Lucene search
K

45 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 6:25 a.m.8 views

Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.

Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...

9.8CVSS6.6AI score0.01525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:45 a.m.11 views

Security Bulletin: Vulnerabilities in GStreamer affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in GStreamer has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47538 DESCRIPTION: GStreamer is a library fo...

9.8CVSS9.8AI score0.01248EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:31 p.m.10 views

CVE-2022-39428

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

9.8CVSS7.4AI score0.36455EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/25 3:24 p.m.12 views

Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100

Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...

10CVSS7.5AI score0.05132EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/22 10:17 p.m.30 views

Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2023-36665)

Summary Protobuf is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-36665. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary co...

9.8CVSS9.7AI score0.01422EPSS
Exploits1Affected Software1
CVE
CVE
added 2024/04/16 9:26 p.m.79 views

CVE-2024-21014

CVE-2024-21014 concerns Oracle Hospitality Simphony, specifically the Simphony Enterprise Server. Technical details in connected docs show: affected versions are 19.1.0 through 19.5.4; root cause is insufficient input validation; attacker needs network access via HTTP and no authentication. Impac...

9.8CVSS8.8AI score0.00845EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 10:34 p.m.25 views

Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]

Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...

9.8CVSS9.8AI score0.01017EPSS
Exploits1Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.25 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful...

7.5CVSS9.4AI score0.00625EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/18 9:8 a.m.58 views

Security Bulletin: Vulnerability in Golang Go could affect IBM CICS TX Advanced [CVE-2023-24538]

Summary CVE-2023-24538 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not properly consider backticks as...

9.8CVSS9.9AI score0.02281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/19 11:52 a.m.72 views

Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/09 4:57 p.m.112 views

Security Bulletin: Code injection vulnerability affect IBM Business Automation Workflow (CVE-2022-42920)

Summary IBM Business Automation Workflow packages Apache Commons BCEL. A code injection vulnerability affecting BCEL was reported. CVE-2022-42920 Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an...

9.8CVSS9.8AI score0.02836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 11:29 p.m.38 views

Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 7:26 p.m.43 views

Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525)

Summary Due to a deserialization flaw withinin Jackson JSON library IBM Business Process Manager is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: A deserialization flaw within the Jackson JSON library in the readValue method of the...

9.8CVSS9.6AI score0.37925EPSS
Exploits7Affected Software4
NVD
NVD
added 2022/04/19 9:15 p.m.54 views

CVE-2022-21445

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

9.8CVSS0.6201EPSS
Exploits1References2
Tibco
Tibco
added 2022/02/02 9:40 p.m.15 views

TIBCO Security Advisory: February 15, 2022 - TIBCO AuditSafe -2022-22770

TIBCO AuditSafe API Authentication vulnerability Original release date: February 15, 2022 Lastrevised: --- CVE-2022-22770 Source: TIBCOSoftware Inc. Products Affected TIBCO AuditSafe versions 1.1.0 and below The following component is affected: Web Server Description The component listed above...

9CVSS7.7AI score0.01128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/08 10:57 a.m.23 views

Security Bulletin: IBM App Connect Enterprise Certified Container Designers may be vulnerable to arbitrary code execution via CVE-2021-3757

Summary IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution via CVE-2021-3757. This only affects App Connect Designers Vulnerability Details CVEID: CVE-2021-3757 DESCRIPTION: Node.js immer module could allow a remote attacker to execute arbitrary code on t...

9.8CVSS2.1AI score0.01651EPSS
Exploits1Affected Software1
ICS
ICS
added 2021/07/13 12:0 a.m.169 views

Schneider Electric Modicon Controllers and Software (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...

9.1CVSS8.4AI score0.01014EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.18 views

Oracle Access Manager Webgate Information Disclosure (Oct 2020 CPU)

Binary data oracleaccessmanagerwebgatecve201811058.nbin...

9.8CVSS7.3AI score0.04012EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/01 9:49 p.m.28 views

Security Bulletin: jackson-databind vulnerability CVE-2021-20190 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

Summary Jackson-databind vulnerability CVE-2021-20190 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0.0. The fix for this vulnerability was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer...

8.3CVSS2.4AI score0.07483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/20 5:30 a.m.31 views

Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are affected by vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser (CVE-2018-1311)

Summary Vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser affect IBM Integration Bus and IBM App Connect Enterprise . IBM App Connect Enterprise and IBM Integration Bus have addressed the applicable CVEs Vulnerability Details CVEID: CVE-2018-1311 DESCRIPTION: Apache Xerces-C could allo...

8.1CVSS1.4AI score0.09503EPSS
Exploits0
Rows per page
Query Builder