Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2021/09/30 4:9 p.m.•95 views

Security Bulletin: Multiple vulnerabilities in Bouncy Castle Java Cryptography affect IBM Tivoli Business Manager

Summary Bouncy Castle Java Cryptography is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Bouncy Castle Java Cryptography has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-5382 DESCRIPTION: Bouncy Castle...

10CVSS6.7AI score0.35584EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/08/19 4:20 p.m.•95 views

Security Bulletin: IBM Content Navigator is vulnerable to a denial of service vulnerabilty.

Summary IBM Content Navigator has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open ...

7.5CVSS2.3AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:18 a.m.•94 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...

9.8CVSS10AI score0.41611EPSS
Exploits7Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/18 4:10 p.m.•95 views

Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)

Summary Vulnerability in sendmail could allow a remote attacker to spoof an email CVE-2023-51765. Vulnerability Details CVEID:CVE-2023-51765 DESCRIPTION: Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a specially...

5.3CVSS5.7AI score0.01073EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/02/28 9:30 p.m.•94 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 8 Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart form data with many fields. By...

7.5CVSS10AI score0.02761EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/22 5:20 p.m.•94 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

7.5CVSS7.6AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/09 4:17 p.m.•94 views

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions (CVE-2022-46774)

Summary Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions. Vulnerability Details CVEID:CVE-2022-46774 DESCRIPTION: IBM Manage Application in the IBM Maximo Applicaiton Suite is vulnerable to incorrect default permission...

6.5CVSS5.8AI score0.00334EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•94 views

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2015-6563 and CVE-2015-6564 could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an...

6.9CVSS7.5AI score0.00599EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:30 p.m.•94 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-42252

Summary There is a vulnerability in Apache Tomcat that could allow an attacker to execute XSS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache...

7.5CVSS7.5AI score0.01448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/25 3:18 p.m.•94 views

Security Bulletin: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. (CVE-2022-31772)

Summary IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. Vulnerability Details CVEID:CVE-2022-31772 DESCRIPTION: IBM MQ could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. CVSS Base score: 5....

6.5CVSS5.9AI score0.0071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 5:31 p.m.•94 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j

Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fr...

10CVSS10AI score0.99999EPSS
Exploits358Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/30 11:2 p.m.•94 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2016-1000023 DESCRIPTION: Minimatch is vulnerable to a denial of service, caused...

8.8CVSS9.3AI score0.02593EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 2:7 p.m.•94 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is vulnerable to execute arbitrary commands due to OpenSSL (CVE-2022-1292)

Summary There is a vulnerability in the OpenSSL library used by IBM Sterling Connect:Direct for UNIX Container. IBM Sterling Connect:Direct for UNIX Container has addressed the applicable issue by upgrading OpenSSL to 1.1.1k. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION: OpenSSL could...

9.7AI score0.83223EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/10 10:57 a.m.•94 views

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Control (CVE-2021-45105, CVE-2021-45046)

Summary There are two vulnerabilities in Apache Log4j: denial of service CVE-2021-45105 and remote code execution CVE-2021-45046. These vulnerabilities may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation. The fix includes Apache...

10CVSS7.6AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/07/02 9:51 a.m.•94 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 22 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs. Vulnerability...

9CVSS0.5AI score0.07215EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2020/07/30 1:47 p.m.•94 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. Vulnerability Details CVEID: CVE-2010-5312 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the...

9.1CVSS0.6AI score0.2258EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/07/10 8:34 a.m.•94 views

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearCase (CVE-2015-1788)

Summary GSKit is an IBM component that is used by IBM Rational ClearCase. The GSKit that is shipped with IBM Rational ClearCase contains a security vulnerability. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerabl...

4.3CVSS6.9AI score0.23222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/29 2:39 a.m.•93 views

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5 Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This...

10CVSS10AI score0.07032EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 2:56 a.m.•93 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF036 and 24.0.0-IF002. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

9.8CVSS10AI score0.99957EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/20 4:51 p.m.•93 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM...

9.1CVSS9.3AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/04 4:10 p.m.•93 views

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Tivoli Monitoring (ITM) components is vulnerable to a local authenticated attacker to bypass security restrictions.

Summary A vulnerabilitiy in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2024-3933 Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions,...

7.3CVSS6.3AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/24 7:1 p.m.•93 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

9.8CVSS9.9AI score0.76768EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/18 4:40 p.m.•93 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924)

Summary A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2022-3094, CVE-2022-3736, CVE-2022-3924. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2022-3094 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused ...

7.5CVSS7.9AI score0.5017EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/13 8:19 p.m.•93 views

Security Bulletin: AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient (CVE-2012-5783)

Summary A vulnerability in Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks CVE-2012-5783. AIX ships Apache Commons HttpClient as part of Electronic Customer Care. Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazo...

5.8CVSS6.9AI score0.09254EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/17 5:23 p.m.•93 views

Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-43382)

Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Corrected the affected upper fileset levels for AIX 7.3 TL0 to show that SP03 is affected. Added iFixes for 7.1 TL5 SP10 and 7.3 TL0 SP03. A vulnerability in the AIX lpd printer daemo...

6.2CVSS5.5AI score0.00179EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/02 5:34 p.m.•93 views

Security Bulletin: A vulnerability in Open JDK affecting Rational Functional Tester

Summary A vulnerability in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker...

5.3CVSS5.2AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:43 p.m.•93 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining and could allow a local attacker to execute arbitrary code on the system (CVE-2022-22965)

Summary There is a vulnerability in Spring Framework that could allow a local attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. The product is in an affected but not vulnerab...

9.8CVSS8.9AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/04 7:55 p.m.•93 views

Security Bulletin: A vulnerability in nginx may affect IBM Robotic Process Automation for Cloud Pak resulting in a denial of service (CVE-2022-41741, CVE-2022-41742)

Summary There is a vulnerability in nginx used by IBM Robotic Process Automation for Cloud Pak as part of the container ingress controller that may result in a denial of service. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...

7.8CVSS7AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/18 11:23 a.m.•93 views

Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-27928

Summary Summary guidance: A remote code execution issue was discovered in MariaDB in the version PowerVC ships. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotifycmd. Vulnerability Details CVEID:...

9CVSS8AI score0.38179EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/27 3:54 a.m.•93 views

Security Bulletin:IBM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Modeler which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS1.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/10/06 8:44 p.m.•93 views

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-16871 DESCRIPTION: A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS...

7.5CVSS0.4AI score0.02779EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/01/31 1:20 a.m.•93 views

Security Bulletin: IBM System Networking RackSwitch G8264CS and IBM Flex System Interconnect Fabric are affected by the following OpenSSL vulnerability: CVE-2014-0224

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details This Bulletin has been moved to the following document.Security Bulletin: IBM System Networking switches that are affected by the OpenSSL vulnerability...

7.4CVSS2.7AI score0.95326EPSS
Exploits9
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 4:2 a.m.•92 views

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest IBM Security Verify Governance release. Vulnerability Details CVEID:CVE-2023-33840 DESCRIPTION: IBM Security Verify Governance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

9.8CVSS9.7AI score0.17699EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/31 10:37 a.m.•92 views

Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities

Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...

9.8CVSS9.7AI score0.44824EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/05 1:43 p.m.•92 views

Security Bulletin: There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577)

Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading Style Sheets CSS content. A remote...

6.1CVSS6.6AI score0.01239EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/30 5:46 p.m.•92 views

Security Bulletin: Vulnerabilities in OpenSSL may affect IBM Spectrum Protect Plus (CVE-2022-3602, CVE-2022-3786)

Summary The vulnerabilities in OpenSSL affecting IBM Spectrum Protect Plus are also impating the component IBM Spectrum Protect Plus Db2 Agent. Please refer to the Security Bullentin for IBM Spectrum Protect Plus: https://www.ibm.com/support/pages/node/6965816 Vulnerability Details...

7.5CVSS8.5AI score0.91153EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 8:5 p.m.•92 views

Security Bulletin: Vulnerability in minimatch affects IBM Process Mining . CVE-2022-3517

Summary There is a vulnerability in minimatch that could allow a remote attacker to cause a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatc...

7.5CVSS8.5AI score0.01674EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/27 8:6 p.m.•92 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-35255, CVE-2022-35256. Node-tar is a full function tar library for node.js CVE-2018-20834. Swagger UI is used to visualize and interact wit...

9.8CVSS9.9AI score0.78666EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 3:28 p.m.•92 views

Security Bulletin: Vulnerability have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-45105, CVE-2021-44832)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details...

8.7AI score0.99999EPSS
Exploits22Affected Software6
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/29 11:37 p.m.•92 views

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary There are multiple vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. These vulnerabilities include elevation of privileges, obtaining sensitive information, denial of service, execution of arbitrary code on the system, bypassing security restrictions, and buffer...

8.8CVSS0.9AI score0.88106EPSS
Exploits134Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/18 4:46 a.m.•92 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service

Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager TADDM and is vulnerable to a denial of service CVE-2021-35550, CVE-35603. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

7.1CVSS0.8AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/12 6:17 p.m.•92 views

Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).

Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, cause...

6.5CVSS7.1AI score0.35834EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/04 4:0 p.m.•92 views

Security Bulletin: Vulnerability in the AIX kernel (CVE-2021-38988)

Summary There is a vulnerability in the AIX pfcdd kernel extension. Vulnerability Details CVEID: CVE-2021-38988 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...

6.2CVSS5.3AI score0.00212EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/04 4:2 p.m.•92 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Sterling Secure Proxy (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling Secure Proxy is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-45105,CVE-2021-45046. The fix includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable...

10CVSS1.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/11/01 6:20 p.m.•92 views

Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.7

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Application Discovery and Delivery Intelligence V5.1.0.7. These issues were disclosed as part of the IBM Java SDK updates in July 2021. Vulnerability Details CVEID: CVE-2021-2388...

7.5CVSS1.4AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/06/02 9:56 p.m.•92 views

Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches.

Summary Public disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. B...

4.3CVSS4.7AI score0.04803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/05/11 2:53 p.m.•92 views

Security Bulletin: A security vulnerability in Node.js glob-parent module affects IBM Cloud Automation Manager.

Summary A security vulnerability in Node.js glob-parent module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit th...

7.5CVSS1.9AI score0.04456EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/07/24 9:16 p.m.•92 views

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze

Summary AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...

9.3CVSS0.3AI score0.05111EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/17 4:53 a.m.•92 views

Security Bulletin: Rational RequisitePro affected by vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVE-ID: CVE-2014-0160 Description:...

7.5CVSS0.3AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/24 1:49 p.m.•91 views

Security Bulletin: IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities

Summary IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a stream for an uploaded file...

7.8CVSS8.3AI score0.90407EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000