Medium Severity

Security Bulletin: IBM Sterling Partner Engagement Manager vulnerable to denial of service due to Apache Shiro (CVE-2022-32532)

September 23, 2022 | Medium Severity

IBM Sterling Partner Engagement Manager uses Apache Shiro library 1.9.1, where A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. The issue has been addressed. ...read more


Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-31744)

September 23, 2022 | Medium Severity

IBM MQ Appliance has resolved a cross-site scripting vulnerability. ...read more


Security Bulletin: Due to RPM, AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266)

September 23, 2022 | Medium Severity

AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266) due to RPM. RPM is used by AIX for package management. ...read more


Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)

September 23, 2022 | Medium Severity

IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has been addressed. ...read more


Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)

September 22, 2022 | Medium Severity

IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this vulnerability to cause a denial of service. ...read more


Security Bulletin: Operations Dashboard is vulnerable to request smuggling due to Golang Go vulnerability CVE-2022-1705

September 22, 2022 | Medium Severity

Operations Dashboard is vulnerable to request smuggling due to Golang Go vulnerability CVE-2022-1705 ...read more


Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to Host Header Injection (CVE-2021-29854)

September 22, 2022 | Medium Severity

IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to Host header injection. ...read more


Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423)

September 22, 2022 | Medium Severity

Insufficient input validation in IBM Common Cryptographic Architecture (CCA) may affect Hardware Security Module (HSM) availability. An affected IBM 4767 or IBM 4769 HSM may be forced into a check-stop condition by specially-crafted requests from HSM users. Recovery from a check-stop condition requires manual intervention. ...read more


Security Bulletin: IBM CICS TX Advanced is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22476)

September 22, 2022 | Medium Severity

WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console. The fix removes the identity spoofing vulnerability CVE-2022-22476 from Liberty. ...read more