High Severity

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-11777)

October 4, 2022 | High Severity

IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more


Security Bulletin: A security vulnerability has been identified in Apache Camel shipped with IBM Tivoli Netcool Impact (CVE-2020-11971)

October 4, 2022 | High Severity

Apache Camel is shipped with IBM Tivoli Netcool Impact as part of its backend infrastructure. Information about a security vulnerability affecting Apache Camel has been published in a security bulletin. ...read more


Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

October 4, 2022 | High Severity

IBM Security Guardium has addressed the following vulnerabilities. ...read more


Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2021-25647, XFID: 233967)

October 4, 2022 | High Severity

IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Apache Santuario Security for Java provides a mechanism for XML-Signature & XML Encryption syntax and processing (CVE-2021-40690). Google Gson is an open-source Java library to serialize and deserialize Java objects to (and from) JSON (CVE-2022-25647). Maven okHTTP is an efficient HTTP & HTTP/2 client for Android and Java applications (XFID:233967). These vulnerabilities have been addressed. ...read more


Security Bulletin: CP4D Match 360 is impacted due to vulnerability in IBM WebSphere Application Server Liberty spoofing due to Eclipse Paho (CVE-2019-11777)

October 3, 2022 | High Severity

There is a vulnerability in the Eclipse Paho library used by IBM WebSphere Application Server Liberty with the rtcomm-1.0 or rtcommGateway-1.0 feature enabled. Provided that IBM Match 360 uses WebSphere Liberty Profile, this vulnerability has been addressed in IBM Match 360 v4.5.2 and prior. ...read more


Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

October 3, 2022 | High Severity

A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. ...read more


Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

October 3, 2022 | High Severity

Java is used by IBM Robotic Process Automation for Cloud Pak as part of several container services that run Java applications. ...read more


Security Bulletin: Vulnerability in zlib affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

October 3, 2022 | High Severity

A vulnerability in the zlib package used by IBM Spectrum Virtualize may result in a denial of service for the whole application if an attacker is able to inject crafted input. ...read more


Security Bulletin: IBM Robotic Process Automation may be vulnerable to denial of service due to microsoft.owin.security.cookies (CVE-2022-29117)

October 3, 2022 | High Severity

microsoft.owin.security.cookies is used by IBM Robotic Process Automation as part of Miscrosoft ASP.NET. (CVE-2022-29117) ...read more