Security Bulletin: Vulnerabilities of JCommander and TestNG have affected APM WebLogic and APM JBoss Agents.

Summary APM WebLogic and APM JBoss agents are vulnerable to JCommander and TestNG as described in 221124, CVE-2022-4065. The fix includes removing the required libraries from the installed path Vulnerability Details CVEID:CVE-2022-4065 DESCRIPTION: cbeust testing could allow a remote authenticate...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM MQ which is shipped with IBM Intelligent Operations Center(CVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016)

Summary Multiple security vulnerabilities have been identified in IBM MQ which shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM MQ has been published in a security bulletinCVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016...

Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Access.

Summary IBM Security Verify Access could disclose sensitive information in the snapshot file due to reuse of encryption keys. Vulnerability Details CVEID:CVE-2024-25027 DESCRIPTION: IBM Security Verify Access could disclose sensitive snapshot information due to missing encryption. CVSS Base score...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality impacts and a timing-based side-channel attack due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and a timing-based side-channel attack CVE-2023-33850 as described in the vulnerabili...

Security Bulletin: This Power System update is being released to address CVE-2022-4304

Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

Security Bulletin: This Power System update is being released to address CVE 2020-10735

Summary BMC firmware version OP910 uses Python to help serve HTTPS requests but Python is not used to process the request body, so this access vector is not vulnerable the Python long integer vulnerability. A BMC administrator who uses Python from the BMC's command line is subject to this...

Security Bulletin: This Power System update is being released to address CVE-2022-4450

Summary This affects the BMC administrator function to upload HTTPS certificates. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioex function. ...

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...

Security Bulletin: Due to use of PostgreSQL JDBC Driver (PgJDBC), IBM Cloud Pak for AIOps is vulnerable to SQL injection

Summary PostgreSQL JDBC Driver is used by IBM Cloud Pak for AIOps for connection configuration CVE-2024-1597. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injectio...

Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a special...

Security Bulletin: IBM DevOps Build 7.0.0.1 addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a specially...

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow (IBM X-Force ID 270419)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 270419 DESCRIPTION: Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a special...

Security Bulletin: Denial of Service vulnerability in IBM HTTP Server used by WebSphere Application Server affects IBM Business Automation Workflow (CVE-2023-52425)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.

Summary Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights 1.3.6 iFix 8 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticato...

Security Bulletin: Vulnerability of okio-1.13.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE

Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE are vulnerable to okio-1.13.0.jar CVE-2023-3635. The workaround includes okio-1.13.0.jar upgraded to okio-3.5.0.jar . Vulnerability Details...

Security Bulletin: Enterprise Content Manager System Monitor For March 2024 - Multiple CVE adressed

Summary Enterprise Content Manager System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270)

Summary IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting with the servlet-6.0 feature enabled. Vulnerability Details CVEID:CVE-2024-27270 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting. This vulnerability allows users to...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-33850, CVE-2024-20952)

Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...

Security Bulletin: Multiple vulnerabilities in IBM's 4769 Developer's Toolkit. CVE-2023-33855, CVE-2023-47150

Summary IBM Common Cryptographic Architecture CCA could allow a remote user to cause a denial of service CVE-2023-47150 or to obtain sensitive information CVE-2023-33855 as described in the vulnerability details section. IBM customers who use the IBM 4769 Developer's Toolkit to create CCA...

Security Bulletin: Multiple vulnerabilities in IBM's Common Cryptographic Architecture (CCA). CVE-2023-33855, CVE-2023-47150

Summary IBM Common Cryptographic Architecture CCA is used to interface with the IBM Hardware Security Module HSM. CCA could allow a remote user to cause a denial of service attack CVE-2023-47150 or to obtain sensitive information CVE-2023-33855 as described in the vulnerability details section. I...

Security Bulletin: Security Vulnerability in IBM GSKit affects IBM Security Directory Server Container Products (CVE-2023-32342)

Summary A Security Vulnerability in IBM GSKit that ships with IBM Security Directory Server Container Products has been addressed in an update. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based...

Security Bulletin: IBM Security Verify Directory Container ships IBM Java SDK which has multiple vulnerabilities

Summary Multiple Security vulnerabilities found in the IBM Java SDK as shipped with IBM Security Verify Directory Container have been addressed in an update. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component coul...

Security Bulletin: Security vulnerabilities found in IBM WebSphere Application Server Liberty have been addressed in IBM Security Verify Directory Container (CVE-2023-44487, CVE-2023-46158, CVE-2023-44483, CVE-2023-24998)

Summary Multiple Security vulnerabilities found in the IBM WebSphere Application Server Liberty as shipped with IBM Security Verify Directory Container have been addressed. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a...

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise

Summary There are multiple vulnerabilities in IBM Semeru Runtime used by IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a loss of confidentiality (CVE-2024-22356)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a loss of confidentiality. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22356 DESCRIPTION: IBM App Connect Enterprise and IBM Integration Bus for...

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.1.1 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.1.5 or...

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385,...

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193, CVE-2023-50308, 268195)

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746,...

Security Bulletin: Vulnerabilities in Logback may affect the IBM Spectrum Protect Server (CVE-2023-6378)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in Logback such as denial of service caused by a serializaion flaw in the logback receiver component. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused ...

Security Bulletin: Vulnerabilities in Logback may affect the IBM Spectrum Protect Server (CVE-2023-6481)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in Logback such as denial of service caused by a serializaion flaw in the logback receiver component. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused ...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-44487)

Summary IBM Storage Protect Operations Center may be affected by vulnerabilities in IBM WebSphere Application Server Liberty such as denial of service caused by HTTP/2 rapid reset. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caus...

Security Bulletin: Information disclosure vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-44483)

Summary IBM Storage Protect Operations Center may be affected by information disclosure vulnerability in IBM WebSphere Application Server Liberty due to Apache Santuario. Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain...

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2023-48795

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow and is vulnerable to a machine-in-the-middle attack. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiatio...

Security Bulletin: Vulnerability in Cryptography, Werkzeug might affect IBM Storage Sentinel Anomaly Scan Engine (CVE-2023-49083, CVE-2023-46136)

Summary Vulnerabilities in python cryptography and pallets werkzeug may affect IBM Storage Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography and Pallets Werkzeugh allowing remote attacker cause a denial of service as described by the CVEs in the "Vulnerability Details"...

Security Bulletin: Vulnerability in Axios might affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-45857)

Summary Vulnerabilities in axios might affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include allowing remote attacker to perform cross-site scripting attacks, Web cache poisoning and other malicious attacks. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is...

Security Bulletin: Vulnerabilities Spring Boot, Spring Security and Spring Framework might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Spring Boot, Spring Security, and Spring Framework. An attacker could exploit these vulnerabilities to cause a denial of service condition, to take over the application, to launch further attacks on the system, to bypa...

Security Bulletin: Vulnerabilities in MongoDB might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in MongoDB. A remote authenticated attacker could exploit these vulnerabilities to cause the application to crash, to cause a resource depletion or generate high lock contention and result in a denial of service condition...

Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Tomcat, Apache Commons FileUpload, and Apache Axis. A remote attacker could exploit these vulnerabilities to cause a denial of service condition, to obtain a session cookie, sensitive and Http11Processor instanc...

Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-2298...

Security Bulletin: Vulnerabilities in OpenSSL, Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in OpenSSL and Linux Kernel. An attacker could exploit these vulnerabilities to obtain kernel internal information, gain elevated privileges, and cause a denial of service conditions, as described by the CVEs in the...

Security Bulletin: Multiple Security Vulnerabilites have been fixed in IBM Security Verify Directory Container (CVE-2022-32753, CVE-2022-32756, CVE-2022-32751, CVE-2022-32754)

Summary Multiple Vulnerabilities found by the IBM Ethical Hacking team have been fixed in IBM Verify Directory Container. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Directory Server uses weaker than expected cryptographic algorithms that could allow an attacker to decryp...

Security Bulletin: Multiple vulnerabilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition . CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details CVEID:CVE-2024-209...

Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2023-52425).

Summary A security vulnerability has been disclosed in the Expat library libexpat, which is installed as part of IBM Tivoli Network Manager. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerab...

Security Bulletin: IBM License Metric Tool is vulnerable to cross-script scripting due to use of jQuery Cookie.

Summary jQuery is used by IBM License Metric Tool to provide UI functionality and process user-supplied input. Vulnerability Details CVEID:CVE-2022-23395 DESCRIPTION: jQuery Cookie is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

Security Bulletin: Vulnerability in IBM® SDK, Java™ Technology affects IBM Cloud Pak System [CVE-2022-3676]

Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...

Security Bulletin: IBM QRadar SIEM M7 Appliances are vulnerable to CVE-2022-21216

Summary IBM QRadar SIEM M7 Appliances could be vulnerable to an Intel CVE. IBM has addressed the relevant CVE. Vulnerability Details CVEID:CVE-2022-21216 DESCRIPTION: IntelAtom and Intel Xeon Scalable Processors could allow a remote authenticated attacker to gain elevated privileges on the system...

Security Bulletin: PowerSC is vulnerable to security restrictions bypass due to Curl (CVE-2023-46218, CVE-2023-46219, CVE-2024-0853)

Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions CVE-2023-46218, CVE-2023-46219, CVE-2024-0853. PowerSC uses Curl as part of PowerSC Trusted Network Connect TNC. Vulnerability Details CVEID:CVE-2023-46218 DESCRIPTION: cURL libcurl could allow a remote...

Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...