35705 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...
Security Bulletin: IBM Maximo Application Suite uses multiple packages which are vulnerable to multiple CVEs
Summary IBM Maximo Application Suite uses golang.org/x/net/http2 - v0.19.0 , v0.20.0, github.com/lestrrat-go/jwx/v2 - v2.0.11, setuptools - 50.3.2, tar - 6.2.0, github.com/docker/docker - v24.0.7, follow-redirects - 1.15.4, express - 4.18.2 , idna - 3.6 ,org.apache.cxfcxf-core - 3.5.5,...
Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. (CVE-2015-5739)
Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. IBM Robotic Process Automation for Cloud Pak uses Go as part of it's operator deployment...
Security Bulletin: A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information (CVE-2020-15522).
Summary A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information. IBM Robotic Process Automation uses Bouncy Castle for encrytion. This bulletin identifies the security fixes to apply to address the vulnerability...
Security Bulletin: Multiple vulnerabilities in microsoft.netcore.app affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in IBM microsoft.netcore.app affect IBM Robotic Process Automation. The vulnerabilities exist in BrotliSharpLib which was determined to not be required by IBM Robotic Process Automation. The offending module was removed from the product. Vulnerability Details...
Security Bulletin: IBM OpenPages vulnerable to reflected Cross Site Scripting (CVE-2024-37527)
Summary A vulnerability could allow potential reflected cross-site scripting injections in IBM OpenPages through parameters used in reports. Vulnerability Details CVEID:CVE-2024-37527 DESCRIPTION: IBM OpenPages with Watson is vulnerable to cross-site scripting. This vulnerability allows an...
Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.
Summary IBM has released the following IBM i PTFs in response to CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. This security bulletin has been updated, on October 16, 2018, as additional IBM i PTFs are now available to mitigate the Spectre and Meltdown vulnerabilities...
Security Bulletin: CVE-2023-22045, CVE-2023-22049 affects IBM® SDK, Java™ Technology Edition affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition in version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22045...
Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)
Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in...
Security Bulletin: Vulnerability in Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerability in Linux Kernel. A local authenticated attacker could exploit the vulnerability to cause a denial of service condition as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details...
Security Bulletin: IBM Watson Query on IBM Cloud does not govern all of the columns of a published object
Summary IBM Watson Query on IBM Cloud integrates with IBM Knowledge Catalog IKC - formerly Watson Knowledge Catalog WKC - to enforce data protection rules on governed objects. When you publish objects from Watson Query to catalogs or projects, only the first 100 columns are registered in the...
Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329)
Summary IBM i is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block...
Security Bulletin: IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. (CVE-2023-0833).
Summary IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. CVE-2023-0833. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: Red Hat AMQ-Streams could allow ...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications
Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low...
Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...
Security Bulletin: IBM Operational Decision Manager for Sep 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38808...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28486]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters during logging operations CVE-2023-28486. Sudo Project Sudo is included as a Base OS package used...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28487]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters by the "sudoreplay -l" command CVE-2023-28487. Sudo Project Sudo is included as a Base OS package...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo [CVE-2023-42465]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo, caused by a fault injection flaw in the stack/register variables CVE-2023-42465. Sudo Project Sudo is included as a Base OS package used by our service...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH [CVE-2023-51385]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH, caused by improper validation of shell metacharacters CVE-2023-51385. OpenSSH is included as a Base OS package used by our service runtimes. This vulnerabilitiy has...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl [CVE-2023-47038]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined Unicode property CVE-2023-47038. Perl is included as a Base OS package used by our service runtimes. This vulnerabilitiy ha...
Security Bulletin: IBM Sterling Control Center v6.2.x and v6.3.x are vulnerable due to IBM SDK Java Technology Edition vulnerability
Summary IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676, CVE-2023-22081, CVE-2023-22067 affecting Sterling Control Center v6.2.x and v6.3.x. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java...
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue
Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...
Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable and reported in [All] Spring Framework.
Summary Security Bulletin: Sterling Control Center v6.2.1 and v6.3.1 is vulnerable in All Spring Framework for CVE-2024-22233 Publicly disclosed vulnerability. Vulnerability Details CVEID:CVE-2024-22233 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM Sterling Control Center v6.2.x and v6.3.x are vulnerable due to IBM Semeru Runtime vulnerabiliy
Summary IBM Semeru Runtime Quarterly CPU - Jul 2023 - Includes OpenJDK July 2023 CPU and CVE-2023-22049, CVE-2023-22036, CVE-2023-22006 affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to t...
Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable with IBM Semeru Runtime Quarterly CPU - Oct 2023
Summary IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807 and CVE-2023-5676 and affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable and reported in Apache ActiveMQ
Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, with vulnerability 264654 . Vulnerability Details IBM X-Force ID: 264654 DESCRIPTION: Apache ActiveMQ NMS could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Body...
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue
Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2023-46604. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused ...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications
Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID: CVE-2024-21011 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. CVSS...
Security Bulletin: IBM Master Data Management vulnerable to denial of service from IBM Business Automation Workflow using Apache Johnzon
Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a remote attacker could exploit...
Security Bulletin: IBM Master Data Management is vulnerable to denial of service from Apache Commons Compress used in IBM Business Workflow Automation
Summary IBM Master Data Management v14.0 is vulnerable to denial of service from Apache commons compress used in IBM Business Workflow Automation. Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization fla...
Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability
Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-6119. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking serv...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service vulnerability in Multiple vendors [ CVE-2023-44487]
Summary Potential denial of service vulnerability in Multiple vendors CVE-2023-44487 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-444...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple Vim vulnerabilities
Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-0128 DESCRIPTION: Vim could allow a local attacker to obtain...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple Vim vulnerabilities
Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-0407 DESCRIPTION: Vim is vulnerable to a heap-based buffer...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities
Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2849 DESCRIPTION: Vim is vulnerable to a heap-based buffer...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities
Summary Multiple potential vulnerabilities has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy.( CVE-2023-45290)
Summary Potential Golang Go denial of service vulnerabilitiy. CVE-2023-45290 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45290 DESCRIPTION: Golang Go is...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go sensitive information disclosure vulnerabilitiy( CVE-2023-45289)
Summary Potential Golang Go sensitive information disclosure vulnerabilitiyCVE-2023-45289 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45289 DESCRIPTION:...
Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in IBM MQ
Summary IBM Virtualization Engine TS7700 is susceptible to three denial-of-service conditions CVE-2024-25016, CVE-2024-31919, CVE-2024-35116, a privilege escalation CVE-2024-31912 and a buffer overflow CVE-2024-25048 due to the use of IBM MQ. TS7700 uses IBM MQ for inter-process communication...
Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.
Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...
Security Bulletin: IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45073)
Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45073 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user t...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference CVE-2024-38477, executing arbitrary code due to an encoding issue in modrewrite CVE-2024-38474, and improper escaping in modrewrite resulting in acces...
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System
Summary There are multiple Unspecified and Denial of Service Java SE Vulnerabilities that affect IBM Java SDK shipped with IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attack...
Security Bulletin: Vulnerabilities in Golang Go affect IBM Cloud Pak System
Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. CVE-2023-45284, CVE-2023-45283 Vulnerability Details CVEID:CVE-2023-45284 DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the...
Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System
Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed in IBM Cloud Pak System v2.3.4.0. Vulnerability Details CVEID:CVE-2023-38013 DESCRIPTION: IBM Cloud Pak System could disclose sensitive information in HTTP responses that could aid in further attacks...
Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System
Summary Vulnerabilities found in components packaged with Cloud Pak System, Beego, Node.js follow-redirects module, Prototypejs, jQuery, Golang go and go/crypto module. These vulnerabilities have been addressed in Cloud Pak System V2.3.4.0 and IBM V2.3.5.0. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...
Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2rBuffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z. Vulnerability Details Refer to the security bulletins listed in...