35702 matches found
Security Bulletin: Mutiple vulnerabilites in Python affect IBM Robotic Process Automation
Summary Mutiple vulnerabilites in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib...
Security Bulletin: A vulnerability in Microsoft .NET Core may affect IBM Robotic Process Automation and result in a remote attacker obtaining sensitive information (CVE-2018-8292).
Summary Microsoft .NET Core is used by IBM Robotic Process Automation as part of the development platform CVE-2018-8292. Vulnerability Details CVEID:CVE-2018-8292 DESCRIPTION: Microsoft .NET Core could allow a remote attacker to obtain sensitive information, caused by an open redirect...
Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation
Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip...
Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation and could allow a remote authenticated attacker to obtain sensitive information (CVE-2023-43804).
Summary A vulnerability in Python affects IBM Robotic Process Automation and could allow a remote authenticated attacker to obtain sensitive information CVE-2023-43804. IBM Robotic Process Automation uses Python as part of NLP and Abbyy. This security bulletin identifies the fixes that are requir...
Security Bulletin: Multiple vulnerabilies in Go affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple vulnerabilies in Go affect IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation as part of it's operators. This bulletin identifies the fixes to resovle the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21626 DESCRIPTION: Open Contain...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 286 Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A...
Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 284 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially...
Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms.
Summary Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms. Updates to IBM TXSeries for Multiplatforms have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE relate...
Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in IBM Java SE
Summary Multiple vulnerabilities were addressed in Financial Transaction Manager v4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...
Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI
Summary There are multiple vulnerabilities in Open JDK used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21208 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK,...
Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in WebSphere Liberty
Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...
Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Buffer Overflow, Server Side Request Forgery SSRF and Improper Error Handling vulnerabilities. Please refer to the tabl...
Security Bulletin: The IBM® Engineering Lifecycle Management is vulnerable to cross-site scripting
Summary A cross-site scripting vulnerability has been identified on the URL "/jts/auth/authrequired". The web-url does not properly sanitise and escape xss payload before out-putting a 'layout' parameter that users supply to the response body leading to a Cross Site Scripting attack. This bulleti...
Security Bulletin: Insufficient verification of data authenticity might affect IBM Storage Defender – Resiliency Service
Summary IBM Storage Defender – Resiliency Service is vulnerable to insufficient verification of data authenticity. The vulnerability has been addressed. CVE-2023-37920 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in...
Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability
Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability. Vulnerability Details CVEID:CVE-2024-52899 DESCRIPTION: IBM Data Virtualization Manager for z/OS could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...
Security Bulletin: IBM Workload Scheduler stores user credentials in plain text.
Summary IBM Workload Scheduler stores user credentials in plain text which can be read by a local user. CVE-2024-49351 Vulnerability Details CVEID:CVE-2024-49351 DESCRIPTION: IBM Workload Scheduler stores user credentials in plain text which can be read by a local user. CWE:CWE-256: Plaintext...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Repodebug
Summary Repodebug shows Oracle password in the plain text. This only occurs with Oracle DB. Customer observed that repodebug shows the database username and password for Oracle jdbc connections which is a vulnerability. This bulletin contains information regarding the remediation actions...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in User Dashboards
Summary A vulnerability was reported in dashboard during pen testing. User's dashboard could be changed with a PUT request which did not check the user's identity, and this request enabled a user to change any dashboard the user has read access to. This bulletin contains information regarding the...
Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2017-15691
Summary Apache uimaj-core.jar security vulnerability CVE-2017-15691 in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details CVEID:CVE-2017-15691 DESCRIPTION: Apache uima...
Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...
Security Bulletin: This Power System update is being released to address CVE-2022-0480 and CVE-2023-6531
Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-0480 an...
Security Bulletin: Security vulnerabilities fixed in IBM Security Directory Suite (CVE-2022-33167, CVE-2022-32754, CVE-2022-33162)
Summary Security vulnerabilities found in IBM Security Directory Integrator as shipped with IBM Security Directory Suite were fixed. Vulnerability Details CVEID:CVE-2022-33167 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a...
Security Bulletin: Security vulnerability discovered in IBM Security Directory Server and IBM Security Verify Directory (CVE-2022-32754)
Summary IBM Security Verify Directory and IBM Security Directory Server addressed a cross-site scripting vulnerability in the web administration tool. Vulnerability Details CVEID:CVE-2022-32754 DESCRIPTION: IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This...
Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by an information disclosure vulnerability in WebSphere Application Server Liberty
Summary An information disclosure vulnerability has been addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through...
Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by multiple vulnerabilities in IBM Java SE
Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...
Security Bulletin: BM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-47875)
Summary IBM Sterling Connect:Direct Web Services uses DOMPurify as a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolera...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)
Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...
Security Bulletin: Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services [CVE-2016-1000027]
Summary There is a vulnerability in Spring Framework that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM SPSS Collaboration and Deployment Services This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2016-1000027...
Security Bulletin: Multiple vulnerabilities may affect IBM SPSS Analytic Server
Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty were addressed in IBM SPSS Analytic Server. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analyt...
Security Bulletin: IBM SPSS Analytic Server has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2022-48285)
Summary IBM SPSS Analytic Server has addressed multiple security vulnerabilities CVE-2022-48285, CVE-2022-48285 Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files...
Security Bulletin: IBM Technical Support Appliance - possible degraded performance or excessive CPU usage
Summary Domain Name Service DNS messaging is used to resolve hostnames to IP addresses. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databas...
Security Bulletin: IBM Technical Support Appliance - possible access to stale data
Summary Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated attacker to obtain sensitive information, caused by the failu...
Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service
Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...
Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information
Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack...
Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information
Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issu...
Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service
Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-43975 DESCRIPTION: Linux Kernel could allow a local authenticated attacker...
Security Bulletin: IBM SPSS Analytic Server is affected by vulnerability in Netty (CVE-2022-41915)
Summary Netty is used by IBM SPSS Analytic Server. The latest patch includes Netty 4.1.109.Final to fix the vulnerability. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an...
Security Bulletin: Vulnerability in jetty-http affects IBM Integrated Analytics System[CVE-2023-36478]
Summary The jetty-http package is used by IBM Integrated Analytics System. IBM Integrated Anayltics System has addresed the applicable CVE CVE-2023-36478. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and...
Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime
Summary The IBM SPSS Collaboration and Deployment Services using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU is vulnerable to CVE-2023-2597. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime
Summary The IBM SPSS Collaboration and Deployment Services using IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime
Summary The IBM SPSS Collaboration and Deployment Services using BM SDK, Java Technology Edition Quarterly CPU - Jan 2024 -Includes Oracle July 2024 CPU plus CVE-2024-27267. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime
Summary The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- SPSS...
Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability
Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability in the JDBC component with fix pack dvm-jdbc-3.1.202406111013. Vulnerability Details CVEID: NA Description: Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during...
Security Bulletin: AIX is vulnerable to a denial of service due to ISC BIND
Summary Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service CVE-2024-0760, CVE-2024-1737, CVE-2024-4076, CVE-2024-1975. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2024-0760 DESCRIPTION: ISC BIND is vulnerable to a...
Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable...
Security Bulletin: IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about the security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2019-8331 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting,...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314
Summary Security Bulletin:IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM...