Lucene search
K

66 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 3:6 a.m.16 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to weaker than expected security due to Node.js bcprov-jdk15on (235079)

Summary IBM Sterling Connect:Direct Web Services uses Node.js org.bouncycastle:bcprov-jdk15on module which could provide weaker than expected security. The issue has been addressed. Vulnerability Details IBM X-Force ID: 235079 DESCRIPTION: Node.js org.bouncycastle:bcprov-jdk15on module could...

7.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 10:36 a.m.35 views

Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security

Summary FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security, caused by not having entity expansion secured properly CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...

7.5CVSS7.5AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 4:58 p.m.38 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2022-35255 and CVE-2022-35256

Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands may be vulnerable to HTTP request smuggling and weaker than expected security. This bulletin provides patch...

9.1CVSS8.2AI score0.02587EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 2:32 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.5. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker cou...

9.8CVSS9.3AI score0.68796EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 8:22 p.m.99 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...

9.1CVSS7.9AI score0.02587EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/03 6:44 p.m.58 views

Security Bulletin: Multiple Vulnerabilities in Cloud Pak for Watson AIOPs

Summary 3.5 Fixes the following vulnerabilities: CVE-2022-1154, CVE-2018-25032, CVE-2020-29582, CVE-2022-24329, CVE-2022-29217, CVE-2022-22476, CVE-2022-1271, CVE-2022-0778 Vulnerability Details CVEID:CVE-2022-1154 DESCRIPTION: Vim is vulnerable to a heap-based buffer overflow, caused by a...

8.8CVSS9.3AI score0.70561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/21 8:55 p.m.55 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Summary Multiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION:...

10CVSS9.1AI score0.95764EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/11 4:0 p.m.76 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...

9.8CVSS0.9AI score0.99677EPSS
Exploits120Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/12 3:21 a.m.67 views

Security Bulletin: Vulnerabilities in Celery, Golang Go, and Python affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift

Summary Vulnerabilities in Celery, Golang Go, and Python such as execution of arbitrary commands, denial of service, and weaker than expected security might affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and Red Hat OpenShift Vulnerability Details CVEID: CVE-2021-237...

9.1CVSS9.9AI score0.08325EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/07 6:28 a.m.40 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-13938 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of insufficient...

5.5CVSS0.7AI score0.52331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 2:43 p.m.40 views

Security Bulletin: Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Bouncy Castle, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacke...

9.8CVSS0.4AI score0.24282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 3:46 p.m.38 views

Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There is various type of vulnerabilities in Bouncy Castle that affect Apache Solr. The list can be found at Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute...

9.8CVSS0.4AI score0.04767EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/05 7:10 p.m.85 views

Security Bulletin: Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000613, CVE-2017-13098, CVE-2018-1000180)

Summary Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection fl...

9.8CVSS2.1AI score0.24282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 5:7 p.m.56 views

Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox

Summary Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown...

9.8CVSS0.9AI score0.26587EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/20 2:38 p.m.36 views

Security Bulletin: A Security vulnerability in Apache Tomcat used by Rational Build Forge (CVE-2017-15706)

Summary There is a potential security vulnerability in the Apache Tomcat used by Rational Build Forge. Vulnerability Details CVEID: CVE-2017-15706 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by the incorrect documentation of the CGI search algorithm used by the...

5.3CVSS5.7AI score0.06198EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.44 views

Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics

Summary Expat vulnerabilities were disclosed August and September 2016. Expat is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2012-6702 DESCRIPTION: Expat, when used in a parser that has not called XMLSetHashSalt or passe...

9.8CVSS0.8AI score0.13335EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/19 12:39 a.m.57 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities

Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-1137 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive...

10CVSS0.7AI score0.93838EPSS
Exploits45Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/02 2:20 a.m.27 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194)

Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities related to IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1567 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through th...

9.8CVSS1.6AI score0.0376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/29 7:35 a.m.25 views

Security Bulletin: Weaker than expected security in WebSphere Application Server (shipped with Jazz for Service Management) with SP800-131 transition mode (CVE-2018-1996)

Summary There is a potential for weaker than expected security in WebSphere Application Server with SP800-131 transition mode and SSLTLSv2. Vulnerability Details CVEID: CVE-2018-1996 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security, caused by the improper...

5.3CVSS0.8AI score0.01142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.118 views

Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs...

5CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
Rows per page
Query Builder