directory Traversal Vulnerability in Apache Ant shipped with IBM Operations Analytics - Log Analysis (CVE-2022-48285)
Summary There is a potential directory traversal vulnerability via a crafted zip in Apache Ant Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with...
Security Bulletin: Potential Vulnerability in Apache Solr and Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2022-24823)
Summary There is a potential Netty vulnerability in Apache Solr and Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis. This has been fixed Vulnerability Details CVEID:CVE-2022-24823 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information,...
Security Bulletin: Potential denial of service vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2021-33813)
Summary An XXE issue allows attacker to cause denial of service in Apache Solr. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit thi...
Security Bulletin: Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2018-18928)
Summary Apache Solr is vulnerable to integer overflow. This has been addressed. Vulnerability Details CVEID:CVE-2018-18928 DESCRIPTION: International Components for Unicode ICU is vulnerable to a denial of service, caused by an integer overflow in the...
Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2022-29181, CVE-2022-23476)
Summary There are multple nokogiri vulnerabilities in Logstash that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2022-29181 DESCRIPTION: Nokogiri is vulnerable to a denial of service, caused by improper handling of unexpected data type...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Concert Software is vulnerable to session hijacking (CVE-2024-43180)
Summary IBM Concert cookie settings are vulnerable to session hijacking. Vulnerability Details CVEID:CVE-2024-43180 DESCRIPTION: IBM Concert does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF27 patch. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...
Security Bulletin: Vulnerability of okhttp-3.9.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE
Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE are vulnerable to okhttp-3.9.0.jar CVE-2023-0833. The workaround includes okhttp-3.9.0.jar upgraded to okhttp-4.12.0.jar. Vulnerability Details CVEID:CVE-2023-0833...
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2023-46589)
Summary IBM Security SOAR uses an older version of Apache Tomcat that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.3.0 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION:...
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-6874 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in April 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21094...
Security Bulletin: IBM InfoSphere Information Server is affected by an arbitrary code execution vulnerability in pypa/setuptools (CVE-2024-6345)
Summary An arbitrary code execution vulnerability in pypa/setuptools that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the...
Security Bulletin: IBM InfoSphere Information Server is affected by a security vulnerability in zipp (CVE-2024-5569)
Summary A security vulnerability in zipp that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a loca...
Security Bulletin: IBM InfoSphere Information Server is affected by a security vulnerability in Certifi python-certifi (CVE-2024-39689)
Summary A security vulnerability in Certifi python-certifi that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An...
Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Undertow (CVE-2024-6162)
Summary A denial of service vulnerability in Undertow that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6162 DESCRIPTION: Undertow is vulnerable to a denial of service, caused by a flaw with URL-encoded request path information can be broken for...
Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability in urllib3 (CVE-2024-37891)
Summary An information disclosure vulnerability in urllib3 that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the...
Security Bulletin: Vulnerability in tpm2-tss library (CVE-2023-22745) affects Power HMC.
Summary The tpm2-tss library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-22745 DESCRIPTION: tpm2-tss is vulnerable to a buffer overflow, caused by improper bounds checking by the Tss2RCSetHandler and Tss2RCDecode...
Security Bulletin: Vulnerability in shadow-utils library (CVE-2023-4641) affects Power HMC.
Summary The shadow-utils library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing t...
Security Bulletin: Vulnerability in bind library (CVE-2022-3094) affects Power HMC.
Summary The bind library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3094 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to the checking of access permissions ACL...
Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-34750) affects Power HMC.
Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending...
Security Bulletin: Vulnerabilities in openssl library (CVE-2023-3446, CVE-2023-3817, CVE-2023-5678) affect Power HMC.
Summary The openssl library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functio...
Security Bulletin: Vulnerability in nss library (CVE-2023-5388) affects Power HMC.
Summary The nss library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5388 DESCRIPTION: Red Hat Enterprise Linux could allow a remote authenticated attacker to obtain sensitive information, caused by an observable timi...
Security Bulletin: Vulnerability in libxml2 library (CVE-2023-39615) affects Power HMC.
Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused by a global buffer overflow in the xmlSAX2StartElement function ...
Security Bulletin: Vulnerability in nss library (CVE-2023-6135) affects Power HMC.
Summary The nss library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-6135 DESCRIPTION: Mozilla Network Security Services NSS NIST curves, as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive...
Security Bulletin: Vulnerability in expat library (CVE-2023-52425) affects Power HMC.
Summary The expat library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted...
Security Bulletin: Vulnerabilities in shim library (CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551) affect Power HMC.
Summary The shim library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-40546 DESCRIPTION: rhboot shim is vulnerable to a denial of service, caused by a NULL pointer dereference f;aw in the mirroroneesl function in...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50315)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...