Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a weak security (CVE-2024-39689)

Summary There is a weak security in Certifi python-certifi used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a bypass security (CVE-2024-35195)

Summary There is a security bypass in psf Requests used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to an information disclosure (CVE-2024-37891)

Summary There is an information disclosure vulnerability in urllib3 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a...

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused ...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2023-50315)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Scale (CVE-2024-25026, CVE-2024-22329, CVE-2024-22354)

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could allow a remote attacker to exploit and cause the server to consume memory resources and SSRF attack. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere...

Security Bulletin: Mutiple vulnerabilities in Bouncy Castle Crypto Package For Java may affect IBM Storage Scale GUI (CVE-2024-30171, CVE-2024-29857)

Summary There are vulnerabilities in Bouncy Castle Crypto Package For Java, used by IBM Storage Scale GUI, which could allow a remote attacker to exploit and obtain sensitive information. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerab...

Security Bulletin: IBM Storage Scale Install toolkit may be affected by a vulnerability in Jinja (CVE-2024-34064)

Summary There is a vulnerability in Jinja, used by Storage Scale Install toolkit which could allow a remote attacker to steal the victim's cookie-based authentication credentials. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the...

Security Bulletin: Multiple Oracle Outside In Technology vulnerabilities in IBM Engineering Requirements Management DOORS Next

Summary Multiple security vulnerabilities in Oracle Outside In Technology affect IBM Engineering Requirements Management DOORS Next. Vulnerability Details CVEID:CVE-2024-21117 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could...

Security Bulletin: There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with TXSeries for Multiplatforms.

Summary There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with TXSeries for Multiplatforms CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. An update to TXSeries for Multiplatforms has been...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass [CVE-2024-24789]

Summary Golang Go is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Golang Go package...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to priviledge escalation [CVE-2022-43915]

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to privilege escalation due to not limiting the unshare command. This bulletin provides patch information to address the reported vulnerability. CVE-2022-43915 Vulnerability Details CVEID:CVE-2022-43915 DESCRIPTION: IB...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-37168] [CVE-2024-34890]

Summary Node.js is used by IBM App Connect Enterprise Certified Container as a runtime engine. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js modules ws and gRPC...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use MQ are vulnerable to denial of service [CVE-2024-25016]

Summary IBM MQ is used by IBM App Connect Enterprise Certified Container for MQ communications and for state storage by Toolkit flows that contain MQ, Aggregation and Collector nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable t...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service [CVE-2023-45288]

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to a Golang vulnerability. This bulletin provides patch information to address the reported vulnerability in the net/http and x/net/http2 packages. CVE-2023-45288 Vulnerability...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.19 LTS, 12.0.1 LTS and 12.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to arbitrary code execution [CVE-2022-48622] [CVE-2023-23931] [CVE-2024-35195] [CVE-2024-39689]

Summary The IBM App Connect Enterprise Certified Container image that provides the mapping assistance capability to the DesignerAuthoring operand includes several Python based Red Hat packages that contain vulnerabilites. IBM App Connect Enterprise Certified Container DesignerAuthoring operands...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands are vulnerable to networking errors [CVE-2024-24790]

Summary IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands contain Golang binaries that are vulnerable to networking errors. This bulletin provides patch information to address the reported vulnerability. CVE-2024-24790 Vulnerability...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-50315)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2398) and security restrictions bypass (CVE-2024-2466, CVE-2024-2004) due to cURL libcurl

Summary Vulnerabilities in cURL libcurl could allow a remote attacker to cause a denial of servce CVE-2024-2398 or bypass security restrictions CVE-2024-2466, CVE-2024-2004. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HM...

Security Bulletin: IBM SPSS Statistics: "IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks"

Summary A combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. IBM SPSS Statistics is not directly affected, but is issuing a patch for the relevant versions. Vulnerability Detai...

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2015-5739 DESCRIPTION: Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sendin...

Security Bulletin: IBM QRadar DNS Analyzer app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improp...

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verificati...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF16 patch Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

Security Bulletin: Vulnerability in IBM Java affects Infosphere Data Architect

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE which is vulnerable to multiple CVEs. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE, which is vulnerable to CVE-2024-39744. Vulnerability Details CVEID:CVE-2024-39744 DESCRIPTION: IBM Sterling Connect:Direct Web Services is vulnerable to cross-site request forgery which could allow an attacker to execute malicious...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE which is affected by CVE-2024-39745. Vulnerability Details CVEID:CVE-2024-39745 DESCRIPTION: IBM Sterling Connect:Direct Web Services uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

Security Bulletin: Privilege escalation attack might affect IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilitiy has been addressed. CVE-2023-4623 Vulnerability Details CVEID:CVE-2023-4623 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Express.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template package. By...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Maven (CVE-2021-26291)

Summary UPDATE 21 AUGUST 2024: This fix has been updated. Please download and install the fix dated 21 August 2024. The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Maven. This bulletin identifies the steps to take to address the vulnerability. Vulnerability...

Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997

Summary Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997 Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated attacker to execute arbitrary code on the...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to OpenSSH arbitrary code execution vulnerability [CVE-2024-6387]

Summary Potential OpenSSH arbitrary code execution vulnerability CVE-2024-6387 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6387...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39746 DESCRIPTION: IBM Sterling Connect:Direct Web Services could allow a remote attacker to obtain sensitive...

Security Bulletin: IBM Global Configuration Management - Vulnerable to archiving a global baseline by an authenticated user having improper access controls

Summary IBM Global Configuration Management is vulnerable to archiving a global baseline by an authenticated user having improper access controls/permissions. This bulletin contains information regarding the vulnerability and remediation actions. Vulnerability Details CVEID:CVE-2024-41773...

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions (CVE-2024-35136)

Summary IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details CVEID:CVE-2024-35136 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server federated server is vulnerable to denial of...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2024-37529)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query. Vulnerability Details CVEID:CVE-2024-37529 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service with a specially crafted...

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server

Summary GNU Binutils is used by IBM Netezza Performance Server. IBM Netezza Performance Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-48063 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in t...

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses certifi-2023.7.22-py3-none-any.whl which is vulnerable to this CVE-2024-39689

Summary IBM Maximo Application Suite - AI Broker Component includes certifi-2023.7.22-py3-none-any.whl which is vulnerable to this CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi...

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses tomcat-embed-core-10.1.20.jar which is vulnerable to this CVE-2024-34750

Summary IBM Maximo Application Suite - AI Broker Component includestomcat-embed-core-10.1.20.jar which is vulnerable to this CVE-2024-34750. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2024-31882, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2024-35136, CVE-2024-35152, CVE-2024-37529 Vulnerability Details...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2023-50315

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple Apache Solr Vulerabilities Affect IBM OpenPages

Summary Apache Solr package is used by IBM OpenPages for the Search Server. Multiple vulnerabilties are being disclosed from Apache Solr within this bulletin. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Apache Solr could allow a remote attacker to...

Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-36138)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to information disclosure (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to information disclosure. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Version...

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-35154)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an information disclosure (CVE-2023-50315)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an information disclosure. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...