35092 matches found
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker ...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSS...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)
Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to C-ares (CVE-2024-25629)
Summary The OpenTelemetry tracing in IBM App Connect Enterprise is vulnerable to a denial of service due to C-ares. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-25629 DESCRIPTION: C-ares is vulnerable to a denial of service, caused ...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights
Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Advanced is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Advanced. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced has been updated to address the applicable issues. Vulnerability...
Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Standard is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Standard. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard has been updated to address the applicable issues. Vulnerability...
Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...
Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to multiple security vulnerabilities in the Administration Console shipped with the product (CVE-2024-22344, CVE-2024-22345 and CVE-2024-22343).
Summary There are vulnerabilities in the Administration console shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has been updated to address the applicable issues. Vulnerability Details CVEID:CVE-2024-22343 DESCRIPTION: IBM TXSeries for Multiplatforms allows web pages...
Security Bulletin: IBM Automation Decision Services - April 2024 -Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-31906 DESCRIPTION: IBM Automation Decision...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...
Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a denial of service (CVE-2024-25026)
Summary IBM WebSphere Application Server, which is shipped with IBM Security Access Manager for Enterprise Single Sign-On, is vulnerable to a denial of service. Apply updates as referenced in the Remediation/Fixes section below. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerability in IBM® Java SDK affects WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2022-40609)
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. See the bulletins listed in the Remediation/Fixes...
Security Bulletin: TPF Toolkit is affected by vulnerabilities in the Eclipse IDE and Apache Commons Compress
Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure CVE-2023-4218. Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature CVE-2024-26308, CVE-2024-25710...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Orac...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20926)
Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20926 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20918)
Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20918 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20921)
Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20921 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20919)
Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20919 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-26159, CVE-2024-25015, CVE-2024-25048, CVE-2024-20952, CVE-2023-33850, CVE-2023-6237, CVE-2024-0727 Vulnerability Details Ref...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20932)
Summary Potential unspecified vulnerability in Java SE related to the Security component CVE-2024-20932 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 271 Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length processing during the...
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale
Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Xerces2
Summary Multiple vulnerabilities have been identified in Apache Xerces2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been address...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-23635)
Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...
Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management (CVE-2024-23635)
Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability...
Security Bulletin: There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-21634)
Summary There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a...
Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-28849, CVE-2024-29041, CVE-2024-29180)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js...
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...
Security Bulletin: Common vulnerability in Cloudera Data Platform Private Cloud Base 7.1.9 fixed in Hot Fix 1
Summary Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-43045 DESCRIPTION: Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
Security Bulletin: IBM Financial Transaction Manager is vulnerable to an XML External Entity Injection (XXE) attack
Summary IBM Financial Transaction Manager for ACH and Check Service v3.0.5.4 and v3.0.5.5 has addressed an XML External Entity Injection vulnerability. Vulnerability Details CVEID:CVE-2023-35892 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML Extern...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to privilege escalation due to Spring-Web (CVE-2023-44794)
Summary IBM Sterling Connect:Direct Web Services uses Spring-Web. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44794 DESCRIPTION: Dromara SaToken and SpringBoot could allow a remote authenticated attacker to gain elevated privileg...
Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2
Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692...
Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)
Summary Vulnerability in the AIX kernel may lead to privilege escalation CVE-2024-27273. Vulnerability Details CVEID:CVE-2024-27273 DESCRIPTION: IBM AIX's Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation an...
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...
Security Bulletin:Tensorflow, which is vulnerable to multiple security CVEs, is used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-25658 DESCRIPTION: TensorFlow is vulnerable to a denial of servic...