IBM Product Security Incident Response


Archive

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities (CVE-2016-3506, CVE-2020-13692)

Sep 30, 2021 8:02 pm EDT | High Severity

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. ...read more


Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities (CVE-2020-13938, CVE-2021-30641)

Sep 30, 2021 8:02 pm EDT | Medium Severity

IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. ...read more


Security Bulletin: Vulnerability in lodash affects IBM VM Recovery Manager DR GUI

Sep 30, 2021 8:02 pm EDT | High Severity

There is vulnerability in lodash which affects IBM VM Recovery Manager DR GUI ...read more


Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)

Sep 30, 2021 8:02 pm EDT | Critical Severity

IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution. ...read more


Security Bulletin: Multiple vulnerabilities in Bouncy Castle Java Cryptography affect IBM Tivoli Business Manager

Sep 30, 2021 8:01 pm EDT | High Severity

Bouncy Castle Java Cryptography is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Bouncy Castle Java Cryptography has been published in a security bulletin. ...read more


Security Bulletin: A vulnerability has been identified in Apache Commons BeanUtils affects IBM Tivoli Business Service Manager (CVE-2014-0114)

Sep 30, 2021 8:01 pm EDT | High Severity

Apache Commons BeanUtilsy is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Apache Commons BeanUtils has been published in a security bulletin. ...read more


Security Bulletin: IBM Aspera High-Speed Transfer Server, Endpoint, and Desktop Client are vulnerable to libcurl vulnerabilities (CVE-2021-22901, CVE-2021-22898)

Sep 30, 2021 8:00 pm EDT | High Severity

The following libcurl security vulnerabilities have been addressed for Aspera High-Speed Tranfer Server (HSTS) , Aspera High-Speed Transfer Endpoint (HSTE), and Deskstop Client. ...read more


Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software – September 2021

Sep 30, 2021 8:00 pm EDT | High Severity

Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. ...read more


Security Bulletin: [All] Apache PDFBox (Publicly disclosed vulnerability)

Sep 30, 2021 8:00 pm EDT | Medium Severity

This Security Bulletin provides steps to manually upgrade ApachePDFBox for IBM DataQuant. ...read more