Lucene search
K

395 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/01/08 1:47 p.m.32 views

Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure

Summary IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure. Vulnerability Details IBM X-Force ID: 268195 DESCRIPTION: Presto is vulnerable to server-side request forgery, caused by improper validating the...

6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/01 12:45 p.m.27 views

Security Bulletin: IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857

Summary IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/01 12:43 p.m.52 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487

Summary IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application...

9.8CVSS8.1AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/26 11:31 a.m.42 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. [CVE-2023-39017]

Summary IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: Quartz Job Scheduler could allow a remote attacker to execut...

9.8CVSS9.8AI score0.01017EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:7 p.m.24 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)

Summary IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. Vulnerability Details CVEID:CVE-2023-29258 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service through a...

7.5CVSS7AI score0.01053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 7:56 p.m.52 views

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)

Summary IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Vulnerability Details CVEID:CVE-2023-38003 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user with DATAACCESS privileges to execute...

7.2CVSS8AI score0.01086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/19 4:51 p.m.24 views

Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804

Summary IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...

8.1CVSS6.9AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 5:10 a.m.42 views

Security Bulletin: IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635

Summary IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by...

7.5CVSS6.5AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 8:23 p.m.20 views

Security Bulletin: IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920

Summary IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tug...

9.8CVSS8.4AI score0.00468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 5:21 p.m.34 views

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses Apache ActiveMQ software, as a core module in processing analytics data. The vulnerability CVE-2023-46604 found in Apache ActiveMQ could be exploited to download and infect Linux systems with the Kinsing malware. This bulletin identifies t...

10CVSS9.5AI score0.99654EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 2:8 p.m.33 views

Security Bulletin: IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010_x86_64.whl which is vulnerable to CVE-2023-41419

Summary IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010x8664.whl which is vulnerable to CVE-2023-41419. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to...

9.8CVSS9.6AI score0.01334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 11:58 a.m.24 views

Security Bulletin: Apache Commons Compress component is vulnerable to CVE-2023-42503 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Apache Commons Compress package which is vulnerable to CVE-2023-42503. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to ope...

5.5CVSS6.2AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 7:19 p.m.37 views

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34042 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security, which is vulnerable to CVE-2023-34042. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could...

5.5CVSS4.9AI score0.00216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 7:18 p.m.53 views

Security Bulletin: Netty is vulnerable to CVE-2023-4586 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty which is vulnerable to CVE-2023-4586. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by th...

7.4CVSS7.3AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 7:15 p.m.6 views

Security Bulletin: Tornado is vulnerable to 263690 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses tornado, which is vulnerable to 263690. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 263690 DESCRIPTION: Tornado Web Server is vulnerable to HTTP request smuggling, caus...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 7:13 p.m.35 views

Security Bulletin: Babel-traverse is vulnerable to CVE-2023-45133 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses babel-traverse which is vulnerable to CVE-2023-45133. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute...

9.3CVSS8.9AI score0.0052EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 5:53 p.m.13 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-38737 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-38737. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application...

7.5CVSS6.6AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 5:48 p.m.30 views

Security Bulletin: Urllib3 is vulnerable to CVE-2023-43804 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses urllib3 which is vulnerable to CVE-2023-43804. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obta...

8.1CVSS6.9AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 3:31 p.m.65 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609)

Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary...

9.8CVSS9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 3:18 p.m.51 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...

7.5CVSS7.5AI score0.00925EPSS
Exploits0Affected Software1
Rows per page
Query Builder