IBM Product Security Update Advisory

Nov 27 2024

Overview

An update has been released to address vulnerabilities in IBM Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-52899

IBM Data Virtualization Manager version: 1.1 (z/OS)
IBM Data Virtualization Manager version: 1.2 (z/OS)

CVE-2024-49353

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data Versions: 4.0.0 (inclusive) to 5.0.2 (inclusive)

Resolved Vulnerabilities

Vulnerability that allows authenticated users to inject malicious JDBC URL parameters and execute code on the server (CVE-2024-52899)

Vulnerability in which input validation is not properly enforced when resources are used concurrently, which can lead to unexpected conditions or crashes (CVE-2024-49353)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-52899

Update based on “Remediation/Fixes” from the Referenced site[2]

CVE-2024-49353

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data version: 5.0.3

Referenced Sites

[1] CVE-2024-52899 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-52899

[2] Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

https://www.ibm.com/support/pages/node/7177091

[3] CVE-2024-49353 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-49353

[4] Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a possible race condition [CVE-2024-49353]

https://www.ibm.com/support/pages/node/7177065

IBM Product Security Update Advisory

7-Zip Security Update Advisory (CVE-2024-11477)

UpKeeper Product Security Update Advisory

Tags:

7-Zip Security Update Advisory (CVE-2024-11477)

UpKeeper Product Security Update Advisory