Security Bulletin: Vulnerability in QOS.ch Sarl Logback affects watsonx.data

Summary A serialization vulnerability in logback receiver component part of QOS.ch Sarl Logback allows an attacker to mount a Denial-Of-Service attack to watsonx.data by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of...

Security Bulletin: Vulnerability in Oracle Java SE affects watsonx.data

Summary An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-21930...

Security Bulletin: Vulnerability in Airlift aircompressor affects watsonx.data

Summary Airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a loc...

Security Bulletin: Vulnerability in Python affects watsonx.data

Summary Python could provide weaker than expected security caused by an issue with tempfile. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-6597 DESCRIPTION: Python could provide weaker than expected security, caused by an issue with tempfile.TemporaryDirectory fails removing...

Security Bulletin: Vulnerability in Certifi python-certifi

Summary Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the us...

Security Bulletin: Vulnerability in Apache Druid affects watsonx.data

Summary It is possible for an authenticated user to send a specially-crafted request that forces Apache Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid...

Security Bulletin: Vulnerability in Eclipse Jetty affects watsonx.data

Summary In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a vulnerability that could prevent properly cleaning up the active connections and associated resources. This can lead to a Denial of Service condition in watsonx.data where...

Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data

Summary Snappy-java is vulnerable to denial of service attacks cause by integer overflows and unchecked chunk lengths. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the...

Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data

Summary Snappy-java is vulnerable to a denial of service, caused by either an integer overflow, use of an unchecked chunk length or missing upper bound check on chunk length. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a deni...

Security Bulletin: IBM MQ for HPE NonStop Server is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ for HPE NonStop Server has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-35116 DESCRIPTION: IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM...

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2024-2511

Summary IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2024-2511 Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a...

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-39338, CVE-2024-4068, CVE-2021-23727)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a Denial of Service (CVE-2024-41818)

Summary There is a vulnerability in fast-xml-parser used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a separated security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

Security Bulletin: IBM MQ Appliance vulnerable to bypassing security restrictions (CVE-2024-40681)

Summary IBM MQ Appliance has addressed a security bypass vulnerablity. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVSS Base score: 7...

Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2023-5981 and CVE-2024-0533)

Summary IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. B...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-34750)

Summary IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat CVE-2024-34750. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, cause...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-50315)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

Security Bulletin: Vulnerabilities in PostgreSQL affect watsonx.data

Summary For CVE-2012-1618, when a user-provided input for JDBC statement parameters is not properly escaped, remote attackers can perform injection attacks which can affect watsonx.data. For CVE-2020-13692, the PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive...

Security Bulletin: Vulnerability in Netty affects watsonx.data

Summary Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...

Security Bulletin: Vulnerability in Apache Derby affects watsonx.data

Summary Apache Derby could allow a remote attacker to bypass security restrictions to view and corrupt sensitive data and run sensitive database functions and procedures. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attack...

Security Bulletin: IBM Aspera Faspex 5 has addressed multiple vulnerabilities (CVE-2024-45097, CVE-2024-45096, CVE-2024-45098)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.10 Vulnerability Details CVEID:CVE-2024-45097 DESCRIPTION: IBM Aspera Faspex could allow a user to bypass intended access restrictions and conduct resource modification. CVSS Base...

Security Bulletin: Multiple vulnerabilities affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-22201, CVE-2023-51775)

Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as Indexing Engine server is vulnerable to denial of service. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP...

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...

Security Bulletin: ThreeTen Backport vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-23081,CVE-2024-23082)

Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-23082 DESCRIPTION: ThreeTen Backport is vulnerable to a denial of service, caused by an integer overflow in...

Security Bulletin: IBM Aspera Shares is vulnerable to multiple medium and low vulnerabilities (CVE-2023-2650, CVE-2018-25032, CVE-2021-3712, CVE-2021-4160, CVE-2023-0466, CVE-2023-0465)

Summary This Security Bulletin addresses multiple medium and low severity vulnerabilities that have been remediated in IBM Aspera Shares 1.10.0 PL4. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / Open JDK Version 17, OpenJ9 used by DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified...

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: The...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2024-22354. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in OpenSSL that can cause denial of service CVE-2023-6237 Vulnerability Details CVEID:CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVPPKEYpublicchec...

Security Bulletin: vulnerabilities in Apache Commons Compress affect IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by multiple vulnerabilities in Apache Commons Compress that can cause denial of service CVE-2024-25710, CVE-2024-26308 Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...

Security Bulletin: IBM Workload Scheduler is affected by vulnerability found in glibc

Summary IBM Workload Scheduler is affected by vulnerability found in glibc that can cause Denial of Service CVE-2024-33601. Vulnerability Details CVEID:CVE-2024-33601 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon'...

Security Bulletin: Vunerablities in Netty affect watsonx.data

Summary Netty is vulnerable to denial of service attacks. For CVE-2021-37136, the Netty Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. A malicious input can trigger an Out Of...

Security Bulletin: Vulnerability in FasterXML jackson-binary affects watsonx.data

Summary FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of byte buffer flaw. This could cause a java.lang.OutOfMemoryError exception in watsonx.data. Vulnerability Details CVEID:CVE-2020-28491 DESCRIPTION: FasterXML...

Security Bulletin: Vulnerabilities in Elasticsearch affect watsonx.data

Summary Elasticsearch is vulnerable to local authenticated attacks to obtain sensitive information and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-31417 DESCRIPTION: Elasticsearch could allow a local authenticated attacker to obtain sensitive...

Security Bulletin: Vulnerability in Google Gson affects watsonx.data

Summary Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By...

Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service. For CVE-2021-35515, when reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. For CVE-2021-35516, when reading a specially crafted 7Z archive,...

Security Bulletin: Vulnerability in Cryptography package affects watsonx.data

Summary The Cryptography package is vulnerable to a denial of service, caused by a NULL pointer dereference in the pkcs12.serializekeyandcertificates process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-26130 DESCRIPTION: cryptography is vulnerable to a denial of service,...

Security Bulletin: Vulnerability in Apache Tomcat affects watsonx.data

Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when a response did not have any HTTP headers set. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. For CVE-2021-35517, when reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out o...

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to denial of service attacks and remote attack via restrictions bypass. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2015-2156 DESCRIPTION: Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in ...

Security Bulletin: Vulnerability in Eclipse Jetty affect watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a...

Security Bulletin: Vulnerability in SnakeYaml affects watsonx.data

Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml coul...

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP injection, remote attacks to conduct query parameter smuggling, remote attackd to bypass security restrictions, and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-32189 DESCRIPTION:...

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has two denial of service vulnerabilities. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could exploit...

Security Bulletin: Vulnerability in Golang Go affects watsonx.data

Summary Golang Go could allow a remote attacker to observe TLS handshakes information to correlate successive connections due to an issue with session tickets generated by crypto/tls. This may affect wastonx.data. Vulnerability Details CVEID:CVE-2022-30629 DESCRIPTION: Golang Go could allow a...

Security Bulletin: Vulnerability in Golang Go affects watsonx.data

Summary Golang Go is vulnerable to a denial of service cause by improper input validation by the golang.org/x/text/language package. This may affect watsonx.data. Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input...

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary GoLang Go is vulnerable to denial of service attacks and HTML injection which may affect watsonx.data. Vulnerability Details CVEID:CVE-2023-24537 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an infinite loop due to integer overflow when calling any of the Parse...

Security Bulletin: Vulnerability in Kubernetes affects watsonx.data

Summary If log level of kubernetes is set to at least 9, authorization and bearer tokens will be written to log files causing information to leak. In watsonx.data, one must have access to the OCP cluster, and set the log level to 9 to see this issue. Vulnerability Details CVEID:CVE-2020-8565...