Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

November 22, 2022 | High Severity

IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to denial of service due to libexpat. This has been addressed. ...read more


Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Performance Tester has taken steps to mitigate these vulnerabilities.

November 22, 2022 | High Severity

Eclipse Jetty contains a vulnerability around improper hostname input handling that could lead to failure in a proxy scenario, and a vulnerability that could lead to a potential denial of service attack. ...read more


Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to use of dom4j (CVE-2018-1000632)

November 21, 2022 | High Severity

IBM Security Verify Governance uses dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods (CVE-2018-1000632). The fix includes upgrading the dom4j jar to the patched version. ...read more


Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC

November 18, 2022 | High Severity

Kernel is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE. ...read more


Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Kafka (CVE-2022-34917)

November 18, 2022 | High Severity

A denial of service vulnerability in Apache Kafka used by IBM InfoSphere Information Server was addressed. ...read more


Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC

November 18, 2022 | High Severity

Apache HTTP webserver is used by IBM Power Hardware Management Console (HMC) for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-33193 and CVE-2021-44224 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the vulnerability. ...read more


Security Bulletin: IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system (CVE-2022-40746)

November 18, 2022 | High Severity

IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. ...read more


Security Bulletin: IBM DataPower Gateway vulnerable to CSRF attack

November 18, 2022 | High Severity

IBM DataPower Gateway is vulnerable to a cross-site request forgery attack against the Web UI. IBM has addressed the vulnerability. ...read more


Security Bulletin: Vulnerabilities in Golang Go affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift

November 18, 2022 | High Severity

Golang Go is vulnerable to denial of service, obtaining sensitive information, HTTP request smuggling, and directory traversal which may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift. ...read more