35097 matches found
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Go-git with Instana Agent container image
Summary Vulnerabilities in Go-git were remediated in IBM Observability with Instana with Instana Agent container image build 265. CVE-2023-49569 & CVE-2023-49568 Vulnerability Details CVEID:CVE-2023-49569 DESCRIPTION: go-git could allow a remote attacker to traverse directories on the system. By...
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 262 Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content...
Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability
Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-0727. Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL [CVE-2023-5678, CVE-2023-6129]
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using...
Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 268 Vulnerability Details CVEID:CVE-2023-22041 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local attacker to cause high confidentiality...
Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).
Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service due to the Eclipse Jetty component (CVE-2023-36478).
Summary IBM Event Streams is vulnerable to a denial of service DoS due to the Eclipse Jetty component. Eclipse Jetty provides a Web server and javax. servlet container, plus support for Web Sockets, OSGi, JMX, JNDI, JASPI, AJP and many other integrations. Vulnerability Details CVEID:CVE-2023-3647...
Security Bulletin: IBM Event Streams is vulnerable to HTTP request smuggling (CVE-2023-40167)
Summary IBM Event Streams is vulnerable to HTTP request smuggling due to Jetty component. Jetty provides client-side libraries that allow us to embed an HTTP or WebSocket client in our applications. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request...
Security Bulletin: Vulnerabilities in Apache Commons Compress library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-26308, CVE-2024-25710)
Summary Apache Commons Compress library is used by Tivoli Netcool/OMNIbus WebGUI as part of Apache POI dependency for Seasonal Event Graphs export feature. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of...
Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.
Summary IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters. Vulnerability Details CVEID:CVE-2023-28527 DESCRIPTION: IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a...
Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH
Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to launch a machine-in-the-middle attack CVE-2023-48795 and execute arbitrary commands CVE-2023-51385, and could allow a local authenticated attacker to obtain sensitive information CVE-2023-51384. OpenSSH is used by AIX for...
Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...
Security Bulletin: OpenSSH for IBM i is vulnerable to a machine-in-the-middle attack due to a flaw in the SSH transport protocol. [CVE-2023-48795]
Summary OpenSSH used by IBM i is vulnerable to a machine-in-the-middle attack due to a flaw in the SSH transport protocol with certain extensions as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service.
Summary IBM Db2 Web Query for i is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-34034 and CVE-2023-44981 and denia...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-52425)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition
Summary IBM Sterling Connect:Direct for Microsoft Windows uses IBM Runtime Environment Java Technology Edition Version 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to a denial of service attack due to Connect2id Nimbus-JOSE-JWT (CVE-2023-52428)
Summary Integrated File Agent used by IBM Sterling Connect:Direct for Microsoft Windows uses Connect2id Nimbus-JOSE-JWT. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. CVE-2023-2975 Vulnerability Details CVEID:CVE-2023-2975 DESCRIPTION: OpenSSL could allow a remote attacker to bypass securi...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state...
Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43643)
Summary There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-43643 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...
Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Asset Management (CVE-2023-43643)
Summary There is a vulnerability in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2023-43643 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using...
Security Bulletin: IBM i is vulnerable to a privilege elevation due to an unqualified library call in Db2 for IBM i. [CVE-2024-22346]
Summary IBM i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification, in Db2 for IBM i, as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...
Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer
Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...
Security Bulletin: IBM Maximo Asset Management application may be affected by XML External Entity (XXE) attack (CVE-2024-27266)
Summary IBM Maximo Asset Management application may be affected by XML External Entity XXE attack. Vulnerability Details CVEID:CVE-2024-27266 DESCRIPTION: IBM Maximo Application Suite is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could...
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2023-33850 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system CVE-2023-46308
Summary plotly.js is used by the IBM Datapower Operations Dashboard in their web console. Vulnerability Details CVEID:CVE-2023-46308 DESCRIPTION: Plotly plotly.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the plot API calls. By...
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. CVE-2023-38039, CVE-2023-38545 Vulnerability Details CVEID:CVE-2023-38039 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by not limiting the number and size of...
Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. CVE-2023-5363, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...
Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. CVE-2023-3817, CVE-2023-2975 Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642
Summary snappy-java is used by the IBM Datapower Operations Dashboard as a compressor/decompressor for Java Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to denial of service CVE-2023-3635
Summary Okio GzipSource is used by the IBM Datapower Operations Dashboard in its IO infrastructure. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffer, a remote...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-33202
Summary Bouncy Castle for Java is used by the IBM Datapower Operations Dashboard to perform cryptographic operations. Vulnerability Details CVEID:CVE-2023-33202 DESCRIPTION: Bouncy Castle for Java is vulnerable to a denial of service, caused by a flaw in the org.bouncycastle.openssl.PEMParser...
Security Bulletin: IBM Integration Bus for z/OS Admin WebUI is vulnerable to a CSRF attack (CVE-2024-27265)
Summary IBM Integration Bus for z/OS Admin WebUI is vulnerable to a CSRF attack which could lead to arbitrary code execution. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27265 DESCRIPTION: IBM Integration Bus for z/OS is vulnerable...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM...
Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM TXSeries for Multiplatforms is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).
Summary IBM WebSphere Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams i...
Security Bulletin: Vulnerability in babel affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-42771]
Summary The babel package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVECVE-2021-42771 Vulnerability Details CVEID:CVE-2021-42771 DESCRIPTION: Python-Babel Babel could allow a local authenticated attacker to traverse directories o...
Security Bulletin: IBM Maximo Application Suite uses follow-redirects-1.15.2.tgz which is vulnerable to CVE-2023-26159
Summary IBM Maximo Application Suite uses follow-redirects-1.15.2.tgz which is vulnerable to CVE-2023-26159. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to...
Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2023-38723)
Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2023-38723 DESCRIPTION: IBM Maximo Application Suite is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...
Security Bulletin: There is a vulnerability in tinymce-6.7.1.min.js used by IBM Maximo Asset Management application (CVE-2023-48219)
Summary There is a vulnerability in tinymce-6.7.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-48219 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the text nodes. A remote attacke...
Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM TXSeries for Multiplatforms is vulnerable to weaker than expected security due to improper resource expiration handling (CVE-2023-46158).
Summary IBM WebSphere Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console CVE-2023-46158. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected...
Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM TXSeries for Multiplatforms is vulnerable to an information disclosure due to Apache Santuario (CVE-2023-44483).
Summary There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled CVE-2023-44483. IBM WebSphere Liberty is used by IBM TXSeries for Multiplatforms to provide a web based...
Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2023-32335)
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-32335 DESCRIPTION: IBM Maximo Asset Management stores sensitive information in URL parameters. This may lead to information disclosure if...
Security Bulletin: IBM Maximo Asset Management application is vulnerable to sensitive information disclosure (CVE-2023-32335)
Summary IBM Maximo Asset Management application is vulnerable to sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-32335 DESCRIPTION: IBM Maximo Asset Management stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties ha...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to low integrity impacts due to Java SE (CVE-2023-22049)
Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker t...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting (CVE-2023-28517)
Summary IBM Sterling Partner Engagement Manager has addressed a reflected cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2023-28517 DESCRIPTION: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to low confidentiality impacts due to Java SE (CVE-2023-22044)
Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22044 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to low confidentiality impacts due to Java SE (CVE-2023-22045)
Summary IBM Sterling Partner Engagement Manager uses Java SE. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base score: 3.7 CVSS Temporal Score:...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to SnakeYAML (CVE-2022-38752)
Summary IBM Sterling Partner Engagement Manager uses SnakeYAML. Vulnerability Details CVEID:CVE-2022-38752 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker coul...