Lucene search
K

81 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 12:7 p.m.45 views

Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack

Summary IBM Workload Scheduler is vulnerable to XML External Entity Injection XXE exploitation while handling uploaded XML configuration files. Vulnerability Details CVEID:CVE-2022-38389 DESCRIPTION: IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injectio...

9.1CVSS8.2AI score0.01286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:50 p.m.76 views

Security Bulletin: There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management (CVE-2022-21681, CVE-2022-21680)

Summary There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in inline.reflinkSearch. By...

7.5CVSS7.6AI score0.02828EPSS
Exploits2Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:56 p.m.34 views

Security Bulletin: IBM Workload Scheduler potentially affected by jsoup XSS attacks (CVE-2022-36033)

Summary IBM Workload Scheduler is vulnerable to XSS attacks caused by jsoup, which may incorrectly sanitize HTML including javascript: URL expressions. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-suppli...

6.1CVSS6.5AI score0.01208EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:54 p.m.32 views

Security Bulletin: IBM Workload Scheduler potentially affected by vulnerability in Eclipse Openj9 (CVE-2021-41041)

Summary Eclipse Openj9 is vulnerable to attacks bypassing security restrictions that can potentially affect IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...

5.3CVSS5.4AI score0.00985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:49 p.m.44 views

Security Bulletin: IBM Workload Scheduler potentially affected by cross-site scripting vulnerability in jQuery UI (CVE-2022-31160)

Summary jQuery UI is vulnerable to cross-site scripting attack that can potentially affect IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of...

6.1CVSS6.2AI score0.01933EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 3:45 p.m.46 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle April 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...

5.3CVSS6.6AI score0.02805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/25 6:48 p.m.31 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect App Connect Professional.

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Jul pr 2022, App Connect Professional have addressed the applicable CVEs. These vulnerabilities are addressed in App connec...

5.9CVSS6.7AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/24 4:46 p.m.31 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server Liberty shipped with Cloud Pak System (CVE-2022-22393, CVE-2022-22475)

Summary Vulnerabilities have been identified in WebSsphere Application Server Liberty shipped wioth Cloud Pak System. IBM Cloud Pak System ship with optional Single- Sign-On SSO feature. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty have been...

6.5CVSS5.5AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 4:54 p.m.25 views

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

5.8CVSS6.2AI score0.09254EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 4:54 p.m.40 views

Security Bulletin: IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

5.8CVSS6.2AI score0.09254EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 4:52 p.m.42 views

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2021-23926

Summary IBM TRIRIGA Application Platform discloses CVE-2021-23926 Vulnerability Details CVEID:CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML data. By sending a specially-crafted XML request, a remote...

9.1CVSS9AI score0.06215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 4:40 p.m.31 views

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2016-3093

Summary IBM TRIRIGA Application Platform discloses CVE-2016-3093 Vulnerability Details CVEID:CVE-2016-3093 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker...

5.3CVSS5.4AI score0.08667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 4:22 p.m.45 views

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-11987

Summary IBM TRIRIGA Application Platform discloses CVE-2020-11987 Vulnerability Details CVEID:CVE-2020-11987 DESCRIPTION: Apache XML Graphics Batik is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an...

8.2CVSS7.8AI score0.13635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 11:53 p.m.48 views

Security Bulletin: Power Systems Firmware affected by vulnerability in OpenSSL (CVE-2016-0797)

Summary Power Systems Firmware affected by vulnerability in OpenSSL CVE-2016-0797 Vulnerability Details CVEID: CVE-2016-0797 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BNhex2bn/BNdec2bn function. An attacker could exploit this...

7.5CVSS7.4AI score0.27022EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 6:11 a.m.54 views

Security Bulletin: OpenSSL vulnerability affects App Connect professional v7.5.4.

Summary OpenSSL vulnerability is addressed in ACP v7.5.5.0, customer can migrate to this version without incurring any additional cost. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused b...

10CVSS1.5AI score0.83223EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/08 4:13 p.m.14 views

Security Bulletin: Clickjacking vulnerability in IBM WebSphere Application Server affects Cloud Pak System

Summary A Clickjacking vulnerability has been identified in IBM WebSphere Application Server, a supporting product which is shipped as pattern type with Cloud Pak System. This Security bulletin applies to Cloud Pak System Software and Cloud Pak System Software Suite. Vulnerability Details Refer t...

1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/25 11:1 p.m.16 views

Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by verbose error message (CVE-2020-4357)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4357 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitiv...

4.3CVSS1.1AI score0.00994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 12:49 p.m.20 views

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which is packaged in IBM ESS (CVE-2022-22368)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale which is packagaed in IBM ESS that could allow an attacker to decrypt highly sensitive information. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2022-22368 DESCRIPTION: IBM...

7.5CVSS1.3AI score0.00694EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 12:34 p.m.37 views

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unauthorized user can send arbitrary data to the CLI commands and daemon (CVE-2020-4926)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale where an unauthorized user can send arbitrary data to the CLI commands and daemon. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4926 DESCRIPTION: A vulnerability in the...

9.1CVSS2.8AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/02 12:35 p.m.16 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2021-39038)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Spectrum Scale, which could allow a remote attacker to hijack the victim's click actions and possibly launch further attacks against the victim. Vulnerability Details CVEID: CVE-2021-39038 DESCRIPTION: IBM...

5.4CVSS1.8AI score0.00689EPSS
Exploits0Affected Software1
Rows per page
Query Builder