Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40750)
IBM PSIRT Blog
by IBM PSIRT
1y ago
Websphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Affected product(s) and affected version(s): Principal Product and Version(s) Affected Supporting Product and Version WebGUI 8.1.0 GA and FP Websphere Application Server V8.5 and V9 Refer to the following reference URLs for remediation and additional vulnerability details:   Source Bulletin: https://www.ibm.com/support/pages/node/6834197 The post Security Bulletin: A security vulnerability ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-27404
IBM PSIRT Blog
by IBM PSIRT
1y ago
FreeType is not used directly by IBM App Connect Enterprise Certified Container but is present as an operating system module in the DesignerAuthoring image used for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-27404 in FreeType. CVE(s): CVE-2022-27404 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0909
IBM PSIRT Blog
by IBM PSIRT
1y ago
LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-0909 in LibTIFF. CVE(s): CVE-2022-0909 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified Container 4.1 App Connect Enterprise Certified Container 4.2 App Connect Enterprise Certified Container 5.0-lts App Connect Enterprise Certified Containe ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution due to CVE-2015-20107
IBM PSIRT Blog
by IBM PSIRT
1y ago
Python is provided as part of the operating system modules in the IBM App Connect Enterprise Certified Container images, and is used by DesignerAuthoring instances when mapping assistance is enabled. IBM App Connect Enterprise Certified Container images may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability CVE-2015-20107 in Python. CVE(s): CVE-2015-20107 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified Container 4.1 App Connect Enterprise Certified Containe ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution due to [CVE-2022-37609]
IBM PSIRT Blog
by IBM PSIRT
1y ago
Node.js js-beautify is present in the IBM App Connect Enterprise Certified Container DesignerAuthoring operand image. A DesignerAuthoring operand may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js js-beautify. [CVE-2022-37609] CVE(s): CVE-2022-37609 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified Container 4.1 App Connect Enterprise Certified Container 4.2 App Connect Enterprise Certified Container 5.0-lts App Connect Enterprise Certified ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0562
IBM PSIRT Blog
by IBM PSIRT
1y ago
LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-0562 in LibTIFF. CVE(s): CVE-2022-0562 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified Container 4.1 App Connect Enterprise Certified Container 4.2 App Connect Enterprise Certified Container 5.0-lts App Connect Enterprise Certified Containe ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container operands that process XML may be vulnerable to arbitrary code execution due to [CVE-2022-37616]
IBM PSIRT Blog
by IBM PSIRT
1y ago
Node.js module @xmldom/xmldom is used by IBM App Connect Enterprise Certified Container for processing XML. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process XML data may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in @xmldom/xmldom. [CVE-2022-37616] CVE(s): CVE-2022-37616 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified Container 4.1 App Connect Enterprise Certified Container 4.2 App Connec ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-25308
IBM PSIRT Blog
by IBM PSIRT
1y ago
GNU FriBidi is used by IBM App Connect Enterprise Certified Container for handling unicode. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-25308 in GNU FriBidi. CVE(s): CVE-2022-25308 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified Container 4.1 App Connect Enterprise Certified Container 4.2 App Connect Enterprise Ce ..read more
Visit website
Security Bulletin: Vulnerabilities with Kernel and GNU glibc affect IBM Cloud Object Storage Systems (Dec 2022v1)
IBM PSIRT Blog
by IBM PSIRT
1y ago
Vulnerabilities with Kernel and GNU glibc affect IBM Cloud Object Storage Systems. These vulnerabilities have been addressed in the latest ClevOS releases CVE(s): CVE-2022-3028, CVE-2022-42703, CVE-2021-4159, CVE-2022-2588, CVE-2022-36946, CVE-2022-36879, CVE-2021-3999, CVE-2022-40307, CVE-2021-3759, IBM X-Force ID:   237855 IBM X-Force ID:   234979 Affected product(s) and affected version(s): Affected Product(s) CVE's ID Versions (s) IBM Cloud Object System CVE-2022-3028 3.17.0.36 or Prior  releases IBM Cloud Object System CVE-2022-42703 3.17.0.36 or Prior  releases ..read more
Visit website
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-0891
IBM PSIRT Blog
by IBM PSIRT
1y ago
LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to arbitrary code execution or denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-0891 in LibTIFF. CVE(s): CVE-2022-0891 Affected product(s) and affected version(s): Affected Product(s) Version(s) App Connect Enterprise Certified Container 4.1 App Connect Enterprise Certified Container 4.2 App Connect Enterprise Certified Container 5.0-lts App Connect E ..read more
Visit website

Follow IBM PSIRT Blog on FeedSpot

Continue with Google
Continue with Apple
OR