Lucene search
K
IbmMost viewed

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/02 5:53 p.m.•95 views

Security Bulletin: Python Packaging Authority (PyPA) Wheel is vulnerable to CVE-2022-40898 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Python Packaging Authority PyPA Wheel which is vulnerable to CVE-2022-40898. Vulnerability Details CVEID:CVE-2022-40898 DESCRIPTION: Python Packaging Authority PyPA Wheel is vulnerable to a denial of service. A remote attacker could exploit this...

7.5CVSS7.3AI score0.02659EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•95 views

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2015-6563 and CVE-2015-6564 could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an...

6.9CVSS7.5AI score0.00599EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 5:31 p.m.•95 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j

Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fr...

10CVSS10AI score0.99999EPSS
Exploits358Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/29 6:26 a.m.•95 views

Security Bulletin: IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]

Summary Synthetic Playback Agent version 8.1.4 IF17 has addressed the following vulnerability: CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/04 12:45 p.m.•95 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)

Summary A buffer overflow issue was identified with OpenSSL, which IBM MQ 9.3.0 LTS on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which i...

7.5CVSS8.4AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/08/19 4:20 p.m.•95 views

Security Bulletin: IBM Content Navigator is vulnerable to a denial of service vulnerabilty.

Summary IBM Content Navigator has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open ...

7.5CVSS2.3AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/18 4:10 p.m.•95 views

Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)

Summary Vulnerability in sendmail could allow a remote attacker to spoof an email CVE-2023-51765. Vulnerability Details CVEID:CVE-2023-51765 DESCRIPTION: Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a specially...

5.3CVSS5.7AI score0.01073EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/02/28 9:30 p.m.•94 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 8 Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart form data with many fields. By...

7.5CVSS10AI score0.02761EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/31 10:37 a.m.•94 views

Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities

Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...

9.8CVSS9.7AI score0.44824EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/22 5:20 p.m.•94 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

7.5CVSS7.6AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/05 1:43 p.m.•94 views

Security Bulletin: There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577)

Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading Style Sheets CSS content. A remote...

6.1CVSS6.6AI score0.01282EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/09 4:17 p.m.•94 views

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions (CVE-2022-46774)

Summary Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions. Vulnerability Details CVEID:CVE-2022-46774 DESCRIPTION: IBM Manage Application in the IBM Maximo Applicaiton Suite is vulnerable to incorrect default permission...

6.5CVSS5.8AI score0.00334EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:30 p.m.•94 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-42252

Summary There is a vulnerability in Apache Tomcat that could allow an attacker to execute XSS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache...

7.5CVSS7.5AI score0.01448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/25 3:18 p.m.•94 views

Security Bulletin: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. (CVE-2022-31772)

Summary IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. Vulnerability Details CVEID:CVE-2022-31772 DESCRIPTION: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. CVSS Base score: 5....

6.5CVSS5.9AI score0.0071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/30 11:2 p.m.•94 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2016-1000023 DESCRIPTION: Minimatch is vulnerable to a denial of service, caused...

8.8CVSS9.3AI score0.02607EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 2:7 p.m.•94 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is vulnerable to execute arbitrary commands due to OpenSSL (CVE-2022-1292)

Summary There is a vulnerability in the OpenSSL library used by IBM Sterling Connect:Direct for UNIX Container. IBM Sterling Connect:Direct for UNIX Container has addressed the applicable issue by upgrading OpenSSL to 1.1.1k. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION: OpenSSL could...

9.7AI score0.83223EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/10 10:57 a.m.•94 views

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Control (CVE-2021-45105, CVE-2021-45046)

Summary There are two vulnerabilities in Apache Log4j: denial of service CVE-2021-45105 and remote code execution CVE-2021-45046. These vulnerabilities may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation. The fix includes Apache...

10CVSS7.6AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/07/02 9:51 a.m.•94 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 22 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs. Vulnerability...

9CVSS0.5AI score0.07215EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2020/10/06 8:44 p.m.•94 views

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-16871 DESCRIPTION: A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS...

7.5CVSS0.4AI score0.02779EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/07/30 1:47 p.m.•94 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. Vulnerability Details CVEID: CVE-2010-5312 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the...

9.1CVSS0.6AI score0.2258EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/07/10 8:34 a.m.•94 views

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearCase (CVE-2015-1788)

Summary GSKit is an IBM component that is used by IBM Rational ClearCase. The GSKit that is shipped with IBM Rational ClearCase contains a security vulnerability. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerabl...

4.3CVSS6.9AI score0.23222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/29 2:39 a.m.•93 views

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5 Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This...

10CVSS10AI score0.06975EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 2:56 a.m.•93 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF036 and 24.0.0-IF002. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

9.8CVSS10AI score0.99957EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/20 4:51 p.m.•93 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM...

9.1CVSS9.3AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/04 4:10 p.m.•93 views

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Tivoli Monitoring (ITM) components is vulnerable to a local authenticated attacker to bypass security restrictions.

Summary A vulnerabilitiy in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2024-3933 Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions,...

7.3CVSS6.3AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/24 7:1 p.m.•93 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

9.8CVSS9.9AI score0.76768EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/18 4:40 p.m.•93 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924)

Summary A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2022-3094, CVE-2022-3736, CVE-2022-3924. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2022-3094 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused ...

7.5CVSS7.9AI score0.5017EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/13 8:19 p.m.•93 views

Security Bulletin: AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient (CVE-2012-5783)

Summary A vulnerability in Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks CVE-2012-5783. AIX ships Apache Commons HttpClient as part of Electronic Customer Care. Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazo...

5.8CVSS6.9AI score0.09254EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/17 5:23 p.m.•93 views

Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-43382)

Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Corrected the affected upper fileset levels for AIX 7.3 TL0 to show that SP03 is affected. Added iFixes for 7.1 TL5 SP10 and 7.3 TL0 SP03. A vulnerability in the AIX lpd printer daemo...

6.2CVSS5.5AI score0.00179EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/02 5:34 p.m.•93 views

Security Bulletin: A vulnerability in Open JDK affecting Rational Functional Tester

Summary A vulnerability in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker...

5.3CVSS5.2AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:43 p.m.•93 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining and could allow a local attacker to execute arbitrary code on the system (CVE-2022-22965)

Summary There is a vulnerability in Spring Framework that could allow a local attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. The product is in an affected but not vulnerab...

9.8CVSS8.9AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/04 7:55 p.m.•93 views

Security Bulletin: A vulnerability in nginx may affect IBM Robotic Process Automation for Cloud Pak resulting in a denial of service (CVE-2022-41741, CVE-2022-41742)

Summary There is a vulnerability in nginx used by IBM Robotic Process Automation for Cloud Pak as part of the container ingress controller that may result in a denial of service. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...

7.8CVSS7AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/18 11:23 a.m.•93 views

Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-27928

Summary Summary guidance: A remote code execution issue was discovered in MariaDB in the version PowerVC ships. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotifycmd. Vulnerability Details CVEID:...

9CVSS8AI score0.38179EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/27 3:54 a.m.•93 views

Security Bulletin:IBM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Modeler which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS1.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/01/31 1:20 a.m.•93 views

Security Bulletin: IBM System Networking RackSwitch G8264CS and IBM Flex System Interconnect Fabric are affected by the following OpenSSL vulnerability: CVE-2014-0224

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details This Bulletin has been moved to the following document.Security Bulletin: IBM System Networking switches that are affected by the OpenSSL vulnerability...

7.4CVSS2.7AI score0.95326EPSS
Exploits9
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 4:2 a.m.•92 views

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest IBM Security Verify Governance release. Vulnerability Details CVEID:CVE-2023-33840 DESCRIPTION: IBM Security Verify Governance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

9.8CVSS9.7AI score0.17699EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/30 5:46 p.m.•92 views

Security Bulletin: Vulnerabilities in OpenSSL may affect IBM Spectrum Protect Plus (CVE-2022-3602, CVE-2022-3786)

Summary The vulnerabilities in OpenSSL affecting IBM Spectrum Protect Plus are also impating the component IBM Spectrum Protect Plus Db2 Agent. Please refer to the Security Bullentin for IBM Spectrum Protect Plus: https://www.ibm.com/support/pages/node/6965816 Vulnerability Details...

7.5CVSS8.5AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/28 1:31 a.m.•92 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors and IBM Network Advisor (CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704, CVE-2016-0704, CVE-2016-2842).

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors and IBM Network Advisor. IBM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705DESCRIPTION: OpenSSL is vulnerable to a denial...

10CVSS7.8AI score0.53655EPSS
Exploits2Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/13 1:10 p.m.•92 views

Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site...

9.8CVSS9.3AI score0.06451EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 8:5 p.m.•92 views

Security Bulletin: Vulnerability in minimatch affects IBM Process Mining . CVE-2022-3517

Summary There is a vulnerability in minimatch that could allow a remote attacker to cause a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatc...

7.5CVSS8.5AI score0.01674EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/27 8:6 p.m.•92 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-35255, CVE-2022-35256. Node-tar is a full function tar library for node.js CVE-2018-20834. Swagger UI is used to visualize and interact wit...

9.8CVSS9.9AI score0.78666EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 9:6 p.m.•92 views

Security Bulletin: IBM Intelligent Operations Center 1.5 WebSphere Application Server - Oracle Java CPU April 2013

Abstract The Java vulnerabilities identified in the April 2013 Oracle Java security alert need to be fixed in IBM Intelligent Operations Center 1.5. The procedures in this security bulletin identify appropriate IBM patches for these Java vulnerabilities and directs how to apply them. No reference...

10CVSS8.9AI score0.87227EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 3:28 p.m.•92 views

Security Bulletin: Vulnerability have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-45105, CVE-2021-44832)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details...

8.7AI score0.99999EPSS
Exploits22Affected Software6
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/18 9:26 p.m.•92 views

Security Bulletin: IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses

Summary Docker CLI CVE-2021-41092 is vulnerable to attacks to obtain sensitive information. Docker CLI is used by IBM Spectrum Discover as part to the infrastructure to manage the images and containers in the system. Apache Log4j CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 is...

9.8CVSS8.8AI score0.81147EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/29 11:37 p.m.•92 views

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary There are multiple vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. These vulnerabilities include elevation of privileges, obtaining sensitive information, denial of service, execution of arbitrary code on the system, bypassing security restrictions, and buffer...

8.8CVSS0.9AI score0.88106EPSS
Exploits134Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/18 4:46 a.m.•92 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service

Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager TADDM and is vulnerable to a denial of service CVE-2021-35550, CVE-35603. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

7.1CVSS0.8AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/12 6:17 p.m.•92 views

Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).

Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, cause...

6.5CVSS7.1AI score0.35834EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/04 4:0 p.m.•92 views

Security Bulletin: Vulnerability in the AIX kernel (CVE-2021-38988)

Summary There is a vulnerability in the AIX pfcdd kernel extension. Vulnerability Details CVEID: CVE-2021-38988 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...

6.2CVSS5.3AI score0.00217EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/08 10:56 p.m.•92 views

Security Bulletin: IBM OpenPages with Watson is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-17571)

Summary There is a vulnerability in the Apache Log4j open source library CVE-2019-17571 used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. The remediation fix includes Apache Log4j v2.17. Vulnerability Details CVEID:CVE-2019-17571 DESCRIPTION: Apache Log4j could...

9.8CVSS7.5AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/14 9:11 p.m.•92 views

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) bundled with Predictive Maintenance and Quality and Predictive Maintenance Insights

Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Vulnerabilities have been identified in Apache Log4j which affect WebSphere Application Server CVE-2021-44228. The recommended solution is to manually...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
Total number of security vulnerabilities5000