Critical Severity
Security Bulletin: Multiple Vulnerabilities in jackson-databind shipped with IBM Cloud Pak System
August 12, 2022 | Critical Severity
Vulnerabilities identified in jackson-databind shipped with IBM Cloud Pak System. IBM Clous Pak System addresssed vulnerabilities. ...read more
Security Bulletin: Vulnerability in Apache Log4j affects IBM InfoSphere Master Data Management (CVE-2021-44228 )
August 12, 2022 | Critical Severity
There is a vulnerability in the Apache Log4j open source library used by IBM InfoSphere Master Data Management v11.6 and v12.0. ...read more
Security Bulletin: IBM Security Identity Manager Virtual Appliance is vulnerable to arbitrary code execution due to Apache Log4j and other issues (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)
August 12, 2022 | Critical Severity
IBM Security Identity Manager Virtual Appliance (ISIM VA) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4101 and CVE-2021-45046. Apache Log4j is used by ISIM VA as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1. IBM Security Identity Manager Virtual Appliance (ISIM VA) has also upgraded the other vulnerable components listed below. ...read more
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
August 12, 2022 | Critical Severity
There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE [CVE-2022-33980]. ...read more
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022
August 12, 2022 | Critical Severity
In addition to many updates of open source packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF011 and 22.0.1-IF001. ...read more
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs [CVE-2022-29078]
August 12, 2022 | Critical Severity
Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs [CVE-2022-29078] with details below ...read more
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty
August 9, 2022 | Critical Severity
Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages [Golang Go, libxml2, curl, expat ,libgcrypt and IBM WebSphere Application Server Liberty] that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more
Security Bulletin: Vulnerabilities in Spring Framework affect IBM Cloud Pak System (CVE-2022-22965, CVE-2020-5421)
August 8, 2022 | Critical Severity
IBM Cloud Pak System is affected by a remote code execution in Spring Framework (CVE-2022-22965 and CVE-2020-5421). IBM Cloud Pak System ships with AWS component that includes it but is not used by it. The fix removes Spring from the product. This security bulletin service applies to IBM Cloud Pak System, BM Cloud Pak System Software and BM Cloud Pak System Software Suite. ...read more
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).
August 4, 2022 | Critical Severity
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more