Lucene search
+L

611 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 11:40 a.m.47 views

Security Bulletin: IBM DataPower Gateway is vulnerable to Denial of Service due to use of Node.js

Summary NodeJS is used by IBM DataPower Gateway as part of the API-GWY management interface CVE-2024-22019 Vulnerability Details CVEID:CVE-2024-22019 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error when reading unprocessed HTTP request with unbounded chunk extension...

7.5CVSS6.1AI score0.03168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 3:56 p.m.24 views

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow (IBM X-Force ID 270419)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 270419 DESCRIPTION: Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a special...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 12:30 a.m.30 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Pallets Werkzeug (CVE-2023-46136)

Summary A vulnerability in Pallets Werkzeug used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...

8CVSS7.3AI score0.01072EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 10:24 a.m.40 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to node.js package IP [CVE-2023-42282]

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to node.js package IP. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:49 p.m.57 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to json-path [CVE-2023-51074]

Summary The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to json-path. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:37 p.m.29 views

Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability

Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-0727. Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted...

5.5CVSS5.9AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 1:18 p.m.21 views

Security Bulletin: IBM Integration Bus for z/OS Admin WebUI is vulnerable to a CSRF attack (CVE-2024-27265)

Summary IBM Integration Bus for z/OS Admin WebUI is vulnerable to a CSRF attack which could lead to arbitrary code execution. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27265 DESCRIPTION: IBM Integration Bus for z/OS is vulnerable...

6.5CVSS6.1AI score0.00239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/07 11:42 a.m.23 views

Security Bulletin: Vulnerability in Apache Shiro affects IBM WebSphere Service Registry and Repository

Summary A bypass access restrictions vulnerability in Apache Shiro CVE-2023-22602 affects IBM WebSphere Service Registry and Repository. This bulletin identifies the steps to take to address this vulnerability. Vulnerability Details CVEID:CVE-2023-22602 DESCRIPTION: Apache Shiro could allow a...

7.5CVSS7.4AI score0.01553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 3:41 p.m.114 views

Security Bulletin: IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425)

Summary IBM HTTP Server, which is used by IBM WebSphere Application Server, is vulnerable to a denial of service due to libexpat using a specially crafted request. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system...

7.5CVSS7.8AI score0.01815EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 10:0 a.m.79 views

Security Bulletin: IBM MQ Appliance is vulnerable to open redirect due to follow-redirects (CVE-2023-26159)

Summary Follow-redirects is used by IBM MQ Appliance as part of the MQ Console. CVE-2023-26159. Vulnerability Details CVEID: CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit...

7.3CVSS6.1AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 9:54 a.m.39 views

Security Bulletin: IBM MQ Appliance is vulnerable to denial of service (CVE-2024-25016)

Summary IBM MQ Appliance is vulnerable to denial of service due to incorrect buffering logic. Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. CVSS Base...

7.5CVSS7.3AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 4:24 p.m.57 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow Event Emitters - CVE-2023-51074

Summary IBM Business Automation Workflow Event Emitters are vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a speciall...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 9:59 p.m.66 views

Security Bulletin: IBM MQ is vulnerable to denial of service (CVE-2024-25016)

Summary IBM MQ has addressed a denial of service vulnerability due to incorrect buffering logic. Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. CVSS Ba...

7.5CVSS7.3AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 9:58 p.m.23 views

Security Bulletin: IBM MQ is vulnerable to an issue in libqb (CVE-2023-39976)

Summary IBM MQ has addressed a vulnerability in libqb, which is only applicable when the RDQM package is installed and configured as part of an HA group on RHEL 9. Vulnerability Details CVEID:CVE-2023-39976 DESCRIPTION: ClusterLabs libqb is vulnerable to a buffer overflow, caused by improper boun...

9.8CVSS9.8AI score0.00984EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 8:22 p.m.29 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

6.5CVSS5.5AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 8:18 p.m.18 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

6.5CVSS5.5AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 4:57 p.m.95 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...

6.2CVSS6.2AI score0.00116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 6:7 a.m.12 views

Security Bulletin: vulnerability in jackson-core might affect IBM Business Automation Workflow - PRISMA-2023-0067

Summary IBM Business Automation Workflow might be affected by a vulnerability in jackson-core. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 3:2 p.m.27 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to MiniZip (CVE-2023-45853)

Summary MiniZip, in IBM App Connect Enterprise and IBM Integration Bus for z/OS is vulnerable to a denial of service. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip is vulnerable to a denial of service, caus...

9.8CVSS9.5AI score0.03179EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/16 6:40 p.m.26 views

Security Bulletin: IBM Workload Automation affected by multiple vulnerabilities in RHEL (CVE-2023-32681, CVE-2022-48468)

Summary IBM Workload Automation container solution is affectedby multiple vulnerabilities found in RHEL. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to...

6.1CVSS7AI score0.02974EPSS
Exploits1Affected Software1
Rows per page
Query Builder