Low Severity

Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)

August 4, 2022 | Low Severity

IBM Sterling Connect:Direct for UNIX Certified Container bundles ncurses as third party packages in its container image which has the vulnerability where attacker can obtain sensitive information. This fix updates ncurses to 6.1-9.20180224.el8. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)

August 4, 2022 | Low Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a Spring framework data binding rules vulnerability, where case sensitive patterns for disallowedFields cause weaker than expected security (CVE-2022-22968). Spring Framework is used by some of the java components included in IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: Vulnerability in the Node.js follow-redirects component affects IBM Event Streams (CVE-2022-0536)

August 3, 2022 | Low Severity

This security vulnerability affects the follow-redirects component that is used by IBM Event Streams. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNU Tar (CVE-2019-9923).

August 3, 2022 | Low Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNU Tar, caused by a NULL point dereference in the pax_decode_header in sparse.c (CVE-2019-9923). A remote attacker could exploit this vulnerability to cause the application to crash. GNU Tar is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty, with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status . (CVE-2022-22393)

July 29, 2022 | Low Severity

IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 1, with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. ...read more


Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester (CVE-2021-35603)

July 29, 2022 | Low Severity

A vulnerability in IBM SDK Java Version 1.8 and IBM Runtime Environment Java Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVE. ...read more


Security Bulletin: IBM Robotic Process Automation is vulnerable to a man-in-the-middle due to ssh.net (CVE-2022-29245)

July 29, 2022 | Low Severity

ssh.net is used by IBM Robotic Process Automation as part of the secure communications. CVE-2022-29245. The fix includes ssh.net 2020.0.2.0 ...read more


Security Bulletin: IBM DataPower Gateway affected by vulnerability in JSSE (CVE-2021-35603)

July 29, 2022 | Low Severity

While the core DataPower Gateway does not use JSSE, certain components shipped with IDG may be vulnerable. IBM has addressed the CVE. ...read more


Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Service Tester (CVE-2021-35603)

July 29, 2022 | Low Severity

A vulnerability in IBM SDK Java Version 1.8 and IBM Runtime Environment Java Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVE. ...read more