Medium Severity

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring

Jan 16, 2022 7:00 pm EST | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring. ...read more


Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4516

Jan 15, 2022 7:00 pm EST | Medium Severity

IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. ...read more


Security Bulletin: Publicly disclosed vulnerability vulnerability in GNU binutils affects IBM Netezza Analytics for NPS

Jan 14, 2022 7:06 pm EST | Medium Severity

GNU binutils is used by IBM Netezza Analytics for NPS. IBM Netezza Analytics for NPS has addressed the applicable CVE by upgrading GNU binutils to version 2.37. ...read more


Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-44832)

Jan 14, 2022 7:05 pm EST | Medium Severity

A vulnerabilitiy in Apache Log4j could result in remote code execution. This vulnerability may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. The below fix package includes Log4j 2.17.1. ...read more


Security Bulletin: Cross Site Scripting (XSS) security vulnerability in IBM Content Manager Administration Console for Content Platform Engine (ACCE)

Jan 14, 2022 7:04 pm EST | Medium Severity

IBM Content Manager component Administration Console for Content Platform Engine (ACCE) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...read more


Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect for Space Management (CVE-2021-44832)

Jan 14, 2022 7:03 pm EST | Medium Severity

A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect for Space Management includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix packages include Apache Log4j 2.17.1. ...read more


Security Bulletin: Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Operations Center (CVE-2021-44832)

Jan 14, 2022 7:03 pm EST | Medium Severity

A vulnerability in Apache Log4j could result in remote code execution. This vulnerability may affect the Help system in IBM Spectrum Protect Operations Center. The below fix packages include Apache Log4j 2.17.1. ...read more


Security Bulletin: Apache XMLBeans XML Entity Expansion security vulnerability in IBM FileNet Content Manager

Jan 14, 2022 7:03 pm EST | Medium Severity

IBM FileNet Content Manager has XML Entity Expansion security vulnerabilties with Apache XMLBeans. ...read more


Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-44832)

Jan 14, 2022 7:02 pm EST | Medium Severity

A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum Protect Snapshot on Wiindows. The below fix package includes Apache Log4j 2.17.1. ...read more