Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.98 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Sterling Connect:Direct Browser (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Sterling Connect:Direct Browser. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure...

4.3CVSS0.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/11 3:45 p.m.98 views

Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925

Summary Multiple vulnerabilities in the Linux Kernel such as denial of service, elevation of privileges, execution of arbitrary code on the system, and the ability to obtain sensitive information affect IBM Spectrum Protect Plus. UPDATED: 11 September 2019 to add CVE-2019-15925 Vulnerability...

7.8CVSS1AI score0.98745EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:26 a.m.97 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

10CVSS10AI score0.42993EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 6:20 p.m.97 views

Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-24795 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by a flaw in multip...

7.3CVSS6.5AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 5:28 p.m.97 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2023-44487]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described ...

7.5CVSS7.6AI score0.99999EPSS
Exploits19Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:31 p.m.97 views

Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Spectre variants 4 and 3a (CVE-2018-3639 CVE-2018-3640)

Summary IBM has released the following Unified Extensible Firmware Interface UEFI fixes for System x, Flex and BladeCenter systems in response to the vulnerabilities referred to as Spectre variants 4 and 3a. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU''s could allow...

6.4CVSS0.2AI score0.60631EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 5:35 p.m.97 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)

Summary IBM has addressed both CVEs. Vulnerability Details CVEID: CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/01 7:56 p.m.97 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2023

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF024 and 23.0.1-IF002. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service,...

9.8CVSS9.6AI score0.99019EPSS
Exploits31Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 6:37 p.m.97 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server,...

7.5CVSS7.6AI score0.03465EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/21 5:28 p.m.97 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)

Summary IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. Vulnerability Details CVEID:CVE-2022-22483 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,...

6.5CVSS6.4AI score0.0084EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:26 a.m.97 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.9

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.9 and IBM WebSphere Application Server Hypervisor 8.0.0.9 Vulnerability Details CVE ID:CVE-2013-6323 PI04777 and PI04880 DESCRIPTION: The Administration Console of IBM WebSphere Application...

8.5CVSS8.5AI score0.83175EPSS
Exploits13Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:9 a.m.97 views

Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1788)

Summary Denial of service in GSKit may affect IBM HTTP Server, if using SSL with IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processi...

4.3CVSS6.3AI score0.23222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/25 3:18 p.m.97 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server -- CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. This has been addressed Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP...

9.8CVSS9AI score0.19008EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/26 7:33 a.m.97 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Control (CVE-2022-1292)

Summary A vulnerability in OpenSSL could allow an attacker to execute arbitrary commands on the system. This vulnerability may affect IBM Spectrum Control due to its use of OpenSSL in the Storage Resource Agent component and XIV storage probe. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTIO...

10CVSS2.6AI score0.83223EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 3:46 p.m.97 views

Security Bulletin: IBM DataPower Gateway affected by vulnerability in JRE

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors...

5.3CVSS1.9AI score0.06218EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 11:35 a.m.97 views

Security Bulletin: Log4j vulnerability affects IBM Cloud Pak for Data System 2.0

Summary Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerability, CVE-2021-44228. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitra...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/29 7:33 p.m.97 views

Security Bulletin: Vulnerability in IBM HTTP Server used by WebSphere Application Server

Summary There is a vulnerability in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function...

9.8CVSS0.5AI score0.36339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.97 views

Security Bulletin: Vulnerability in SSL affects IBM DataPower Gateways (CVE-2016-8610)

Summary An SSL vulnerability was disclosed by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL...

7.5CVSS1.3AI score0.39657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/20 6:44 a.m.97 views

Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1

Summary This interim fix provides instructions on upgrading third parity libraries in IBM Spectrum Symphony 7.3.1 in order to address security vulnerabilities CVE-2015-6420, CVE-2019-1311, CVE-2015-4852, CVE-2017-15708, CVE-2015-7501, CVE-2017-18214, CVE-2016-1000027, CVE-2019-8331, CVE-2016-7103...

10CVSS1.5AI score0.99019EPSS
Exploits59Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/09 7:25 p.m.97 views

Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...

6.9CVSS0.6AI score0.99019EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.97 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling Connect:Direct for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS0.6AI score0.74006EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/12 8:53 p.m.97 views

Security Bulletin: IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management web user interface vulnerable to authentication bypass and clickjacking (CVE-2020-4494, CVE-2020-4406)

Summary The web user interface provided by the IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management is vulnerable to authentication bypass and a clickjacking attack. Vulnerability Details CVEID: CVE-2020-4494 DESCRIPTION: The IBM Spectrum Protect Backup-Archive Client web use...

7.5CVSS1.6AI score0.02229EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/20 12:42 p.m.97 views

Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ

Summary Multiple vulnerabilities in bundled software packages affect IBM StoredIQ. IBM StoredIQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2009-0217 DESCRIPTION: The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products...

9.8CVSS2.4AI score0.95821EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.97 views

Security Bulletin: Vulnerability in RC4 stream cipher affects TS4500 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects TS4500. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS1.8AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:9 p.m.97 views

Security Bulletin: Vulnerability in SSLv3 affects IBM eDiscovery Analyzer (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM eDiscovery Analyzer Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

4.3CVSS0.6AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.96 views

Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

Summary IBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following vulnerabilities in NTP. Vulnerability Details Summary IBM Flex...

7.5CVSS6.9AI score0.44936EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 8:41 p.m.97 views

Security Bulletin: There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-36033)

Summary There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

6.1CVSS6.3AI score0.01208EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 2:44 a.m.96 views

Security Bulletin: IBM Aspera Faspex 5.0.3 and earlier versions were vulnerable to denial of service due to a zlib vulnerability (CVE-2018-25032)

Summary The following vulnerability has been addressed in IBM Aspera Faspex V5.0.4. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could...

7.5CVSS7.8AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:12 a.m.96 views

Security Bulletin: Four (4) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems ( CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, and CVE-2014-3568)

Summary OpenSSL is a toolkit that implements the Secure Sockets Layer SSL, Transport Layer Security TLS, and Datagram Transport Layer Security DTLS protocols which is used by IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems. OpenSSL had a vulnerability which allowed forceful downgrad...

7.1CVSS4AI score0.99999EPSS
Exploits7Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 3:25 p.m.96 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2022-43929, CVE-2022-43927, CVE-2014-3577, CVE-2022-43930 Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.2AI score0.09149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 10:25 a.m.96 views

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2022

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF016 and 22.0.1-IF006. Vulnerability Details CVEID:CVE-2017-10355 DESCRIPTION: An unspecified vulnerability in Oracle Java S...

9.8CVSS8.4AI score0.16181EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 7:0 p.m.96 views

Security Bulletin: CVE-2020-8203

Summary Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20. Vulnerability Details CVEID: CVE-2020-8203 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability usi...

7.4CVSS1.3AI score0.05213EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 9:50 p.m.96 views

Security Bulletin: IBM Copy Services Manager is vulnerable to remote attack vulnerabilities due to IBM WebSphere Application Server Liberty multiple vulnerabilities.

Summary IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Websphere Application Server Liberty. IBM Websphere Application Server Liberty is used by IBM Copy Services Manager to serve application content. The following vulnerabilities have been...

9.8CVSS1.6AI score0.42326EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/04 6:53 p.m.96 views

Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation

Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2017-0247 DESCRIPTION: Microsoft ASP.NET Core is vulnerable to a denial of service, caused by improper validation of web requests in the TextEncoder.EncodeCore function. ...

9.8CVSS0.8AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 2:42 a.m.96 views

Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Conductor is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is used by IBM Spectrum Conductor for generating logs in some of its components such as ELK, ascd, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution CVE-2021-44832 and CVE-2021-45046 and denial of service...

10CVSS7.8AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 12:6 a.m.96 views

Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)

Summary Apache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial ...

10CVSS1.2AI score0.99999EPSS
Exploits357Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:34 a.m.96 views

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple perl vulnerabilities (CVE-2016-1238, CVE-2016-2381, CVE-2015-8853)

Summary Multiple vulnerabilities have been identified in perl that is embedded in the IBM FSM. This fix addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2016-1238 DESCRIPTION: Perl could allow a local attacker to gain elevated privileges on the system, caused by an error when...

7.8CVSS0.9AI score0.09007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:5 a.m.95 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary IBM Cognos Analytics is affected by vulnerabilities in IBM WebSphere Application Server Liberty and Open-Source Software OSS. Issues related to these components have been addressed by upgrading or removing the vulnerable libraries. Additionally, a cross-site scripting XSS vulnerability ha...

9.8CVSS10AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:48 a.m.95 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in t...

8.7CVSS9.7AI score0.12966EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 6:15 p.m.95 views

Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH and Linux. Vulnerabilities include, causing a denial-of-service condition, the elevation of privileges, remote execution of arbitrary code, HTTP header injection, HTML injection,...

9.8CVSS10AI score0.91969EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 12:4 a.m.95 views

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2024-27260. Vulnerability Details CVEID:CVE-2024-27260 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...

8.4CVSS8.5AI score0.0023EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/10 2:9 p.m.95 views

Security Bulletin: AIX is vulnerable to denial of service vulnerabilities

Summary UPDATED: Additional iFixes are now available for AIX 7.2 TL5 SP5, 7.3 TL0 SP2, 7.3 TL0 SP3, 7.3 TL1 SP1, and VIOS 3.1.3.21, 3.1.3.30, and 3.1.4.10. Both the original and new iFixes address the kernel security vulnerabilities mentioned in the bulletin, but the new iFixes also address the...

6.2CVSS6AI score0.00168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:22 p.m.95 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]

Summary Vulnerability in Apache Commons Collections library shipped with IBM Sterling Global Mailbox has been addressed. CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID:CVE-2015-6420 DESCRIPTION: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint...

9.8CVSS8.3AI score0.18763EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 5:53 p.m.95 views

Security Bulletin: Python Packaging Authority (PyPA) Wheel is vulnerable to CVE-2022-40898 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Python Packaging Authority PyPA Wheel which is vulnerable to CVE-2022-40898. Vulnerability Details CVEID:CVE-2022-40898 DESCRIPTION: Python Packaging Authority PyPA Wheel is vulnerable to a denial of service. A remote attacker could exploit this...

7.5CVSS7.3AI score0.02659EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 8:42 p.m.95 views

Security Bulletin: Multiple Vulnerabilities in Json4j Affects Watson Machine Learning Accelerator

Summary Watson Machine Learning Accelerator is affected by multiple json4j CVEs CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541, CVE-2022-45690, CVE-2022-46175, CVE-2022-4742. We fixed by removing json4j. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS7.1AI score0.09304EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 8:49 p.m.95 views

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability ( CVE-2022-31813)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded- headers to the origin...

9.8CVSS9.6AI score0.0314EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/29 6:26 a.m.95 views

Security Bulletin: IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]

Summary Synthetic Playback Agent version 8.1.4 IF17 has addressed the following vulnerability: CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 12:45 p.m.95 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)

Summary A buffer overflow issue was identified with OpenSSL, which IBM MQ 9.3.0 LTS on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which i...

7.5CVSS8.4AI score0.91153EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.95 views

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, CVE-2017-3736, CVE-2017-3732, CVE-2016-0705, and CVE-2018-1447 have been discovered in GSKit used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION:...

10CVSS9AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.95 views

Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the...

10CVSS1.3AI score0.49727EPSS
Exploits13Affected Software1
Total number of security vulnerabilities5000