Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus

June 30, 2022 | Critical Severity

PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Spectrum Protect Plus. ...read more


Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

June 29, 2022 | Critical Severity

IBM has released the following fix for IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

June 29, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of Node.js modules used in Web clients. ...read more


Security Bulletin: OpenSSL for IBM i is vulnerable to command injection due to a flaw in c_rehash script (CVE-2022-1292)

June 28, 2022 | Critical Severity

OpenSSL is vulnerable to a command injection due to improper user validation in the c_rehash script as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section. ...read more


Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)

June 27, 2022 | Critical Severity

Multiple vulnerabilities in IBM Robotic Process Automation 21.0.1Bouncy Castle is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2020-15522.Stark Bank Elixir is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2021-43569.IBM Robotic Process Automation is built using C# using Microsoft .NET Framework and Microsoft .NET Core. CVE-2020-15522. ...read more


Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

June 24, 2022 | Critical Severity

IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. QVM utilizes the Spring Framework to support our Java backed user interface.. The fix includes Spring 5.3.18. ...read more


Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. The fix removes this vulnerability (CVE-2022-31767) from IBM CICS TX Advanced. ...read more


Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. The fix removes this vulnerability (CVE-2022-31767) from IBM CICS TX Advanced. ...read more


Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

June 22, 2022 | Critical Severity

Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP5. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.2. The following 3rd party components are used by IBM Cognos Analytics: Apache Axis is a Java based Web Services engine for JSON, SOAP, and WSDL (CVE-2012-5785, CVE-2012-4418, CVE-2010-1632). Dom4J is a Java-based XML parsing framework (CVE-2020-10683). Apache Commons Compress is a Java API to support various types of compression and decompression (CVE-2021-35517, CVE-2021-36090). Jupyter Notebook is an interactive computing platform across all programming languages (CVE-2021-32797, CVE-2021-32798). Netty is a Java-based non-blocking I/O networking framework (CVE-2021-37136, CVE-2021-37136). JQuery is a JavaScript library for HTML DOM tree traversal and manipulation (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182). SnakeYAML is a Java-based YAML parsing and serialization library (CVE-2017-18640). Apache Hadoop is a Java based distributed computing platform supporting large data sets (CVE-2020-9492, CVE-2016-6811, CVE-2017-15713, CVE-2017-15718, CVE-2017-3166, CVE-2018-1296, CVE-2018-8029, CVE-2018-11766). CKEditor is a WYSIWYG rich text editor which can be directly inside web pages or application (CVE-2021-41164, CVE-2021-41165). Apache Jena is a Java API to read and write RDF graphs (CVE-2021-39239). Netplex json-smart is a Java-based high performance JSON-processor (CVE-2021-27568). Faster XML Jackson-Databind is a JSON to Java object conversion API (CVE-2021-20190, CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-36189, CVE-2020-36188, CVE-2020-36187, CVE-2020-36186, CVE-2020-36185, CVE-2020-36184, CVE-2020-36183, CVE-2020-36182, CVE-2020-36181, CVE-2020-36180, CVE-2020-36179, CVE-2020-35728, CVE-2020-35491, CVE-2020-35490, CVE-2020-25649, CVE-2020-24750, CVE-2020-24616, CVE-2020-14195, CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620, CVE-2020-11619, CVE-2020-11113, CVE-2020-11112, CVE-2020-11111, CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672, CVE-2019-16942, CVE-2019-16943, CVE-2019-17531). IBM Cognos Analytics is vulnerable to further attacks such remote code execution (RCE) and cross-site scripting (XSS) by not validating upload file types or user supplied data (CVE-2021-38945, CVE-2021-39047). IBM Cognos Analytics could allow a low level user to obtain sensitive information from the details of the Cloud Storage page for which they should not have access (CVE-2021-29768). ...read more