35068 matches found
Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-50312)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...
Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Maximo Asset and Service Management (CVE-2024-35153)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: Information disclosure in persistent watchers handling
Summary Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check...
Security Bulletin: CVE-2023-6378
Summary A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caus...
Security Bulletin: CVE-2023-6481
Summary A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a deni...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2024-40690)
Summary A cross-site scripting vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-40690 DESCRIPTION: IBM InfoSphere Server is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in t...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to a code execution vulnerability in Node.js IP package (CVE-2023-42282)
Summary Potential code execution vulnerability in Node.js IP package CVE-2023-42282 has been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-42282...
Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. ...
Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to use of open-vm-tools (CVE-2023-20900)
Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit hypervisor users to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20900 DESCRIPTION: VMware Tools could allow a remote attacker to bypa...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-35154)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to remote code execution (CVE-2024-35154)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a remote code execution vulnerability in the administative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to remote code execution (CVE-2024-35154)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a remote code execution vulnerability in the administative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...
Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widge...
Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities
Summary IBM Security Verify Governance uses IBM Db2 and IBM WebSphere Application Server traditional as dependent components. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2021-33631)
Summary This CVE in the OS kernel can affect mounting file-systems Vulnerability Details CVEID:CVE-2021-33631 DESCRIPTION: openEuler is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service...
Security Bulletin: Publicly disclosed vulnerability in OpenSSL affects IBM Netezza Performance Server
Summary OpenSSL is used by IBM Netezza Performance Server. IBM Netezza Performance Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-35154)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a remote code execution vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 275. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.4.0. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low integrity impact,...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-6387) due to OpenSSH
Summary Vulnerability in AIX's OpenSSH could allow a remote attacker to execute arbitrary code CVE-2024-6387. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js package affects IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote authenticate...
Security Bulletin: IBM QRadar Wincollect is using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular...
Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)
Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL...
Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to use of nghttp2 (CVE-2024-28182)
Summary nghttp2 is used by IBM DataPower Gateway in its HTTP/2 implementation in the front-side handler and for outgoing connections Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATIO...
Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to OpenSSL (CVE-2024-2511)
Summary OpenSSL is used to provide TLS functionality within IBM DataPower Gateway Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling in Node.js (CVE-2024-27982)
Summary Node.js is used by IBM DataPower Gateway in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By sending specially crafted HTT...
Security Bulletin: Vulnerabilities in Java affect IBM Voice Gateway
Summary Security Vulnerabilities in Java affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact,...
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and bypassing security restrictions due to multiple vulnerabilities.
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing availability impact CVE-2024-21085, denial of service CVE-2023-38264, and bypassing security restrictions CVE-2024-3933 as described in the vulnerability details...
Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)
Summary IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability in the administative console. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server could allow a remote authenticated attacker, who has authorized access to the...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java
Summary There are multiple vulnerabilities in Java used by IBM Cloud Transformation Advisor CVE-2021-46877, CVE-2021-0341, CVE-2021-35515, CVE-2021-35516, CVE-2024-30172. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, cause...
Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2021-43138)
Summary Async is used by IBM Storage Ceph in Grafana as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-43138. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on...
Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Jinja2 (CVE-2024-22195)
Summary Jinja2 is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-22195. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Pallets Jinja is vulnerable to cross-site scripting, caused by...
Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd
Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details CVEID:CVE-2023-26604 DESCRIPTION: systemd could allow a local authenticated attacker to gain elevated privileges on the...
Security Bulletin: TSSC/IMC is vulnerable to aritrary code execution due to Linux Kernel
Summary TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel. A patch that updates the Kernel library has been provided. CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-35001, CVE-2023-35788. Vulnerability Details...
Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel
Summary TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235. Vulnerability Details CVEID:CVE-2022-42896 DESCRIPTION: Linux Kernel coul...
Security Bulletin: TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE
Summary TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE. A patch has been provided that updates the Java SE library. CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193. Vulnerability Details...
Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)
Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. CVE-2023-22081 Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...
Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to curl (CVE-2023-27536, CVE-2023-28321)
Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. CVE-2023-30630, CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-27536 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, cause...
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-4067, CVE-2024-28849, CVE-2024-4068)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site...
Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities (CVE-2023-35006, CVE-2023-33859, CVE-2023-33860, CVE-2023-35008)
Summary IBM Security QRadar EDR Software is vulnerable to link injection and could also allow an attacker to embed links URLs to an external site or to different pages. Sensitive information could also be disclosed due to an observable login response discrepancy and web pages could be stored...
Security Bulletin: Google Guava vulnerability affect IBM Spectrum Control
Summary Google Guava could allow a local authenticated attacker to obtain sensitive information. This vulnerability affect IBM Spectrum Control. CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive...
Security Bulletin: Apache Commons Compress vulnerability affect IBM Spectrum Control
Summary Apache Commons Compress is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2024-25710, CVE-2024-26308, CVE-2023-42503. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...
Security Bulletin: Fasterxml jackson-databind vulnerability affect IBM Spectrum Control
Summary Fasterxml jackson-databind is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2023-35116. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By...
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition
Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Spectrum Control which could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945,...