IBM PSIRT Blog
176 FOLLOWERS
This site contains important information regarding security vulnerabilities that may affect IBM products and solutions. IBM PSIRT follows the NIST guidelines for determining the severity rating of the reported vulnerability. This blog contains information on Security Bulletins and advisories along with future IBM Security Bulletins and advisories.
IBM PSIRT Blog
1y ago
Websphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.
Affected product(s) and affected version(s):
Principal Product and Version(s)
Affected Supporting Product and Version
WebGUI 8.1.0 GA and FP
Websphere Application Server V8.5 and V9
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6834197
The post Security Bulletin: A security vulnerability ..read more
IBM PSIRT Blog
1y ago
FreeType is not used directly by IBM App Connect Enterprise Certified Container but is present as an operating system module in the DesignerAuthoring image used for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-27404 in FreeType.
CVE(s): CVE-2022-27404
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified ..read more
IBM PSIRT Blog
1y ago
LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-0909 in LibTIFF.
CVE(s): CVE-2022-0909
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified Container
4.1
App Connect Enterprise Certified Container
4.2
App Connect Enterprise Certified Container
5.0-lts
App Connect Enterprise Certified Containe ..read more
IBM PSIRT Blog
1y ago
Python is provided as part of the operating system modules in the IBM App Connect Enterprise Certified Container images, and is used by DesignerAuthoring instances when mapping assistance is enabled. IBM App Connect Enterprise Certified Container images may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability CVE-2015-20107 in Python.
CVE(s): CVE-2015-20107
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified Container
4.1
App Connect Enterprise Certified Containe ..read more
IBM PSIRT Blog
1y ago
Node.js js-beautify is present in the IBM App Connect Enterprise Certified Container DesignerAuthoring operand image. A DesignerAuthoring operand may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js js-beautify. [CVE-2022-37609]
CVE(s): CVE-2022-37609
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified Container
4.1
App Connect Enterprise Certified Container
4.2
App Connect Enterprise Certified Container
5.0-lts
App Connect Enterprise Certified ..read more
IBM PSIRT Blog
1y ago
LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-0562 in LibTIFF.
CVE(s): CVE-2022-0562
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified Container
4.1
App Connect Enterprise Certified Container
4.2
App Connect Enterprise Certified Container
5.0-lts
App Connect Enterprise Certified Containe ..read more
IBM PSIRT Blog
1y ago
Node.js module @xmldom/xmldom is used by IBM App Connect Enterprise Certified Container for processing XML. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process XML data may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in @xmldom/xmldom. [CVE-2022-37616]
CVE(s): CVE-2022-37616
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified Container
4.1
App Connect Enterprise Certified Container
4.2
App Connec ..read more
IBM PSIRT Blog
1y ago
GNU FriBidi is used by IBM App Connect Enterprise Certified Container for handling unicode. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-25308 in GNU FriBidi.
CVE(s): CVE-2022-25308
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified Container
4.1
App Connect Enterprise Certified Container
4.2
App Connect Enterprise Ce ..read more
IBM PSIRT Blog
1y ago
Vulnerabilities with Kernel and GNU glibc affect IBM Cloud Object Storage Systems. These vulnerabilities have been addressed in the latest ClevOS releases
CVE(s): CVE-2022-3028, CVE-2022-42703, CVE-2021-4159, CVE-2022-2588, CVE-2022-36946, CVE-2022-36879, CVE-2021-3999, CVE-2022-40307, CVE-2021-3759, IBM X-Force ID: 237855
IBM X-Force ID: 234979
Affected product(s) and affected version(s):
Affected Product(s)
CVE's ID
Versions (s)
IBM Cloud Object System
CVE-2022-3028
3.17.0.36 or Prior releases
IBM Cloud Object System
CVE-2022-42703
3.17.0.36 or Prior releases ..read more
IBM PSIRT Blog
1y ago
LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to arbitrary code execution or denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-0891 in LibTIFF.
CVE(s): CVE-2022-0891
Affected product(s) and affected version(s):
Affected Product(s)
Version(s)
App Connect Enterprise Certified Container
4.1
App Connect Enterprise Certified Container
4.2
App Connect Enterprise Certified Container
5.0-lts
App Connect E ..read more