Lucene search
K
IbmMost viewed

35715 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 6:43 p.m.102 views

Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

10CVSS1.1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 7:47 p.m.102 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Foundry Migration Runtime (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Cloud Foundry which is a component of IBM Cloud Foundry Migration Runtime. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code...

10CVSS0.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:17 a.m.102 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Network Manager IP Edition (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Network Manager IP Edition to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/14 9:15 p.m.102 views

Security Bulletin: Vulnerabilities in Apache HttpClient and Eclipse Jetty Affect IBM Control Center (CVE-2020-13956, CVE-2020-27218)

Summary Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request. Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is...

5.8CVSS0.8AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:50 a.m.101 views

Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...

9.8CVSS9.6AI score0.02453EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 2:34 p.m.101 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...

8.8CVSS9.5AI score0.8581EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.101 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. CVEs: CVE-2022-22365, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. It also includes Java 8...

9.8CVSS8.1AI score0.19008EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.101 views

Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)

Summary Security vulnerabilities have been discovered in the NTP component of IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2013-5211 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntprequest.c. By sending a...

5CVSS6.8AI score0.97549EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/24 1:36 p.m.101 views

Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2021-3712)

Summary There is a vulnerability in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker cou...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/01 8:1 p.m.101 views

Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2020-1968, CVE-2020-1971)

Summary There are vulnerabilities in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerabilit...

5.9CVSS0.7AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 6:5 p.m.101 views

Security Bulletin:Vulnerability in Diffie-Hellman ciphers affects Rational Synergy (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Synergy Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey ...

4.3CVSS0.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.101 views

Security Bulletin: Vulnerability in SSLv3 affects IBM UrbanCode Deploy (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM UrbanCode Deploy. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follo...

4.3CVSS3.9AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.101 views

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7679 CVE-2017-3169 CVE-2017-3167)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmim...

9.8CVSS0.7AI score0.39341EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/17 7:28 p.m.100 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: A...

5.9CVSS6.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/03 7:34 a.m.100 views

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of...

9.8CVSS9.3AI score0.99615EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 6:7 p.m.100 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.

Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

9.8CVSS6.7AI score0.99019EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 7:40 a.m.100 views

Security Bulletin: Multiple security vulnerabilities are reported for snakeyaml and jackson-databind in IBM Business Automation Workflow

Summary IBM Business Automation Workflow repackages the snakeyaml and jackson-databind open source libraries in /BPM/Lombardi/lib. Current vulnerabilities in these libraries have been assessed as not applicable in the context how the product uses these libraries. An update is made available to...

7.5CVSS7.6AI score0.02824EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 3:44 p.m.100 views

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

9.8CVSS9.6AI score0.19312EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 10:12 p.m.100 views

Security Bulletin: A vulnerability in OpenSSL affects IBM InfoSphere Information Server (CVE-2022-0778)

Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted...

7.5CVSS7.7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/21 7:50 p.m.100 views

Security Bulletin: IBM Content Navigator is vulnerable to missing authorization.

Summary IBM Content Navigator is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. Vulnerability Details CVEID:CVE-2022-43581 DESCRIPTION: IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9,...

8.8CVSS8.1AI score0.00685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 12:2 p.m.100 views

Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)

Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...

8.1CVSS8.3AI score0.77766EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 5:51 p.m.100 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect IBM Spectrum Copy Data Management

Summary Linux Kernel vulnerabilities, such as obtaining sensitive information, bypassing security restrictions, denial of service, elevation of privileges, and execution of arbitrary code on the system, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2022-0850...

7.8CVSS8.6AI score0.06846EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 4:7 a.m.100 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Security Access Manager for Enterprise Single Sign-On. Also the same vulnerability affects WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. This vulnerability h...

10CVSS1.3AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.100 views

Security Bulletin: IBM Worklight is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL might allow a remote attacker to obtain sensitive information, which is caused by an error in the TLS/DTLS heartbeat functionality. An attacker might exploit this...

7.5CVSS0.2AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:4 p.m.100 views

Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities in the OpenSSH libraries used on the appliance. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for...

7.8CVSS1.6AI score0.88944EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 8:50 a.m.99 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may terminate under certain conditions (CVE-2025-36009)

Summary IBM® Db2® is vulnerable to a denial of service due to excessive use of a global variable. Vulnerability Details CVEID:CVE-2025-36009 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive...

6.5CVSS5.5AI score0.00339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:44 a.m.99 views

Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues

Summary Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are...

9.8CVSS10AI score0.98518EPSS
Exploits30Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 5:28 p.m.99 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2023-44487]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described ...

7.5CVSS7.6AI score0.99999EPSS
Exploits19Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 1:29 p.m.99 views

Security Bulletin: Vulnerability in sed ( CVE-2023-38280) affects Power HMC

Summary The command sed is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38280 DESCRIPTION: IBM HMC Hardware Management Console could allow a local user to escalate their privileges to root access on a restricted shell...

8.4CVSS8AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/04 8:31 p.m.99 views

Security Bulletin: AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

Summary UPDATED May 4: Corrected the affected upper fileset levels for AIX 7.2 TL5 to show that SP06 is affected. Corrected the affected upper fileset levels for AIX 7.3 TL1 to show that SP02 is affected. Corrected the affected upper fileset levels for VIOS to show that VIOS 3.1.4.21 is affected...

7.8CVSS7.8AI score0.22791EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/19 12:39 p.m.99 views

Security Bulletin: Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Google Guava CVE-2020-8908 and CVE-2018-10237. The fix includes Google Guava upgraded to guava-30.0-jre. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions,...

5.9CVSS6.1AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 8:37 p.m.99 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Apache Log4j CVE-2021-45046

Summary Automation Assets in IBM Cloud Pak for integration is vulnerable to CVE-2021-45046 with details below. Vulnerability Details CVEID:CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default...

10CVSS9.7AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.99 views

Security Bulletin: Vulnerabilities in the Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)

Summary There are vulnerabilities in Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system, cause the application to crash, or cau...

9.8CVSS9.6AI score0.10238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 11:4 a.m.99 views

Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]

Summary IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons CVE-2022-42889 and CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.9AI score0.99931EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 8:22 p.m.99 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...

9.1CVSS7.9AI score0.02587EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:12 p.m.99 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary An Apache Log4j CVE-2021-44832 vulnerability impacts IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.1. Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission t...

6.6CVSS7.9AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 8:7 p.m.99 views

Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

9.8CVSS9.2AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 9:57 a.m.99 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager ITNCM version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...

9.8CVSS1.1AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/30 10:45 a.m.99 views

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the WebSphere Application Server WAS component. There is a separate security bulletin linked below that describes vulnerabilities CVE-2021-4104, CVE-2021-45046 in the Apache Log4j library as...

10CVSS1.6AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 12:3 a.m.99 views

Security Bulletin: Vulnerabilities in Apache log4j2 (CVE-2021-4104, CVE-2021-44228, CVE-2021-45046) affect IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA

Summary There are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA. IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a...

10CVSS1.5AI score0.99999EPSS
Exploits354Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 10:53 p.m.99 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-13934 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after...

9.8CVSS0.4AI score0.99019EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:50 a.m.99 views

Security Bulletin: IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol

Summary The IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol. Vulnerability Details CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weake...

7.5CVSS0.7AI score0.7809EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:57 a.m.98 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...

9.8CVSS9AI score0.9986EPSS
Exploits6Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/11 7:26 p.m.98 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...

8.1CVSS9.8AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.98 views

Security Bulletin: Vulnerability in httpd (CVE-2024-27316) affects Power HMC

Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that...

7.5CVSS6.9AI score0.91327EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 6:52 a.m.98 views

Security Bulletin: Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to code execution [CVE-2022-42889]

Summary Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote attacker to execute arbitrary code on the system...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.98 views

Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833)

Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in OpenSLP. Vulnerability Details CVEID: CVE-2017-17833 Description: OpenSLP, as used in...

9.8CVSS9.2AI score0.0389EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/09 11:12 p.m.98 views

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure (CVE-2021-38924)

Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2021-38924 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to obtain sensitive information whe...

7.5CVSS6.2AI score0.00825EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/28 6:58 a.m.98 views

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing

Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...

10CVSS9.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/25 3:18 p.m.98 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server -- CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. This has been addressed Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP...

9.8CVSS9AI score0.19008EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000