35730 matches found
Security Bulletin: IBM DataStage Flow Designer is vulnerable to information disclosure (CVE-2024-40704)
Summary An information disclosure vulnerability in DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-40704 DESCRIPTION: IBM DataStage Flow Designer could allow a privileged user to obtain sensitive information from authentication request headers. CVSS Base score: 4.9 CVS...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java (CVE-2022-3509).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite. They are most often used for defining communications protocols together with gRPC and for data storage. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka (CVE-2024-27309).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka. It is primarily used to build real-time streaming data pipelines and applications that adapt to the data streams. It combines messaging, storage, and stream processing to allow storage and analysis of...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java (CVE-2023-43642).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java component. In IBM Event Streams, Snappy-java boosts performance by compressing event payloads before transmission and decompressing them on the client side, reducing bandwidth usage and improving data...
Security Bulletin: IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component (CVE-2023-26159).
Summary IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component. In event streams, following redirects ensures uninterrupted data flow by automatically directing clients to new endpoints if the original one changes. It also aids in load balancing and failover...
Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2023-36665)
Summary Protobuf is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-36665. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary co...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795].
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP response splitting attacks due to improper input validation and flaws in multiple modules as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as...
Security Bulletin: Multiple IBM® Db2® security vulnerability fixes
Summary If you use IBM® Db2® as your database in your IBM Datacap deployment, please follow the Db2 security bulletins referred here to remedy the vulnerabilities. IBM® Db2® is affected by a vulnerability in the open source zlib library CVE-2023-45853 and IBM® Db2® is vulnerable to sensitive...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2023 Vulnerabilities Affect IBM SPSS
Summary IBM SPSS addressed vulnerabilities reported in IBM SDK, Java Technology Edition Quarterly CPU - Jul 2023 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- | SPSS Statistics| 29.0...
Security Bulletin: Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Standard.
Summary Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop...
Security Bulletin: Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Advanced.
Summary Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a memory exhaustion flaw due to floo...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js (CVE-2024-35255, CVE-2024-37168)
Summary IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...
Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: medikoo es5-ext is vulnerable to a...
Security Bulletin: IBM Sterling Connect:Express for UNIX uses vulnerable version of OpenSSL
Summary IBM Sterling Connect:Express for UNIX uses a version OpenSSL which is vulnerable to denial of service CVE-2024-2511. This issue has been addressed by upgrading the version of OpenSSL. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to remote code execution (CVE-2024-35154)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jazz fo...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite ( CVE-2022-3171).
Summary Protobuf-java core and lite are used by IBM Event Streams. The protobuf-java core library provides comprehensive functionality for working with Protocol Buffers, including advanced parsing and serialization, while the protobuf-java-lite library offers a performance-optimized version for...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the json-path component (CVE-2023-51074).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the json-path component. JSON-Path is a query language for JSON, similar to XPath for XML. It allows us to select and extract data from a JSON document. we use a JSON-Path expression to traverse the path to an element in...
Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-45803, CVE-2023-43804)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-45803, CVE-2023-43804. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...
Security Bulletin: IBM Storage Ceph is vulnerable to a Missing Cryptographic Step in the RHEL UBI (CVE-2023-5363)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-5363. Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Removal of Sensitive Information Before Storage or Transfer in Grafana (CVE-2021-23566)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-23566. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caus...
Security Bulletin: IBM Storage Ceph is vulnerable to Insecure credentials submission in the RHEL UBI (CVE-2023-35789)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-35789. Vulnerability Details CVEID:CVE-2023-35789 DESCRIPTION: RabbitMQ C AMQP client library aka rabbitmq-c could allow a...
Security Bulletin: IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana
Summary Moby is used by IBM Storage Ceph in Grafana as part of Metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-21285, CVE-2021-31525, CVE-2021-3121, CVE-2022-34038, CVE-2021-41103, CVE-2021-41089, CVE-2020-29652, CVE-2022-27536, CVE-2021-44716...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-28131, CVE-2022-30630, CVE-2022-30580, CVE-2022-32189, CVE-2022-30632, CVE-2022-28327, CVE-2022-30629, CVE-2022-30635, CVE-2022-30631, CVE-2022-32148, CVE-2022-1705, CVE-2022-1962, CVE-2022-24675,...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler ( CVE-2022-27664 )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-27664 Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to various issues due to go compiler ( CVE-2022-30630, CVE-2022-30635, CVE-2022-32148, CVE-2022-30631, CVE-2022-30632, CVE-2022-32189, CVE-2022-28131, CVE-2022-30633, CV )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-30630, CVE-2022-30635, CVE-2022-32148, CVE-2022-30631, CVE-2022-30632, CVE-2022-32189, CVE-2022-28131, CVE-2022-30633, CVE-2022-1705. Vulnerability Details CVEID:CVE-2022-30630 DESCRIPTION: Golang Go is...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler ( CVE-2021-33197 )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2021-33197. Vulnerability Details CVEID:CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sendi...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go compiler ( CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 Vulnerability Details CVEID:CVE-2022-29804 DESCRIPTION: Golang Go could allow a local attacker to bypass security restrictions, caused by a flaw in t...
Security Bulletin: A Stored Cross-Site Scripting (XSS) security vulnerability has been identified in IBM Rational ClearQuest (CVE-2024-28796)
Summary An XSS security vulnerability has been identified in IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the CVE CVE-2024-28796 Vulnerability Details CVEID:CVE-2024-28796 DESCRIPTION: IBM ClearQuest CQ is vulnerable to stored cross-site scripting. This vulnerability allows user...
Security Bulletin: Vulnerability in Linux kernel may affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerability in Linux Kernel. Vulnerability includes elevation of privileges, as described by the CVE in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2023-51043 DESCRIPTION: Linux Kernel could allow a local authenticate...
Security Bulletin: IBM App Connect Enterprise Certified Container Operations Dashboard is vulnerable to denial of service [CVE-2024-36129]
Summary OpenTelemetry is used by IBM App Connect Enterprise Certified Container for the Operations Dashboard. IBM App Connect Enterprise Certified Container Operations Dashboard is vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM Match 360 vulnerable to denial of service due to jose4j in IBM WebSphere Application Server Liberty (CVE-2023-51775)
Summary IBM Match 360 is vulnerable to jose4j used within IBM WebSphere Application Server Liberty. jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit this vulnerability to cause a denial of...
Security Bulletin: IBM Match 360 is vulnerable to IBM WebSphere Application Server Liberty (CVE-2023-50312)
Summary IBM Match 360 is vulnerable to weaker security from IBM WebSphere Application Server Liberty. The vulnerability from IBM WebSphere Application Server Liberty causes weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. Vulnerability...
Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition (CVE-2023-50310 and CVE-2023-50311).
Summary There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50311 DESCRIPTION: IBM CICS Transaction Gateway could...
Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22329)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...
Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...
Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-35154)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...
Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-37532)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera and...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 277. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 277 Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote...
Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 277 Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted reques...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution
Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases
Summary IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases. This bulletin identifies the steps required to address these...
Security Bulletin: Vulnerability with The Bouncy Castle Crypto affect IBM Cloud Object Storage Systems (July 2024v2)
Summary Vulnerability with The Bouncy Castle CryptoCVE-2024-29857, , Snappy CVE-2024-36124, CVE-2024-30171, CVE-2024-30172, This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is...
Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)
Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-46813, CVE-2023-51385, CVE-2023-48795)
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-46813 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect access checking in the VC handler and instruction emulation ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Storage Scale packaged in Elastic Storage Server
Summary There are multiple vulnerabilities in Javaâ„¢ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945. Vulnerability Details CVEID:CVE-2024-20952...
Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affect IBM Storage Scale packaged in IBM Storage Scale System
Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Storage Scale System GUI, could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926,...
Security Bulletin: IBM Maximo Application Suite: follow-redirects-1.15.5.tgz is vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses follow-redirects-1.15.5.tgz which is vulnerable to CVE-2024-28849 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information,...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2511, CVE-2024-0727) due to OpenSSL
Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-2511, CVE-2024-0727. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...
Security Bulletin: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response
Summary In IBM Sterling B2B Integrator's dashboard, many links have CSRF tokens at the end of URLs. An attacker could post something with a link to the B2Bi dashboard somewhere. If a B2Bi user who has the active http session and owns the token clicks the link then the request will be honored sinc...