Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2021/06/08 9:47 p.m.•106 views

Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities

Summary IBM DataPower Gateway has addressed the following vulnerabilities: CVE-2019-9513 CVE-2019-9511 Vulnerability Details CVEID: CVE-2019-9513 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and...

7.8CVSS1AI score0.82017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:34 p.m.•105 views

Security Bulletin: Recommended mitigation for SSH "Terrapin" vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary The SSH "Terrapin" vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products when using the [email protected] cipher. This cipher can be disabled with a chsecurity command to fix the vulnerability. Vulnerability Details...

5.9CVSS7AI score0.9378EPSS
Exploits4Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/29 2:36 p.m.•105 views

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error...

9.1CVSS7.1AI score0.04134EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/24 5:46 p.m.•105 views

Security Bulletin: Flask is vulnerable to CVE-2023-30861 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Flask which is vulnerable to CVE-2023-30861. Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a...

7.5CVSS7.4AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•105 views

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could...

7.1CVSS6.2AI score0.06868EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/01 11:37 a.m.•105 views

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-45105 and CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is no...

10CVSS0.6AI score0.99999EPSS
Exploits355Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2021/07/23 1:9 p.m.•105 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp...

8.2CVSS7.3AI score0.99019EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/12/18 2:26 p.m.•105 views

Security Bulletin: IBM i is affected by CVE-2018-20685, CVE-2019-6111, and CVE-2019-6109 vulnerabilities in OpenSSH.

Summary OpenSSH is used by IBM i. IBM i has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-6109 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by missing character encoding in the progress display. A man-in-the-middle attacke...

6.8CVSS1.5AI score0.58204EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/05/17 4:5 p.m.•105 views

Security Bulletin: A vulnerability in Python affects PowerKVM

Summary PowerKVM is affected by a vulnerability in Python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2019-9636 DESCRIPTION: Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a remote attacker to obtain sensitive information, caused by...

9.8CVSS0.8AI score0.08811EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/01/31 1:35 a.m.•105 views

Security Bulletin: Multiple potential vulnerabilities in OpenSSL fixed in Chassis Management Module (CMM) (CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508)

Summary OpenSSL disclosed several vulnerabilities in August 2014. Seven of those vulnerabilities apply to the version of OpenSSL used by Flex Systems Chassis Management Module CMM. Vulnerability Details Abstract OpenSSL disclosed several vulnerabilities in August 2014. Seven of those...

6.8CVSS0.7AI score0.51436EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2024/10/17 12:20 a.m.•104 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker ...

10CVSS9.7AI score0.99999EPSS
Exploits65Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/24 10:4 p.m.•104 views

Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)

Summary Vulnerability in RPM could allow a remote authenticated attacker to execute arbitrary code CVE-2023-7104. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper boun...

7.3CVSS7.8AI score0.01249EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/07 10:45 p.m.•104 views

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in xorg-x11

Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in xorg-x11. Vulnerability Details CVEID: CVE-2015-9262 DESCRIPTION: libXcursor is vulnerable to a one-byte heap-based buffer overflow, caused by improper bounds checking by the XcursorThemeInherits in...

9.8CVSS1.4AI score0.2704EPSS
Exploits39Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/22 5:22 p.m.•104 views

Security Bulletin: IBM MQ is affected by vulnerabilities in libcURL (CVE-2023-23916, CVE-2023-27535)

Summary Multiple issues were identified within the libcurl library that affect IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2023-23916 DESCRIPTION: cURL...

6.5CVSS7.9AI score0.01703EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:14 p.m.•104 views

Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Standard

Summary IBM CICS TX Standard has addressed vulnerability CVE-2020-9283 in golang x/crypto Vulnerability Details CVEID:CVE-2020-9283 DESCRIPTION: Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package...

7.5CVSS7.3AI score0.21052EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/10 8:5 p.m.•104 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Spring Framework (CVE-2022-22970)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability in Spring Framework shipped with the product. Vulnerability Details CVEID:CVE-2022-22970 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling...

5.3CVSS6.9AI score0.01853EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 9:4 p.m.•104 views

Security Bulletin: Multiple vulnerabilities in Apache Axis affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite

Summary There are multiple vunerabilities in Apache Axis that are used by IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2018-8032 DESCRIPTION: Apache Axis is vulnerable to cross-site scripting, caused by improper...

7.5CVSS7.1AI score0.86503EPSS
Exploits8Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/28 3:5 a.m.•104 views

Security Bulletin: Vulnerability in WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2022-22477)

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

6.1CVSS6.2AI score0.00495EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/20 5:4 p.m.•104 views

Security Bulletin: Vulnerabilities in log4j could affect Name Analyzer in IBM InfoSphere Global Name Management (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that was included in IBM InfoSphere Global Name Management GNM. This Vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/04 9:53 p.m.•104 views

Security Bulletin: IBM Security Verify Governance Products NOT Affected by CVE-2021-44228 Exploit

Summary IBM Security Verify Governance Products NOT Affected by CVE-2021-44228 Exploit Vulnerability Details After conducting extensive research product code base, it is determined that none of the products outlined below are using the vulnerable Java library log4j version with JNDI exploit...

10CVSS0.7AI score0.99999EPSS
Exploits351Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/24 8:37 a.m.•104 views

Security Bulletin: IBM Tivoli Netcool/OMNIbus Web GUI is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-45046,CVE-2021-45105)

Summary IBM Tivoli Netcool/OMNIbus Web GUI is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-45046 and denial of service due to Apache Log4j CVE-2021-45105. IBM Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server WAS...

9CVSS0.5AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/11 9:2 p.m.•104 views

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary The IBM Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These have been addressed in IBM Planning Analytics 2.0 - IBM Planning Analytics Workspace 2.0.72. Vulnerability Details CVEID: CVE-2021-21366 DESCRIPTION: Node.js xmldom modu...

10CVSS10.5AI score0.99999EPSS
Exploits381Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/11 5:44 p.m.•103 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8

Summary Multiple vulnerabilities were found with IBM® Runtime Environment Java™ Technology Edition, Version 8 which is shipped with IBM MQ CVE-2022-21624, CVE-2022-21626 Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security compone...

5.3CVSS5.6AI score0.01746EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/05 2:52 p.m.•103 views

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)

Summary IBM WebSphere Application Server could provide weaker than expected security. This has been addressed in the Remediation/Fixes section. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security, caused by the...

5.5CVSS5.1AI score0.00122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/24 9:4 p.m.•103 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2020-7789, CVE-2020-7598, CVE-2021-44906 , XFID: 216835, XFID: 220063)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP1 These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP6 where applicable. The following 3rd party components are used by IBM Cognos Analytics: Apache Lucene is a...

9.8CVSS9.3AI score0.04581EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/13 4:46 p.m.•103 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Spring Security (CVE-2022-31692, CVE-2022-22978)

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Spring Security Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...

9.8CVSS9.4AI score0.10037EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 3:28 p.m.•103 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-44228)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a securi...

10AI score0.99999EPSS
Exploits351Affected Software8
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/29 11:14 p.m.•103 views

Security Bulletin: Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2022-0778) and privilege escalation (CVE-2022-1292)

Summary IBM Virtualization Engine TS7700 is vulnerable to denial of service CVE-2022-0778 and privilege escalation CVE-2022-1292 due to the use of OpenSSL. OpenSSL is used by IBM Virtualization Engine TS7700 for inbound and outbound TLS connections other than those provided by the Management...

10CVSS9.9AI score0.83223EPSS
Exploits7Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/08 8:28 a.m.•103 views

Security Bulletin: Vulnerabilities in Spring Framework affect IBM Cloud Pak System (CVE-2022-22965, CVE-2020-5421)

Summary IBM Cloud Pak System is affected by a remote code execution in Spring Framework CVE-2022-22965 and CVE-2020-5421. IBM Cloud Pak System ships with AWS component that includes it but is not used by it. The fix removes Spring from the product. This security bulletin service applies to IBM...

9.8CVSS9.5AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/07 6:37 a.m.•103 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2021-39038, CVE-2021-23450) may impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology

Summary IBM Engineering Lifecycle Management ELM products based on IBM Jazz technology may integrate with IBM WebSphere Application Server Liberty WAS Liberty. Please review the following WAS Liberty Bulletins covering CVE-2021-39038, CVE-2021-23450 and take corrective actions. Vulnerability...

9.8CVSS2.2AI score0.30367EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/24 5:6 p.m.•103 views

Security Bulletin: Multiple vulnerabilities impact DS8000 HMC

Summary There are multiple vulnerabilities in the DS8000 HMC which are covered in this bulletin. These include: The Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. Multiple vulnerabilities in OpenSSL that were disclosed on October 15, 2014 by the OpenSSL...

7.8CVSS5.4AI score0.99999EPSS
Exploits14Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2021/10/29 9:37 p.m.•103 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js

Summary Multiple vulnerabilities in Node.js that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file...

9.8CVSS0.6AI score0.37286EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/10/18 2:25 p.m.•103 views

Security Bulletin: IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities

Summary IBM Security Risk Manager on CP4S has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

8.7CVSS0.6AI score0.10736EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/10/18 6:27 a.m.•103 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-40438, CVE-2021-34798)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

1AI score0.99999EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/07/09 1:44 p.m.•103 views

Security Bulletin: A cross-site scripting vulnerability in JQuery affects IBM InfoSphere Information Server

Summary A cross-site scripting vulnerability in JQuery used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

6.1CVSS6.6AI score0.29726EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/17 3:39 p.m.•103 views

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Monitoring shipped with Tivoli Business Service Manager (CVE-2016-2183)

Summary IBM Tivoli Monitoring via the monitoring agent is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM Tivoli Monitoring has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin: IB...

7.5CVSS1.1AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•102 views

Security Bulletin: Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the IP Quorum feature on IBM Spectum Virtualize may lead to loss of confidentiality in private communications between the management GUI and clients. It is recommended that administrators upgrade to a fixed code level, request a new system certificate and redeploy the I...

5.9CVSS5.7AI score0.00554EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/28 1:48 a.m.•102 views

Security Bulletin: Vulnerability in SSLv3 affects IBM SAN b-type switches and directors (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SAN b-type switches and directors. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obta...

4.3CVSS3.3AI score0.99999EPSS
Exploits7Affected Software7
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 5:31 p.m.•102 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker...

7.5CVSS6.8AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/20 3:19 p.m.•102 views

Security Bulletin: This Power System update is being released to address CVE 2022-0778

Summary POWER9: In response to a security issue with network connections, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-0778. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of...

7.5CVSS7.8AI score0.70561EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/18 7:27 a.m.•102 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM WebSphere Application Server Liberty and OpenSSL (CVE-2022-2068, CVE-2022-2097, CVE-2022-22475)

Summary Vulnerabilities in IBM WebSphere Application Server Liberty and OpenSSL such as execution of arbitrary commands on the system, obtaining sensitive information, and identity spoofing may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow...

10CVSS8.5AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/05 7:13 p.m.•102 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS1.8AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/27 10:51 p.m.•102 views

Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks,brute force attack or execution of arbitrary code to get sensitive information, denial service condition, and other problems. Vulnerability...

9.8CVSS7.6AI score0.0598EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/19 6:43 p.m.•102 views

Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

10CVSS1.1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/21 7:47 p.m.•102 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Foundry Migration Runtime (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Cloud Foundry which is a component of IBM Cloud Foundry Migration Runtime. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code...

10CVSS0.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/21 5:17 a.m.•102 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Network Manager IP Edition (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Network Manager IP Edition to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/17 4:55 a.m.•102 views

Security Bulletin: Log4JShell Vulnerability affects Watson Knowledge Catalog InstaScan (CVE-2021-44228)

Summary There is a vulnerability in the version of Apache Log4j that was included in Watson Knowledge Catalog InstaScan. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.5AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/05/14 9:15 p.m.•102 views

Security Bulletin: Vulnerabilities in Apache HttpClient and Eclipse Jetty Affect IBM Control Center (CVE-2020-13956, CVE-2020-27218)

Summary Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request. Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is...

5.8CVSS0.8AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:50 a.m.•101 views

Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...

9.8CVSS9.6AI score0.02453EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/14 2:34 p.m.•101 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...

8.8CVSS9.5AI score0.8581EPSS
Exploits7Affected Software1
Total number of security vulnerabilities5000