Security Bulletin: Information disclosure in FasterXML Jackson Dataformats affect IBM Operations Analytics – Log Analysis (CVE-2020-28491)

November 22, 2022 | High Severity

FasterXML jackson-dataformat-cbor is susceptible to denial of service, caused by java.lang.OutOfMemoryError exception. ...read more


Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate these vulnerabilities.

November 22, 2022 | High Severity

Eclipse Jetty contains a vulnerability around improper hostname input handling that could lead to failure in a proxy scenario, and a vulnerability that could lead to a potential denial of service attack. ...read more


Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

November 22, 2022 | High Severity

IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to denial of service due to libexpat. This has been addressed. ...read more


Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Performance Tester has taken steps to mitigate these vulnerabilities.

November 22, 2022 | High Severity

Eclipse Jetty contains a vulnerability around improper hostname input handling that could lead to failure in a proxy scenario, and a vulnerability that could lead to a potential denial of service attack. ...read more


Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to use of dom4j (CVE-2018-1000632)

November 21, 2022 | High Severity

IBM Security Verify Governance uses dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods (CVE-2018-1000632). The fix includes upgrading the dom4j jar to the patched version. ...read more


Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC

November 18, 2022 | High Severity

Kernel is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE. ...read more


Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Kafka (CVE-2022-34917)

November 18, 2022 | High Severity

A denial of service vulnerability in Apache Kafka used by IBM InfoSphere Information Server was addressed. ...read more


Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC

November 18, 2022 | High Severity

Apache HTTP webserver is used by IBM Power Hardware Management Console (HMC) for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-33193 and CVE-2021-44224 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the vulnerability. ...read more


Security Bulletin: IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system (CVE-2022-40746)

November 18, 2022 | High Severity

IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. ...read more