Lucene search
+L

30 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 10:53 a.m.18 views

Security Bulletin:Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request,...

7.5CVSS6.6AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/13 2:12 p.m.15 views

Security Bulletin: IBM Master Data Management Server vulnerable to a denial of service from IBM Business Workflow Automation Event Emitters using snappy

Summary IBM Master Data Management version 14.0 is vulnerable to a denial of service from a package of snappy being used in IBM Business Workflow Automation Event Emitters. snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a speciall...

7.5CVSS6.6AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 7:56 a.m.76 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

10CVSS9.9AI score0.99999EPSS
Exploits140Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/23 7:39 a.m.23 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java (CVE-2023-43642).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java component. In IBM Event Streams, Snappy-java boosts performance by compressing event payloads before transmission and decompressing them on the client side, reducing bandwidth usage and improving data...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/01 12:0 a.m.63 views

Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. - jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted objec...

9.8CVSS7.9AI score0.10608EPSS
Exploits13References24
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:44 a.m.33 views

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS7.6AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:44 a.m.30 views

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS7.6AI score0.01762EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.69 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update

Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.4AI score0.99931EPSS
Exploits47References25
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/11 1:33 p.m.13 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to denial of service due to snappy-java (CVE-2023-43642)

Summary IBM Sterling B2B Integrator uses snappy-java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sendin...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 6:46 p.m.34 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

7.5CVSS7.2AI score0.04211EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 2:15 p.m.36 views

Security Bulletin: IBM Maximo Asset Management application is vulnerable to an Allocation of Resources Without Limits or Throttling in snappy-java-1.1.10.1.jar (CVE-2023-43642)

Summary IBM Maximo Asset Management application is vulnerable to an Allocation of Resources Without Limits or Throttling in snappy-java-1.1.10.1.jar Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chu...

7.5CVSS7.4AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 1:53 p.m.14 views

Security Bulletin: There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43642)

Summary There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By...

7.5CVSS7.4AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 11:27 p.m.22 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in snappy-java [CVE-2023-43642]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in snappy-java , caused by missing upper bound check on chunk length CVE-2023-43642. Snappy-java is used as a component of our Speech microservices. This vulnerabilitiy has been addressed...

7.5CVSS7.2AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 1:15 p.m.24 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-43642]

Summary Potential snappy-java denial of service, vulnerability caused by caused by missing upper bound check on chunk length have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information...

7.5CVSS7.5AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 4:12 a.m.55 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

9.8CVSS10AI score0.04322EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/29 12:0 a.m.81 views

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...

7.7CVSS7AI score0.16195EPSS
Exploits4References11
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 2:2 p.m.34 views

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused...

7.5CVSS7.5AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:32 p.m.33 views

Security Bulletin: IBM Security Verify Information Queue has a third-party library vulnerability (CVE-2023-43642)

Summary IBM Security Verify Information Queue ISIQ v10.0.7 has upgraded its Apache Kafka client to remediate a vulnerability in the snappy-java compression library. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper...

7.5CVSS7.4AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 1:3 p.m.29 views

Security Bulletin: Vulnerabilities in snappy-java, Python, postgresql, Golang might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in snappy-java, Python, PostgreSQL, and Golang Go. Vulnerabilities include causing a denial of service condition, causing a CPU denial of service condition, gaining access to the server's resources without being...

8.8CVSS8.4AI score0.03796EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 5:50 p.m.15 views

Security Bulletin: Snappy-java is vulnerable to CVE-2023-43642 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses snappy-java which is vulnerable to CVE-2023-43642. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, cause...

7.5CVSS7.4AI score0.0104EPSS
Exploits1Affected Software1
Rows per page
Query Builder