Lucene search
K

54 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 3:38 p.m.15 views

Security Bulletin: IBM B2B Sterling integrator is affected by Apache Santuario vulnerability to information disclosure

Summary IBM B2B Sterling integrator is vunerable to information disclosure due to Apache Santuario Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the lo...

6.5CVSS5.9AI score0.01212EPSS
Exploits0Affected Software1
Information Security Automation
Information Security Automation
added 2024/10/30 10:51 a.m.27 views

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...

8.1CVSS7AI score0.84345EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 11:31 a.m.52 views

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...

6.5CVSS6.1AI score0.01044EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 7:36 a.m.41 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data may be vulnerable to a remote attacker (CVE-2024-28849)

Summary There is a vulnerability in follow-redirects used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could...

6.5CVSS6.3AI score0.01044EPSS
Exploits1Affected Software1
NVD
NVD
added 2024/04/16 10:15 p.m.23 views

CVE-2024-21080

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: REST Services. Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications...

6.5CVSS6.4AI score0.00509EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/21 11:56 a.m.20 views

Security Bulletin: Vulnerability in IBM® SDK, Java™ Technology affects IBM Cloud Pak System [CVE-2022-3676]

Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...

6.5CVSS6.5AI score0.00589EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/13 10:49 a.m.33 views

Security Bulletin: IBM Event Streams is affected by a remote code execution vulnerability (CVE-2023-26136).

Summary A Remote Code Execution RCE vulnerability in Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Vulnerability Detai...

9.8CVSS8.4AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/24 3:13 p.m.45 views

Security Bulletin: IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat

Summary IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat CVE-2023-41080. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication...

6.1CVSS6.6AI score0.05972EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 5:36 a.m.49 views

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-3676)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type chec...

6.5CVSS6.6AI score0.00589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 2:17 p.m.54 views

Security Bulletin: IBM Safer Payments vulnerable to denial of service attack (CVE-2023-27556)

Summary The API and MCI interfaces of IBM Safer Payments are vulnerable to the Slowloris denial of service attack. This vulnerability is addressed Vulnerability Details CVEID:CVE-2023-27556 DESCRIPTION: IBM Counter Fraud Management for Safer Payments does not properly allocate resources without...

7.5CVSS6.9AI score0.01012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/17 12:9 a.m.40 views

Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2021-28167)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions,...

6.5CVSS6.5AI score0.01104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/23 6:9 a.m.39 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)

Summary IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework ...

6.5CVSS6.4AI score0.03126EPSS
Exploits0Affected Software1
ICS
ICS
added 2022/08/16 6:0 a.m.42 views

LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

6.5CVSS6.3AI score0.00323EPSS
Exploits0References10
Cvelist
Cvelist
added 2021/10/20 10:49 a.m.15 views

CVE-2021-2481

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.3AI score0.02278EPSS
Exploits0References5
VMware
VMware
added 2021/10/12 12:0 a.m.55 views

VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036)

3. VMware vRealize Orchestrator update addresses open redirect vulnerability CVE-2021-22036 VMware vRealize Orchestrator contains an open redirect vulnerability due to improper path handling. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv...

4.3CVSS6.5AI score0.00895EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2021/01/20 3:15 p.m.17 views

CVE-2021-2020

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.3AI score
Exploits0References5
Cvelist
Cvelist
added 2021/01/20 2:50 p.m.20 views

CVE-2021-2020

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.3AI score0.02939EPSS
Exploits0References5
Intel
Intel
added 2020/11/10 12:0 a.m.20 views

Intel CSI2 Host Controller Advisory

Summary: A potential security vulnerability in the Intel Camera Serial Interface CSI 2 Host Controller driver may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0573 Description: Out of bounds read...

5.5CVSS5.1AI score0.00304EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/10/21 3:15 p.m.29 views

CVE-2020-14800

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.5CVSS6.8AI score0.01414EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/29 10:15 a.m.42 views

Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer

Summary Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct...

9.8CVSS0.7AI score0.20985EPSS
Exploits0Affected Software1
Rows per page
Query Builder