Lucene search
K
IbmMost viewed

35715 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 9:47 p.m.89 views

Security Bulletin: IBM WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the...

9.8CVSS0.4AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/15 1:31 p.m.89 views

Security Bulletin: IBM Informix Dynamic Server is vulnerable to denial of service (CVE-2021-45105) and remote code execution (CVE-2021-45046) due to Apache Log4j

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. IBM Informix Dynamic Server is vulnerable to denial of service CVE-2021-45105 and remote code execution CVE-2021-45046 due to Apache Log4j. The fix is included in Apac...

10CVSS1.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/28 4:56 p.m.89 views

Security Bulletin: IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which affect the Knowledge Center Component KCCI which may optionally be installed by IBM Engineering Requirements Management DOORS. This fix upgrades the Knowlege Center component to a...

10CVSS1.5AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 2:50 p.m.89 views

Security Bulletin: A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-45046)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed. Vulnerability Details...

10CVSS0.6AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:38 p.m.89 views

Security Bulletin: GSKit Sweet32 Birthday attacks on 64-bit block ciphers in TLS affects the Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-2183)

Summary GSKit is vulnerable to Sweet32 Birthday attacks on 64-bit block ciphers in TLS which affects the Tivoli Storage Manager IBM Spectrum Protect Server. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: An error in the DES/3DES cipher, used as a part of the SSL/TLS protocol, could allow...

7.5CVSS0.8AI score0.95707EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 6:46 a.m.88 views

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Summary There are multiple vulnerabilities in IBM® WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack...

7.8CVSS7.3AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:32 a.m.88 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.1 Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when using DNS forwarders. An attacker could exploit this...

9.8CVSS9.6AI score0.1593EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 4:57 p.m.88 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...

6.2CVSS6.2AI score0.00116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/29 9:12 p.m.88 views

Security Bulletin: IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls (CVE-2023-32333)

Summary IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls CVE-2023-32333. This only impacts environments using native Maximo security when security options have been incorrectly applied to the MAXREG user. Vulnerability Details...

9.8CVSS8AI score0.00545EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/03 4:45 p.m.88 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2023 CPU plus deferred CVE-2022-21426

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

5.3CVSS7.1AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/18 8:41 p.m.88 views

Security Bulletin: AIX is vulnerable to a buffer overflow due to X11 (CVE-2022-47990)

Summary A vulnerability in X11 on AIX could allow a non-privileged local user to cause a buffer overflow that could result in a denial of service or arbitrary code execution CVE-2022-47990. Vulnerability Details CVEID:CVE-2022-47990 DESCRIPTION: IBM AIX could allow a non-privileged local user to...

7.8CVSS7.3AI score0.0021EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 12:48 p.m.88 views

Security Bulletin: IBM MQ is affected by a vulnerability in libcurl (CVE-2022-32206)

Summary An issue was identified in libcurl that affects IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2022-32206 DESCRIPTION: cURL libcurl is vulnerable to ...

6.5CVSS7.7AI score0.3197EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/07 12:5 p.m.88 views

Security Bulletin: Multiple vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315)

Summary Multiple vulnerabilities have been identified in DB2 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

9.8CVSS10AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/09 5:46 a.m.88 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages Golang Go, libxml2, curl, expat ,libgcrypt and IBM WebSphere Application Server Liberty that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details...

8.1CVSS9.9AI score0.05416EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.88 views

Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2015-5621)

Summary The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol SNMP.One security vulnerability has been discovered in net-snmp used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP...

7.5CVSS9AI score0.40002EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/12 11:43 p.m.88 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Archive Enterprise Edition (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Archive Enterprise Edition EE. The below fix package includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...

10CVSS0.6AI score0.99999EPSS
Exploits351Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/05 10:36 p.m.88 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44832) affects the IBM Performance Management product

Summary The APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44832 and fixed in Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a...

8.5CVSS1.8AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/31 9:19 p.m.88 views

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2021-29682 DESCRIPTION: IBM Security Identity Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message ...

9.9CVSS0.7AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/13 8:46 p.m.88 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2018-1288 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually created fetch request interfering with data replication, an attacker cou...

10CVSS0.5AI score0.87218EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/13 5:58 p.m.88 views

Security Bulletin: IBM MaaS360 Cloud Extender has security vulnerabilities (CVE-2020-1155, CVE-2020-1156)

Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Vulnerability Details CVEID: CVE-2020-11656 DESCRIPTION: SQLite could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the ALTER TABLE implementation. By sending a special...

9.8CVSS2.3AI score0.07407EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/31 10:26 p.m.88 views

Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358)

Summary jQuery used by IBM Tririga Application Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the...

6.1CVSS0.7AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:50 a.m.88 views

Security Bulletin: IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in OpenSSL

Summary The IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2014-3511 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the negotiation of TLS 1.0 instead of higher...

7.5CVSS1.2AI score0.7408EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/19 3:40 p.m.88 views

Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251)

Summary IBM Cloud Private is vulnerable to a security vulnerability Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a...

6.1CVSS0.7AI score0.29726EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 2:19 p.m.87 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...

6.7CVSS10AI score0.93305EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:3 a.m.87 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...

8.8CVSS10AI score0.35447EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:53 a.m.87 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-24806 DESCRIPTION: libuv is vulnerable to server-side request forgery, caused...

8.6CVSS9.5AI score0.02003EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 9:6 p.m.87 views

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2024-25062. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. Whe...

7.5CVSS7.7AI score0.01364EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 6:3 p.m.87 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.8CVSS9.6AI score0.87816EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 5:11 p.m.87 views

Security Bulletin: AIX is vulnerable to a denial of service due to NTP (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554)

Summary Multiple vulnerabilities in NTP could allow a remote attacker to cause a denial of service CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554. Vulnerability Details CVEID:CVE-2023-26551 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bounds write in...

5.6CVSS6.3AI score0.00703EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:43 a.m.87 views

Security Bulletin: There is a vulnerability in moment.js used by IBM Jazz Reporting Service (CVE-2022-24785)

Summary There is a vulnerability in moment.js used by IBM Jazz Reporting Service JRS. This vulnerabiliity is addressed in JRS by upgrading to a version of moment.js that resolves the issue. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse...

7.8CVSS7.4AI score0.09905EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 5:27 p.m.87 views

Security Bulletin: Vulnerabilities in Springfox swagger affect IBM Rational ClearQuest

Summary Springfox swagger used by IBM Rational ClearQuest v10.0 had multiple vulnerabilities. IBM Rational ClearQuest has addressed the applicable CVEs by replacing Springfox swagger with spring doc. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker ...

4.3CVSS5.5AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/06 10:47 p.m.87 views

Security Bulletin: IBM QRadar WinCollect Agent is vulnerable to a local escalation of privilege attack in some configurations (CVE-2023-38736)

Summary IBM QRadar WinCollect Agent when installed to run as Admin or System, or with Admin or System privileges, is vulnerable to a local escalation of privilege attack that a non-privileged user could utilize to gain System permissions. IBM has addressed the relevant vulnerability. Vulnerabilit...

7.8CVSS7.8AI score0.00391EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.87 views

Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are...

7.8CVSS7.2AI score0.98745EPSS
Exploits4Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 8:55 p.m.87 views

Security Bulletin: IBM Aspera Orchestrator was vulnerable to cross-site scripting due to multiple JQuery vulnerabilities (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)

Summary The following vulnerabilities has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position function. A remote...

6.5CVSS6.7AI score0.44515EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.87 views

Security Bulletin: A vulnerability in PostgreSQL JDBC Driver (PgJDBC) affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-21724)

Summary A vulnerability in PostgreSQL JDBC Driver PgJDBC affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2022-21724. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could...

9.8CVSS8.4AI score0.0301EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 8:52 p.m.87 views

Security Bulletin: AIX is vulnerable to a denial of service due to the AIX SMB client (CVE-2022-43381)

Summary A vulnerability in the AIX SMB client daemon could allow a non-privileged local user to cause a denial of service CVE-2022-43381. AIX uses the SMB client daemon to access files on SMB servers. Vulnerability Details CVEID:CVE-2022-43381 DESCRIPTION: IBM AIX could allow a non-privileged loc...

6.2CVSS6.3AI score0.00185EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 12:14 p.m.87 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Google Gson (CVE-2022-25647)

Summary IBM Sterling B2B Integrator has addressed a denial of service vulnerability in Google Gson. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote...

7.7CVSS7.4AI score0.1158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 7:30 p.m.87 views

Security Bulletin: Multiple vulnerabilities in IBM Cognos BI 8.4.1,10.1, 10.1.1 and 10.2 (CVE-2011-3026, CVE-2011-4858, CVE-2012-0498, CVE-2012-2177, CVE-2012-2193, CVE-2012-4835, CVE-2012-4836, CVE-2012-4837, CVE-2012-4840, CVE-2012-4858, CVE-2012-5081)

Summary Several security vulnerabilities have been identified in IBM Cognos BI which may allowing remote attackers to: - Cause a denial of service condition via excessive CPU consumption, - Inject arbitrary JavaScript code into the victim's web browser, - Download arbitrary XML files from the...

10CVSS9.8AI score0.80318EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.87 views

Security Bulletin: Vulnerability in SSLv3 affects IBM/Cisco switches and directors (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM/Cisco switches and directors. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obtain...

4.3CVSS3.4AI score0.99999EPSS
Exploits7Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/19 9:43 p.m.87 views

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities.

Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2018-11782 DESCRIPTION: Apache Subversion svnserve servers is vulnerable to a denial of service, caused by an error in the svnserve 'get-deleted-rev' process. By sending a...

9.8CVSS8.9AI score0.07836EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 11:49 a.m.87 views

Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects Power HMC

Summary OpenSSL is used by IBM Power Hardware Management Console HMC for cryptography toolkit implementing the Secure Sockets Layer SSL and Transport Layer Security TLS network protocols and related cryptography standards required by them. This bulletin provides a remediation for the impacted...

7.5CVSS1AI score0.70561EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 6:34 p.m.87 views

Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities

Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...

7.5CVSS1.1AI score0.2241EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/01 4:38 p.m.87 views

Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities

Summary Cloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to...

10CVSS10.3AI score0.99988EPSS
Exploits109Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/01 10:32 a.m.87 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-44790, CVE-2021-44224)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.2 To 4.2.0.14. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

0.9AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/22 5:56 p.m.87 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a...

9.8CVSS10.1AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.87 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Security Network Intrusion Prevention System (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

5CVSS4.6AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 5:11 p.m.87 views

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-44228)

Summary A Remote Code Execution issue was identified within the Log4j library that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ 9.1.4 and later to provide connection capability between IBM MQ queue managers...

10CVSS0.9AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/22 10:16 a.m.87 views

Security Bulletin: IBM MQ is vulnerable to multiple issues within the IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 8 shipped with IBM MQ (CVE-2021-2432, CVE-2021-2388)

Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and versions 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID: CVE-2021-2432 DESCRIPTION: An unspecified vulnerability in Java SE...

7.5CVSS6.1AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/11 7:40 p.m.87 views

Startup issues for both IBM Sterling B2B Integrator and IBM Sterling File Gateway caused by Microsoft® Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066

Abstract Applying Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066 could prevent startup of both IBM Sterling B2B Integrator and IBM Sterling File Gateway. Content IBM Support has received several production down calls from IBM Sterling B2B Integrator and IBM Sterling File Gatewa...

0.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.87 views

Security Bulletin: Vulnerabilities in GNU C library (glibc), OpenSSL and BIND affect IBM Netezza Host Management

Summary Vulnerabilites in GNU C library glibc, OpenSSL and BIND affects IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by...

8.1CVSS1AI score0.89557EPSS
Exploits19Affected Software1
Total number of security vulnerabilities5000