35715 matches found
Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in IBM MQ
Summary IBM Virtualization Engine TS7700 is susceptible to three denial-of-service conditions CVE-2024-25016, CVE-2024-31919, CVE-2024-35116, a privilege escalation CVE-2024-31912 and a buffer overflow CVE-2024-25048 due to the use of IBM MQ. TS7700 uses IBM MQ for inter-process communication...
Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.
Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...
Security Bulletin: IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45073)
Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45073 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user t...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference CVE-2024-38477, executing arbitrary code due to an encoding issue in modrewrite CVE-2024-38474, and improper escaping in modrewrite resulting in acces...
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System
Summary There are multiple Unspecified and Denial of Service Java SE Vulnerabilities that affect IBM Java SDK shipped with IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attack...
Security Bulletin: Vulnerabilities in Golang Go affect IBM Cloud Pak System
Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. CVE-2023-45284, CVE-2023-45283 Vulnerability Details CVEID:CVE-2023-45284 DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the...
Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System
Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed in IBM Cloud Pak System v2.3.4.0. Vulnerability Details CVEID:CVE-2023-38013 DESCRIPTION: IBM Cloud Pak System could disclose sensitive information in HTTP responses that could aid in further attacks...
Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System
Summary Vulnerabilities found in components packaged with Cloud Pak System, Beego, Node.js follow-redirects module, Prototypejs, jQuery, Golang go and go/crypto module. These vulnerabilities have been addressed in Cloud Pak System V2.3.4.0 and IBM V2.3.5.0. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...
Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2rBuffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z. Vulnerability Details Refer to the security bulletins listed in...
Security Bulletin: IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)
Summary IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy CVE-2023-0482 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analytic Server| 3.5...
Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136
Summary Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136 Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.1.1
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.1.1 Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.
Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...
Security Bulletin: Mulitple Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights.
Summary Multiple Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights ICABI have ben addressed in Fixpacks 1.1.7.10 and 1.1.8.5 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [ CVE-2023-51767]
Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-51767 Vulnerability Details CVEID:CVE-2023-51767 DESCRIPTION: OpenSSH could allow a local authenticated attacker to bypass security restrictions,...
Security Bulletin: Vulnerability in Log4j affects IBM Integrated Analytics System [CVE-2023-26464]
Summary Redhat provided Log4j is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26464 Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a...
Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2022-1679]
Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-1679 Vulnerability Details CVEID:CVE-2022-1679 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on th...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerability has been addressed in this update. Please read the details for remediation...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat [CVE-2024-34750]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by a flaw when processing an HTTP/2 stream CVE-2024-34750. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read t...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp [CVE-2024-5569]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp, caused by an infinite loop flaw in the Path module CVE-2024-5569. Zipp is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow [CVE-2023-33976]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a a segfault when not given a rank 2 tensor in the arrayops.upperbound function CVE-2023-33976. TensorFlow is used by our Speech Service runtimes. This...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools [CVE-2024-6345]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools , caused by an error in the packageindex module. CVE-2024-6345. pypa/setuptools is used by our Speech Service runtimes. This vulnerabilitiy has been addressed...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi [CVE-2024-39689]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi, caused by the use of GLOBALTRUST root certificate CVE-2024-39689. Certifi python-certifi is used by our Speech Service runtimes. This vulnerabilitiy has been...
Security Bulletin: Vulnerabilities in Logback might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Logback. A local or remote attacker could exploit these vulnerabilities to cause a denial of service condition as described by the CVE in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2023-6481...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to cause a denial of service condition, an authenticated attacker could exploit the vulnerability to gain...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local authenticated attacker could exploit the vulnerability to cause the kernel to crash, to cause a denial of service condition, an attacker could exploit this vulnerability to...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to make arbitrarily change the value stored in EAX while a SEV VM is running, to trigger int80 syscall handling at any given point, ...
Security Bulletin: Vulnerabilities in Golang Go and PostgreSQL might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and PostgreSQL . An attacker or remote attacker could exploit these vulnerabilities to create an zip file with contents that vary depending on the implementation reading the file, to obtain sensitive...
Security Bulletin: Vulnerability in Linux Kernel could affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by a vulnerability in Linux Kernel. An attacker could exploit this vulnerability to cause the wrong portion of the block buffer to be read or a denial of service as described by the CVE in the "Vulnerability Details" section. Vulnerability...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to expose sensitive information due to RubyGems activesupport ( CVE-2023-38037 )
Summary RubyGems activesupport is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-38037. Vulnerability Details CVEID:CVE-2023-38037 DESCRIPTION: RubyGems activesupport gemcould allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software
Summary Various 3rd party software packages are used by the underlying platform of IBM Cloud Pak for Data. These packages are used for the building of binaries, installation of software and within the provided services. The fixed CVEs are listed below. Vulnerability Details CVEID:CVE-2022-23806...
Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-39463]
Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-39463 Vulnerability Details CVEID:CVE-2024-39463 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4304, CVE-2023-0215, CVE-2023-0286]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-2068]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-2068 Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caus...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to GNOME GLib, libcurl and kerberos 5
Summary GNOME GLib, libcurl and kerberos 5 used by IBM MQ Operator and Queue Manager container images are vulnerable to spoofing attacks, denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-3999]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3999 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by imprope...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2022-23219]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23219 Vulnerability Details CVEID:CVE-2022-23219 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based buffer overflow, caused by...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2022-23218]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23218 Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based buffer overflow, caused by...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-35942]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-35942 Vulnerability Details CVEID:CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive information,...
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3518]
Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3518 Vulnerability Details CVEID:CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3516]
Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3516 Vulnerability Details CVEID:CVE-2021-3516 DESCRIPTION: libxml2 could allow a remote attacker to execute arbitrary code on the system, caused b...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-27218, CVE-2021-27219]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-27218, CVE-2021-27219 Vulnerability Details CVEID:CVE-2021-27218 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an error whe...
Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™
Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: IBM DevOps Build addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream.
Summary IBM DevOps Build 7.0.0.3 addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending...
Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-40975]
Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-40975 Vulnerability Details CVEID:CVE-2024-40975 DESCRIPTION: Linux Kernel could provide weaker than expected security, caused by unregister devices ...