35715 matches found
Security Bulletin: Vulnerabilities in Netty affect IBM watsonx.data
Summary Netty is vulnerable to a denial of service attcaks and could allow a local authenticated attacker to obtain sensitive information. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with...
Security Bulletin: Vulnerabilities in Apache ZooKeeper affect IBM watsonx.data
Summary Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information or allow a remote attacker to bypass security restrictions. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx.data
Summary Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending specially crafted HTTP headers, a remote attacker could exploit this vulnerability to cause a denial of service condition. This can affect watsonx.data. Vulnerability Details...
Security Bulletin: Vulnerability in dnsjava affects IBM watsonx.data
Summary dnsjava could allow a remote attacker to bypass security restrictions, caused by improper response validation. By sending a specially crafted request, an attacker could exploit this vulnerability to perform DNSSEC bypass. This may affect watsonx.data. Vulnerability Details...
Security Bulletin: Vulnerability in Gorilla Web Toolkit affects IBM watsonx.data
Summary Gorilla web toolkit schema is vulnerable to a denial of service, caused by a memory exhaustion flaw due to sparse slice deserialization. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. This can affect...
Security Bulletin: Vulnerability in Axios affects IBM watsonx.data
Summary Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. This can affect watsonx.data...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 9 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Sept 2024
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF002 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing...
Security Bulletin: IBM Cognos Analytics Reports mobile client application (iOS) is vulnerable to unauthorized attacks due to an exposed API key (CVE-2024-40703)
Summary An exposed API key in IBM Cognos Analytics could allow an unauthorized attacker to send unsolicited push notification alerts to IBM Cognos Analytics Reports mobile client applications. IBM Cognos Analytics has addressed the applicable CVE by revoking the exposed API key. Revocation of thi...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 282 Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivate, IsLoopback, etc did not work as expected for...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
Summary IBM SDK, Java Technology Edition is vulnerable to CVE-2023-38264. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Workflow Management Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2024-22354)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2024-22354. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...
Security Bulletin: A vulnerability in glibc affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in glibc affects IBM Storage Virtualize products and could cause impacts to integrity, confidentiality and availability. CVE-2024-2961. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the syste...
Security Bulletin: Vulnerabilities in libmaxminddb, dnsmasq and bind affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem product
Summary Vulnerabilities in libmaxminddb, dnsmasq and bind affect IBM Storage Virtualize products and could cause impacts to integrity and availability. CVE-2023-50387 CVE-2023-50868 CVE-2020-28241 CVE-2023-4408. Vulnerability Details CVEID:CVE-2023-50387 DESCRIPTION: ISC BIND is vulnerable to a...
Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause various impacts. CVE-2023-1073 CVE-2023-45871 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-1206 CVE-2023-5178. Vulnerability Details CVEID:CVE-2023-1073 DESCRIPTION: Linux Kernel could allow a...
Security Bulletin: Vulnerabilitiy in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products
Summary Vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-21131. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component...
Security Bulletin: Vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, Linux kernel might affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, and Linux. Vulnerabilities include obtaining sensitive information, causing denial of service condition, heap-based buffer overflow, bypassing of security restrictions,...
Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138)
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...
Security Bulletin: Denial of service and SQL injection might affect IBM Storage Defender – Resiliency Service
Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2024-38325, CVE-2024-41990, CVE-2024-41989, CVE-2024-42005, CVE-2024-42005, CVE-2024-41991, CVE-2024-38324...
Security Bulletin: IBM DevOps Release addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream.
Summary IBM DevOps Release7.0.0.3 addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-39249)
Summary There is a vulnerability in Async used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused...
Security Bulletin: IBM Cognos Analytics is vulnerable to unauthorized attacks due to an exposed API key (CVE-2024-40703)
Summary An exposed API key in IBM Cognos Analytics could allow an unauthorized attacker to send unsolicited push notification alerts to IBM Cognos Analytics Mobile client applications. IBM Cognos Analytics has addressed the applicable CVE by revoking the exposed API key. Revocation of this API ke...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in es5-ext-0.10.53.tgz
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of es5-ext-0.10.53.tgz Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: medikoo es5-ext is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By providing...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in urllib3-1.26.18-py2.py3-none-any.whl
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of urllib3-1.26.18-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Certifi python-certifi
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Certifi python-certifi Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An attacke...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in setuptools
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. By...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Tensorflow
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Tensorflow Vulnerability Details CVEID:CVE-2023-30767 DESCRIPTION: Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2019-4505)
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM App Connect Enterprise has multiple vulnerabilities due to IBM Semeru Runtime (CVE-2024-21131, CVE-2024-21144, CVE-2024-21145)
Summary IBM App Connect Enterprise has multiple vulnerabilities due to IBM Semeru Runtime CVE-2024-21131, CVE-2024-21144, CVE-2024-21145. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL (CVE-2024-2511)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL CVE-2024-2511. This bulletin identifies the steps to take to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by imprope...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules (CVE-2024-39338, CVE-2024-43800, CVE-2024-43799, CVE-2024-43796).
Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules axios CVE-2024-39338, expressjs serve-static CVE-2024-43800, pillarjs send CVE-2024-43799 and expressjs express CVE-2024-43796. This bulletin identifies the steps to take to address the...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities in IBM Java SDK, Java Technology Edition
Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecifie...
Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty's server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...
Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service (CVE-2024-22353)
Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by IBM WebSphere Application Server Liberty cross-site scripting (CVE-2024-27270)
Summary IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting CVE-2024-27270 may affect SPSS Collaboration and Deployment Services Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Product...
Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty's denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-40681, CVE-2024-40680, CVE-2024-2511, CVE-2024-21085 Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114
Summary IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a local attacker...
Security Bulletin: IBM Maximo Application Suite uses certifi-2024.6.2-py3-none-any.whl which is vulnerable to CVE-2024-39689.
Summary IBM Maximo Application Suite uses certifi-2024.6.2-py3-none-any.whl which is vulnerable to CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker th...
Security Bulletin: IBM Truststore Manager uses Jinja2-3.1.3-py3-none-any.whl which is vulnerable to CVE-2024-34064
Summary IBM Truststore Manager uses Jinja2-3.1.3-py3-none-any.whl which is vulnerable to CVE-2024-34064. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by t...
Security Bulletin: IBM Maximo Application Suite uses tinymce-6.8.3.tgz which is vulnerable to CVE-2024-38357, CVE-2024-38356
Summary IBM Maximo Application Suite uses tinymce-6.8.3.tgz which is vulnerable to CVE-2024-38357, CVE-2024-38356. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting,...
Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty's XML External Entity XXE injection vulnerability Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in July 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21147...
Security Bulletin: Vulnerability with Apache HTTP, OpendJDK, python3 and spring-web affect IBM Cloud Object Storage Systems (Sept 2024v1)
Summary Vulnerability with Apache HTTP CVE-2024-38474, CVE-2024-39573,CVE-2024-38477,CVE-2024-38473,CVE-2024-38476,CVE-2024-38475, OpenJDK CVE-2024-21131, CVE-2024-21147, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, python3 CVE-2024-37891,CVE-2024-39689,CVE-2024-6345,CVE-2024-3651 and SpringWe...
Security Bulletin: Vulnerability in Spring Framework affects IBM watsonx.data
Summary Spring Framework running on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. This may affect IB...
Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data
Summary FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization. This could affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2020-36188 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to...
Security Bulletin: Vulnerabilities in Moby BuildKit affect IBM watsonx.data
Summary Moby BuildKit could allow a remote attacker to bypass security restrictions, allow a remote attacker to traverse directories on the system, or allow a remote attacker to gain elevated privileges on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2024-23651...
Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM watsonx.data
Summary Apache Hadoop has multiple vulnerabilities that can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an unTarUsingJava function on Windows and the...
Security Bulletin: Vulnerability in Perl affects IBM watsonx.data
Summary Perl could allow a remote attacker to bypass security restrictions, caused by improper handling of property name by the Sparseunipropstring function in regcomp.c. This can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2023-47100 DESCRIPTION: Perl could allow a remote attacker t...