35092 matches found
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-22329
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug [CVE-2023-46136]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning CVE-2023-46136. Pallets Werkzeug is used in our Speech...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information disclosure in Kubernetes [CVE-2021-25740]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information disclosure in Kubernetes, caused by a confused deputy attack. CVE-2021-25740. Kubernetes is included as part of the utilities used by our Speech Services. This vulnerabilitiy has been addressed...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Python Cryptographic Authority [CVE-2023-50782]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Python Cryptographic Authority cryptography, caused by a flaw when decrypting captured messages in TLS servers that use RSA key exchanges CVE-2023-50782. Python Cryptographic...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind [CVE-2023-35116]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind, caused by a stack-based overflow CVE-2023-35116. Fasterxml jackson-databind is used in our Speech microservices. This vulnerabilitiy has been addressed. Plea...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx [CVE-2024-28122]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx, caused by a flaw when using a compressed JWE message CVE-2024-28122 . JWx is included as part of the utilities used by our Speech Services. This vulnerabilitiy has been addressed...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils [CVE-2022-4285]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils, caused by a NULL pointer dereference in bfdelfgetsymbolversionstring, resulting in a segmentation fault when parsing ELF files. CVE-2022-4285. GNU Binutils is used in our...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL [CVE-2024-0985]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY CVE-2024-0985. PostgreSQL is included as part of the utilities used by our Speech Services...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in Binutils [ CVE-2021-46174]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in Binutils, caused by a heap-based buffer overflow in the bfdgetl32 function CVE-2021-46174. Binutils is used in our Speech Services runtimes. This vulnerabilitiy has been addressed. Please...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22243]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability when using UriComponentsBuilder to parse an externally provided URL CVE-2024-22243. VMware Tanzu Spring Framework is...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in Google gRPC [CVE-2023-4785]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in Google gRPC, caused by a lack of error handling in the TCP server on posix-compatible platforms CVE-2023-4785. Google gRPC is used in our Speech Services runtimes. This vulnerabilitiy has...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils [CVE-2022-44840]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils, caused by a heap-based buffer overflow vulnerability in function findsectioninset in file readelf.c CVE-2022-44840. GNU Binutils is used in our Speech Services runtimes. Thi...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in the Cryptography package for Python [CVE-2023-49083]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in the Cryptography package for Python, caused by a NULL pointer dereference when loading PKCS7 certificates CVE-2023-49083. The Cryptography package for Python is used in our Speech Service...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to SQL injection in PostgreSQL JDBC Driver [CVE-2024-1597]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to SQL injection in PostgreSQL JDBC Driver, through the use of the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL CVE-2024-1597. Postgres is...
Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server and IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2024-25026)
Summary IBM WebSphere® Application Server and and IBM WebSphere Application Server Liberty are shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server and IBM WebSphere Application Server Liberty has been published in...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-websocket-9.0.83.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-websocket-9.0.83.jar Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an incomplete cleanup flaw. By sending specially crafted...
Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).
Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...
Security Bulletin: IBM Event Processing is vulnerable to high confidentiality, integrity and availability impacts (CVE-2023-22102).
Summary MySQL Connector/J versions used by IBM Event Processing are susceptible to a difficult to exploit vulnerability that could allow an unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a perso...
Security Bulletin: IBM Event Processing is vulnerable to conduct phishing attacks, caused by an open redirect vulnerability (CVE-2023-26159).
Summary There is a vulnerability in follow-redirects used by IBM Event Processing which is categorized as an Improper Input Validation vulnerability due to the improper handling of URLs by the url.parse function. This vulnerability can be exploited by manipulating the hostname when new URL throws...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service attack (CVE-2023-51074).
Summary IBM Event Endpoint Management is vulnerable to a denial of service due to json-path component, caused by a stack-based buffer overflow in the Criteria.parse method.It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document...
Security Bulletin: IBM Event Processing is vulnerable to a denial of service attack (CVE-2023-51074).
Summary IBM Event Processing is vulnerable to a denial of service due to json-path component , caused by a stack-based buffer overflow in the Criteria.parse method. It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack (CVE-2024-28176).
Summary IBM Event Streams is vulnerable to a denial of service due to the jose module component, caused by a flaw during JWE Decryption operations. Jose module is a javaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node. js-based servers...
Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper...
Security Bulletin: IBM Administration Runtime Expert for i is vulnerable to attacker executing arbitrary code on the system due to Dojo (CVE-2021-23450)
Summary IBM Administration Runtime Expert for i uses Dojo to render it's web interface. Dojo 1.3.3 could allow an attacker to execute arbitrary code on the system, as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as describ...
Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
Summary Vulnerability in RPM could allow a remote authenticated attacker to execute arbitrary code CVE-2023-7104. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper boun...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service,...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for March 2023.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF003. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially...
Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to Apache Commons Compress (CVE-2024-25710, CVE-2024-26308)
Summary Vulnerabilities in Apache Commons Compress may affect IBM Storage Insights. Vulnerabilities include denial of service attacks, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to ...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability.
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-22354 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to Eclipse Jetty (CVE-2024-22201)
Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-5868)
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5868 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to a denial of service, caused ...
Security Bulletin: Multiple vulnerabilities found in Batik Jars which are shipped with IBM® Intelligent Operations Center(CVE-2022-44730, CVE-2022-44729)
Summary Multiple vulnerabilities have been identified in Batik jars which are shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)
Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server and IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2023-51775)
Summary IBM WebSphere® Application Server and and IBM WebSphere Application Server Liberty are shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server has been published in a security bulletin. Vulnerability Details...
Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server and IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2024-22354)
Summary IBM WebSphere® Application Server and and IBM WebSphere Application Server Liberty are shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server and IBM WebSphere Application Server Liberty has been published in...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty is...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 271 Vulnerability Details CVEID:CVE-2023-45285 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when using go get to...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-22354
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality due to [CVE-2024-30260] [CVE-2024-30261]
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when processing batches in Designer flows. IBM App Connect Enterprise Certified Container IntergationServer and IntegrationRuntime operands that run flows that contain batch processes are vulnerable to loss of...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.17 LTS and 11.5.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-29041]
Summary Node.js module Express.js is used by IBM App Connect Enterprise Certified Container for internal HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]
Summary Node.js module follow-redirects is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service due to [CVE-2023-46809] [CVE-2024-21892] [CVE-2024-22019]
Summary Node.js is used by IBM App Connect Enterprise Certified Container as one of the main runtimes. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service. This bulletin provides patch information to address the reported...
Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server and IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2024-22329)
Summary IBM WebSphere® Application Server and IBM WebSphere Application Server Liberty is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server and IBM WebSphere Application Server Liberty has been published in a...
Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2023-51775 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...
Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2023-51775, CVE-2024-22329 and CVE-2024-22354)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a Denial of Service, Server-side Request Forgery and XXE vulnerability affecting WebSphere Application Server have been published in security bulletins. Vulnerability...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a machine-in-the-middle attack due to OpenSSH (CVE-2023-48795)
Summary IBM App Connect Enterprise File Nodes configured to connect to OpenSSH servers using SFTP are vulnerable to a machine-in-the-middle attack due to OpenSSH. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenS...
Security Bulletin: IBM Datapower Operations Dashboard could be vulnerable to a denial of service CVE-2023-51074
Summary json-path is used by the IBM Datapower Operations Dashboard to query JSON documents. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a specially crafted...