35702 matches found
Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2024-0727. Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is...
Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2024-2511. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is...
Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2023-5678. Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is...
Security Bulletin: Security vulnerability CVE-2024-39689 in Certifi python-certifi that is used by FileNet Content Manager and CP4BA - Filenet Content Manager Component
Summary Security vulnerability CVE-2024-39689 in Certifi python-certifi that is used by FileNet Content Manager and CP4BA - Filenet Content Manager Component in container Operator Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071 Vulnerability Details Refer to the security bulletins...
Security Bulletin: Vulnerability in WebSphere Application Server affect IBM Cloud Pak System[CVE-2023-51775]
Summary Vulnerability found in jose4 used by WebSphere Application Server affect IBM Cloud Pak System Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attack...
Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Cloud Pak System [CVE-2024-22354]
Summary XML External Entity Injection XXE Vulnerability in WebSphere application Server and WebSphere Application Server Liberty affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...
Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a WebSphere Liberty vulnerability (CVE-2023-46158)
Summary IBM Sterling Global Availability Mailbox is affected by IBM WebSphere Application Server Liberty it could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details...
Security Bulletin: IBM Global Availability Mailbox is affected by a Bouncy Castle vulnerability that could allow a remote attacker to obtain sensitive information (CVE-2023-33201)
Summary IBM Global Availability Mailbox is affected by the Bouncy Castle Crypto Package For Java bc-java it could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By...
Security Bulletin: IBM Sterling Global Mailbox is affected by a IBM WebSphere Vulnerability that could cause denial of service (CVE-2023-44487)
Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2023-44487...
Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)
Summary IBM Sterling Global High Availability Mailbox is affected by a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Vulnerability Details CVEID:CVE-2023-44483...
Security Bulletin: IBM Sterling Global High Availability Mailbox is affected byWebSphere liberty vulnerability (CVE-2023-46158)
Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details...
Security Bulletin: IBM Master Data Management is vulnerable to prototype pollution from vulnerability found in Dojo (CVE-2021-23450)
Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to prototype pollution from vulnerability found in Dojo. Dojo could allow a remote attacker to cause a denial of service, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an...
Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by WebSphere Liberty vulnerability (CVE-2023-38737)
Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it is vulnerable to a denial of service with the restfulWS-3.0 or restfulWS-3.1 feature enabled. This has been addressed in the remediation section. Vulnerability Details...
Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by a SnakeYaml deserialization vulnerability (CVE-2022-1471)
Summary IBM Sterling Global High Availability Mailbox is affected by SnakeYaml's Constructor class it does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in path-to-regexp-0.1.7.tgz
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By...
Security Bulletin: Security Vulnerabilities fixed in IBM Security Directory Integrator
Summary Several CVEs were fixed in the IBM Java SE that is bundled with IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high...
Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite
Summary Several Security Vulnerabilities in the IBM Security Directory Integrator and Eclipse Jetty were addressed in the IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0...
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...
Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs
Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty impacts IBM Common Licensing
Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofin...
Security Bulletin: IBM Storage Insights is vulnerable to weakness related to Apache Avro
Summary Vulnerability in Apache Avro may affect IBM Storage Insights which could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code...
Security Bulletin: TSSC/IMC is vulnerable to a bypass security restrictions attack on curl
Summary TSSC/IMC is vulnerable to a bypass security restrictions attack on curl. A patch has been provided that updates the libssh library. CVE-2023-28322, CVE-2023-38546, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass...
Security Bulletin: TSSC/IMC is vulnerable to a denial of service on Apache HTTP Server
Summary TSSC/IM is vulnerable to a denial of service on Apache HTTP Server. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-27316. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure t...
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
Summary IBM Engineering Lifecycle Optimization - Engineering Insights ENI is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. In XML parsers, when XML...
Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution
Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...
Security Bulletin: IBM Sterling File Gateway is vulnerable to cross-site scripting
Summary IBM Sterling File Gateway is vulnerable to cross-site scripting Vulnerability Details CVEID:CVE-2023-52292 DESCRIPTION: IBM Sterling File Gateway is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th...
Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-45087)
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45087 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...
Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure (CVE-2021-37533)
Summary IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure CVE-2021-37533 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP clien...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2023-32340 CVE-2023-50309)
Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2023-32340 DESCRIPTION: IBM Sterling B2B Integrator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to SQL injection
Summary IBM Sterling B2B Integrator is vulnerable to SQL injection Vulnerability Details CVEID:CVE-2023-50316 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50387]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50387 Vulnerability Details CVEID:CVE-2023-50387 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when processing...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure
Summary IBM Sterling B2B Integrator is vulnerable to information disclosure . Vulnerability Details CVEID:CVE-2024-27263 DESCRIPTION: IBM Sterling B2B Integrator could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. CWE:CWE-300...
Security Bulletin: IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography
Summary IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound...
Security Bulletin: IBM B2B Sterling Integrator is affected by Hutool's denial of service
Summary IBM B2B Sterling Integrator is affected by Hutool's denial of service Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this...
Security Bulletin: IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service
Summary IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to ope...
Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery
Summary IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By...
Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty
Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using t...
Security Bulletin: IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service
Summary IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload reques...
Security Bulletin: IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks
Summary IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker...
Security Bulletin: IBM B2B Sterling integrator is affected by Apache Santuario vulnerability to information disclosure
Summary IBM B2B Sterling integrator is vunerable to information disclosure due to Apache Santuario Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the lo...
Security Bulletin: IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot
Summary IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or...
Security Bulletin: IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability
Summary IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to op...
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities Vulnerability Details CVEID:CVE-2024-8096 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when using...
Security Bulletin: Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator is affected by vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50868]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50868 Vulnerability Details CVEID:CVE-2023-50868 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC...
Security Bulletin: IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities
Summary IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate wi...
Security Bulletin: IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure (CVE-2023-35887)
Summary IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-4408]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-4408 Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2023-5678]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-5678 Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DHgeneratekey...