Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:4 p.m.•101 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a remote attacker to obtain sensitive information, caused by storin...

8.6CVSS8.5AI score0.05524EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/16 11:6 a.m.•101 views

Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104

Summary Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-4104. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...

7.5CVSS1.8AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/24 1:36 p.m.•101 views

Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2021-3712)

Summary There is a vulnerability in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker cou...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/21 1:34 a.m.•101 views

Security Bulletin: IBM Watson Machine Learning Accelerator is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-4104, CVE-2021-44228, CVE-2021-45046)

Summary Apache Log4j CVE-2021-45105, CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 is used by IBM Watson Machine Learning Accelerator as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

10CVSS2.3AI score0.99999EPSS
Exploits356Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/02/01 8:1 p.m.•101 views

Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2020-1968, CVE-2020-1971)

Summary There are vulnerabilities in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerabilit...

5.9CVSS0.7AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/12/22 6:5 p.m.•101 views

Security Bulletin:Vulnerability in Diffie-Hellman ciphers affects Rational Synergy (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Synergy Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey ...

4.3CVSS0.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/17 10:31 p.m.•101 views

Security Bulletin: Vulnerability in SSLv3 affects IBM UrbanCode Deploy (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM UrbanCode Deploy. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follo...

4.3CVSS3.9AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/15 7:8 a.m.•101 views

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7679 CVE-2017-3169 CVE-2017-3167)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmim...

9.8CVSS0.7AI score0.39341EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/21 6:7 p.m.•100 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.

Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

9.8CVSS6.7AI score0.99019EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/10 11:31 p.m.•100 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2021-29469, CVE-2022-39160, CVE-2022-38708, CVE-2022-42003, CVE-2022-42004, CVE-2022-43883, CVE-2022-43887, CVE-2022-25647, CVE-2022-36364)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP6 where applicable. The following 3rd party components are used by IBM Cognos Analytics: Apache Calcite is a Java-based...

9.1CVSS9.6AI score0.1158EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/17 3:44 p.m.•100 views

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

9.8CVSS9.6AI score0.19312EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/25 10:12 p.m.•100 views

Security Bulletin: A vulnerability in OpenSSL affects IBM InfoSphere Information Server (CVE-2022-0778)

Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted...

7.5CVSS7.7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/21 7:50 p.m.•100 views

Security Bulletin: IBM Content Navigator is vulnerable to missing authorization.

Summary IBM Content Navigator is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. Vulnerability Details CVEID:CVE-2022-43581 DESCRIPTION: IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9,...

8.8CVSS8.1AI score0.00685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/17 12:2 p.m.•100 views

Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)

Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...

8.1CVSS8.3AI score0.77766EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/31 4:17 p.m.•100 views

Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages: openssl, pcre2 and Golang Go, that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-1962 DESCRIPTION: Golang Go is vulnerable to a denial of...

10CVSS9.3AI score0.95764EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/25 2:49 p.m.•100 views

Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 )

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-27780 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

8.1CVSS7.5AI score0.03453EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/23 7:48 p.m.•100 views

Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)

Summary Security vulnerabilities have been discovered in the NTP component of IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2013-5211 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntprequest.c. By sending a...

5CVSS6.8AI score0.97549EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/16 4:7 a.m.•100 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Security Access Manager for Enterprise Single Sign-On. Also the same vulnerability affects WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. This vulnerability h...

10CVSS1.3AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/16 10:4 p.m.•100 views

Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities in the OpenSSH libraries used on the appliance. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for...

7.8CVSS1.6AI score0.88944EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:44 a.m.•99 views

Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues

Summary Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are...

9.8CVSS10AI score0.98518EPSS
Exploits30Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/17 7:28 p.m.•99 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: A...

5.9CVSS6.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/06 1:29 p.m.•99 views

Security Bulletin: Vulnerability in sed ( CVE-2023-38280) affects Power HMC

Summary The command sed is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38280 DESCRIPTION: IBM HMC Hardware Management Console could allow a local user to escalate their privileges to root access on a restricted shell...

8.4CVSS8AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/04 8:31 p.m.•99 views

Security Bulletin: AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

Summary UPDATED May 4: Corrected the affected upper fileset levels for AIX 7.2 TL5 to show that SP06 is affected. Corrected the affected upper fileset levels for AIX 7.3 TL1 to show that SP02 is affected. Corrected the affected upper fileset levels for VIOS to show that VIOS 3.1.4.21 is affected...

7.8CVSS7.8AI score0.22791EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/28 7:40 a.m.•99 views

Security Bulletin: Multiple security vulnerabilities are reported for snakeyaml and jackson-databind in IBM Business Automation Workflow

Summary IBM Business Automation Workflow repackages the snakeyaml and jackson-databind open source libraries in /BPM/Lombardi/lib. Current vulnerabilities in these libraries have been assessed as not applicable in the context how the product uses these libraries. An update is made available to...

7.5CVSS7.6AI score0.02824EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/27 8:37 p.m.•99 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Apache Log4j CVE-2021-45046

Summary Automation Assets in IBM Cloud Pak for integration is vulnerable to CVE-2021-45046 with details below. Vulnerability Details CVEID:CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default...

10CVSS9.7AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 5:31 p.m.•99 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. CVEs: CVE-2022-22365, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. It also includes Java 8...

9.8CVSS8.1AI score0.19008EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/21 8:22 p.m.•99 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...

9.1CVSS7.9AI score0.02587EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/14 10:12 p.m.•99 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary An Apache Log4j CVE-2021-44832 vulnerability impacts IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.1. Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission t...

6.6CVSS7.9AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/03 8:7 p.m.•99 views

Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

9.8CVSS9.2AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/24 9:57 a.m.•99 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager ITNCM version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...

9.8CVSS1.1AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/30 10:45 a.m.•99 views

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the WebSphere Application Server WAS component. There is a separate security bulletin linked below that describes vulnerabilities CVE-2021-4104, CVE-2021-45046 in the Apache Log4j library as...

10CVSS1.6AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/22 12:3 a.m.•99 views

Security Bulletin: Vulnerabilities in Apache log4j2 (CVE-2021-4104, CVE-2021-44228, CVE-2021-45046) affect IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA

Summary There are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA. IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a...

10CVSS1.5AI score0.99999EPSS
Exploits354Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2020/10/07 10:53 p.m.•99 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-13934 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after...

9.8CVSS0.4AI score0.99019EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/10/18 3:50 a.m.•99 views

Security Bulletin: IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol

Summary The IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol. Vulnerability Details CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weake...

7.5CVSS0.7AI score0.7809EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/17 10:31 p.m.•99 views

Security Bulletin: IBM Worklight is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL might allow a remote attacker to obtain sensitive information, which is caused by an error in the TLS/DTLS heartbeat functionality. An attacker might exploit this...

7.5CVSS0.2AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 2:57 a.m.•98 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...

9.8CVSS9AI score0.9986EPSS
Exploits6Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/11 7:26 p.m.•98 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...

8.1CVSS9.8AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•98 views

Security Bulletin: Vulnerability in httpd (CVE-2024-27316) affects Power HMC

Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that...

7.5CVSS6.9AI score0.91327EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/11 6:52 a.m.•98 views

Security Bulletin: Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to code execution [CVE-2022-42889]

Summary Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote attacker to execute arbitrary code on the system...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/19 12:39 p.m.•98 views

Security Bulletin: Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Google Guava CVE-2020-8908 and CVE-2018-10237. The fix includes Google Guava upgraded to guava-30.0-jre. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions,...

5.9CVSS6.1AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/14 2:32 p.m.•98 views

Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833)

Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details CVEID: CVE-2017-17833 Description: OpenSLP, as used in...

9.8CVSS9.2AI score0.0389EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/03 7:34 a.m.•98 views

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of...

9.8CVSS9.3AI score0.99615EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•98 views

Security Bulletin: Vulnerabilities in the Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)

Summary There are vulnerabilities in Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system, cause the application to crash, or cau...

9.8CVSS9.6AI score0.10238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/09 11:12 p.m.•98 views

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure (CVE-2021-38924)

Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2021-38924 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to obtain sensitive information whe...

7.5CVSS6.2AI score0.00825EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 11:4 a.m.•98 views

Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]

Summary IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons CVE-2022-42889 and CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.9AI score0.99931EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/28 6:58 a.m.•98 views

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing

Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...

10CVSS9.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/09 5:51 p.m.•98 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect IBM Spectrum Copy Data Management

Summary Linux Kernel vulnerabilities, such as obtaining sensitive information, bypassing security restrictions, denial of service, elevation of privileges, and execution of arbitrary code on the system, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2022-0850...

7.8CVSS8.6AI score0.06846EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/05 2:49 p.m.•98 views

Security Bulletin: IBM Content Integrator is not affected by multiple vulnerabilities in Log4j

Summary There are multiple vulnerabilities in Log4j used by IBM Content Integrator. IBM Content Integrator is not affected by these vulnerabilities. However, the team has addressed vulnerabilities by removing references. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...

10CVSS1.4AI score0.99999EPSS
Exploits356Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/02 2:54 p.m.•98 views

Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)

Summary IBM Rational Build Forge version 8.0 - 8.0.0.20 is affected by CVE-2021-44790 Vulnerability Details CVEID: CVE-2021-44790 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the modlua multipart parser called from Lua scripts. By sendi...

9.8CVSS1.5AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/22 8:54 p.m.•98 views

Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling Connect:Direct File Agent (CVE-2021-45046, CVE-2021-45105)

Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a...

10CVSS0.9AI score0.99999EPSS
Exploits355Affected Software1
Total number of security vulnerabilities5000