Lucene search
+L

611 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/07/11 3:42 p.m.27 views

Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to use of open-vm-tools (CVE-2023-20900)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit hypervisor users to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20900 DESCRIPTION: VMware Tools could allow a remote attacker to bypa...

7.5CVSS7AI score0.01193EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/11 12:35 p.m.16 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to remote code execution (CVE-2024-35154)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a remote code execution vulnerability in the administative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.2CVSS7.3AI score0.01163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 12:28 a.m.39 views

Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)

Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request, ...

7.5CVSS7.4AI score0.01433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 12:27 a.m.41 views

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)

Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID:CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...

7.5CVSS6.5AI score0.00492EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:30 p.m.70 views

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086. Vulnerability Details CVEID:CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...

7.8CVSS8.6AI score0.28058EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:29 p.m.35 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)

Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...

5.9CVSS6.2AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:29 p.m.45 views

Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)

Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using...

6.1CVSS6.5AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:28 p.m.35 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See:...

7.5CVSS6.4AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 7:30 p.m.56 views

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)

Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID:CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...

8.8CVSS8.2AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 3:46 p.m.42 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway (CVE-2023-50310, CVE-2023-50311)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway. This bulletin identifies the steps to take to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50310 DESCRIPTION: IBM CICS...

7.5CVSS5.3AI score0.0039EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 2:45 p.m.29 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Jav...

7.5CVSS5.8AI score0.01299EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 10:40 a.m.86 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial o...

7.5CVSS6.2AI score0.01471EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 2:47 p.m.22 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path CVE-2023-51074. IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability Details...

5.3CVSS5.7AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 11:6 a.m.52 views

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service CVE-2023-4807, CVE-2023-3817 Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in...

7.8CVSS6.8AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/04 12:59 p.m.28 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 1:24 p.m.33 views

Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.

Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details CVEID:CVE-2023-26117 DESCRIPTION: AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the $resource service. By providing...

6.1CVSS5.6AI score0.06817EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 11:31 a.m.53 views

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...

6.5CVSS6.1AI score0.01044EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 2:6 p.m.48 views

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2024 Vulnerability Advisory, plus CVE-2024-3933. For more information please refer to OpenJDK's April 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...

7.3CVSS5.2AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/22 10:31 a.m.34 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar (CVE-2024-28863)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-tar is vulnerable to a denial of service, caused by the lack of...

6.5CVSS6.5AI score0.00929EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/21 3:5 p.m.65 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity XXE injection vulnerability. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are...

7CVSS7.2AI score0.00649EPSS
Exploits0Affected Software1
Rows per page
Query Builder