CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed. Vulnerability Details CVEID:CVE-2024-38319 DESCRIPTION: IBM Security SOAR could allow an authenticated user to execute malicious code loaded from a...

8.8CVSS7.6AI score0.0046EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/07/19 9:40 p.m.•24 views

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-2773)

Summary IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE. Vulnerability Details CVEID:CVE-2020-2773 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service...

4.3CVSS5.4AI score0.03625EPSS

Exploits0

IBM Security Bulletins•added 2021/12/23 5:25 p.m.•36 views

Security Bulletin: A dependency of ElasticSearch as used in IBM® Resilient SOAR is vulnerable to Apache Log4j (CVE-2021-44228).

Summary Apache Log4j, a dependency of ElasticSearch as used in IBM® Resilient SOAR, is vulnerable to information disclosure. Elastic Search is used by IBM® Resilient SOAR for text search. This bulletin provides a mitigation for the vulnerability. Customers are encouraged to update their systems n...

10CVSS1AI score0.99999EPSS

Exploits347Affected Software1

IBM Security Bulletins•added 2021/06/17 10:18 p.m.•23 views

Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2021-20527)

Summary It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed. Vulnerability Details CVEID: CVE-2021-20527 DESCRIPTION: IBM Resilient SOAR could allow a privileged user to create create malicious scripts that could...

7.2CVSS1.1AI score0.01073EPSS

Exploits0

OSV•added 2021/06/16 5:15 p.m.•1 views

CVE-2021-20567

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239...

4.4CVSS5.8AI score0.00114EPSS

Exploits0References2

OSV•added 2021/06/16 5:15 p.m.•1 views

CVE-2021-20566

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238...

7.5CVSS5.8AI score0.0071EPSS

Exploits0References2

NVD•added 2021/06/16 5:15 p.m.•11 views

CVE-2021-20567

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239...

4.4CVSS0.00114EPSS

Exploits0References2

Cvelist•added 2021/06/16 4:15 p.m.•11 views

CVE-2021-20567

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239...

4.4CVSS4.4AI score0.00114EPSS

Exploits0References2

CVE•added 2021/06/16 4:15 p.m.•34 views

CVE-2021-20566

CVE-2021-20566 concerns IBM Resilient OnPrem (IBM Security SOAR) where TLS1.2 ciphers not enabled for Perfect Forward Secrecy allow potential decryption of sensitive data if an attacker records traffic. The IBM security bulletin notes the vulnerability stems from weaker cryptographic algorithms; ...

7.5CVSS7.2AI score0.0071EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/06/16 4:15 p.m.•17 views

CVE-2021-20566

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238...

5.9CVSS7.3AI score0.0071EPSS

Exploits0References2

IBM Security Bulletins•added 2021/06/15 7:15 p.m.•43 views

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Eclipse Jetty (CVE-2021-28163, CVE-2021-28164, CVE-2021-28165)

Summary IBM Resilient SOAR is Using Components with Known Vulnerabilities - Eclipse Jetty. Vulnerability Details CVEID: CVE-2021-28163 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the $jetty.base directory or the...

7.8CVSS0.3AI score0.82371EPSS

Exploits9

IBM Security Bulletins•added 2021/05/18 8:57 p.m.•26 views

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14782)

Summary IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE CVE-2020-14782 Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentialit...

4.3CVSS1.3AI score0.02245EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/05/18 8:55 p.m.•32 views

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14803, CVE-2020-27221)

Summary IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE CVE-2020-14803, CVE-2020-27221 Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in ...

9.8CVSS1AI score0.03122EPSS

Exploits0Affected Software1

NVD•added 2021/04/19 5:15 p.m.•16 views

CVE-2021-20527

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759...

7.2CVSS0.01073EPSS

Exploits0References2

Prion•added 2021/04/19 5:15 p.m.•17 views

Code injection

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759...

6.5CVSS6.5AI score0.01073EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by