Lucene search
K

13330 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.49 views

Security Bulletin: There is an information disclosure vulnerability in Liberty for Java (CVE-2020-4329)

Summary There is an information disclosure in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive...

4.3CVSS4.3AI score0.01263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.28 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2020-4590)

Summary There is a denial of service vulnerablility in IBM WebSphere Application Server Liberty used in Liberty for Java for IBM Cloud. Vulnerability Details CVEID:CVE-2020-4590 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or...

6.5CVSS5.9AI score0.01241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.20 views

Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)

Summary There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4....

5.9CVSS5.5AI score0.00844EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.13 views

Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)

Summary There is a vulnerability in the Apache MyFaces library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an...

7.5CVSS7.2AI score0.03026EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.23 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to LDAP Injection (CVE-2021-39031)

Summary Liberty for Java for IBM Cloud is vulnerable to LDAP injection. This has been addressed. Vulnerability Details CVEID:CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. B...

8.8CVSS8.5AI score0.02275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.14 views

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20492)

Summary There is an XML External Entity Injection XXE vulnerablility in IBM WebSphere Application Server Liberty used in Liberty for Java for IBM Cloud. This does not occur in the default configuration, it occurs when batchManagement-1.0 is configured. Vulnerability Details CVEID:CVE-2021-20492...

8.2CVSS7.2AI score0.02071EPSS
Exploits0
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.2 views

IBM WebSphere Automation 跨站请求伪造漏洞

IBM WebSphere Automation is an operations platform from International Business Machines IBM. automates operational activities to proactively mitigate security risks and accelerate threat remediation. A cross-site request forgery vulnerability exists in IBM WebSphere Automation for IBM Cloud Pak f...

8.8CVSS5.6AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.3 views

PT-2022-15471 · Ibm · Ibm Websphere Automation For Ibm Cloud Pak For Watson Aiops

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Automation for Cloud Pak for Watson AIOps version 1.4.2 Description: The issue is related to cross-site request forgery, caused by improper cookie attribute setting. Recommendations: For IBM WebSphere Automation for Cloud Pak fo...

8.8CVSS4AI score0.00262EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 8:34 p.m.19 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2022-21496, 2022-21299)

Summary IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises is bundled with IBM SPSS, IBM Cognos, IBM DB2 and IBM Websphere Application Server. IBM Websphere Application Server is vulnerable to Multiple Vulnerabilities in IBM® Java SDK CVE-2022-21496, 2022-21299...

5.3CVSS7.1AI score0.02651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:45 a.m.40 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2022-22476)

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

8.8CVSS6.8AI score0.00642EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:43 a.m.23 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server Liberty profile shipped with IBM Business Automation Workflow (CVE-2022-24839)

Summary WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow in User Management Service and Process Federation Server. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty profile have been published in...

7.5CVSS7.5AI score0.02114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:37 a.m.21 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-22476)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

8.8CVSS6.5AI score0.00642EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:36 a.m.21 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-11777)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

7.5CVSS7.4AI score0.00827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary The following CVEs are fixed in 3.5: CVE-2019-11777, CVE-2022-22475 Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: Eclipse Paho Java client could allow a remote attacker to bypass security restrictions, caused by the failure to check the result when connecting to an MQTT server...

7.5CVSS6.6AI score0.00827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.51 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-34165)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.4CVSS5.8AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.24 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-35282)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

6.5CVSS5.2AI score0.00304EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.46 views

Security Bulletin: CP4D Match 360 is impacted due to vulnerability in IBM WebSphere Application Server Liberty spoofing due to Eclipse Paho (CVE-2019-11777)

Summary There is a vulnerability in the Eclipse Paho library used by IBM WebSphere Application Server Liberty with the rtcomm-1.0 or rtcommGateway-1.0 feature enabled. Provided that IBM Match 360 uses WebSphere Liberty Profile, this vulnerability has been addressed in IBM Match 360 v4.5.2 and...

7.5CVSS7.4AI score0.00827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.32 views

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact is vulnerable to information disclosure when the adminCenter-1.0 feature has been enabled (CVE-2022-22393)

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Netcool Impact as the application server host. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-22393...

6.5CVSS5AI score0.00678EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/05 7:6 p.m.58 views

Security Bulletin: IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to arbitrary code execution due to Expat. The Expat library is used by IBM HTTP Server's WebDAV moddav support, but may also be used by third-party Apache HTTP Server modules if they have been loaded into the server by...

8.1CVSS8.8AI score0.01659EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/10/04 12:0 a.m.5 views

CVE-2022-22493

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449...

8.8CVSS6AI score0.00262EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder