Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/08/23 3:29 p.m.86 views

Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

Summary Vulnerabilities in AIX's OpenSSH could allow a non-privileged local user file access outside of those allowed CVE-2023-40371 or allow a remote attacker to execute arbitrary code CVE-2023-38408. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2023-40371 DESCRIPTION...

9.8CVSS8.3AI score0.76768EPSS
Exploits10Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 8:29 p.m.86 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471]

Summary SnakeYaml is a YAML Ain't Markup Language parser used by Db2 Web Query in the underlying WebFOCUS base product. SnakeYaml could allow arbitrary code execution as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability as described in the...

9.8CVSS9.4AI score0.99615EPSS
Exploits7Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.86 views

Security Bulletin: Apache Tomcat vulnerabilities affect IBM SAN Volume Controller and Storwize Family (CVE-2014-0227 CVE-2014-0230)

Summary Apache Tomcat DoS and unauthorized access vulnerabilities Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected. CVEID: CVE-2014-0227 DESCRIPTION: Apache Tomcat i...

7.8CVSS6.9AI score0.21045EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.86 views

Security Bulletin: A vulnerability in PostgreSQL JDBC Driver (PgJDBC) affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-21724)

Summary A vulnerability in PostgreSQL JDBC Driver PgJDBC affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2022-21724. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could...

9.8CVSS8.4AI score0.0301EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 4:11 p.m.86 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial service (CVE-2020-36518)

Summary IBM Sterling B2B Integrator has addressed the denial service vulnerability Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote...

7.5CVSS7.5AI score0.0486EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/22 5:30 p.m.86 views

Security Bulletin: IBM MQ Appliance is affected by a Kernel vulnerability (CVE-2020-25705)

Summary IBM MQ Appliance has resolved a Kernel vulnerability. Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an...

7.4CVSS7.5AI score0.06692EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 7:15 p.m.86 views

Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)

Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...

6.5CVSS6.5AI score0.01199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 4:10 p.m.86 views

Security Bulletin: IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j and issues in other open source components (CVE-2021-4104)

Summary IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used by IBM Security Identity Manager virtual appliance as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1, as well as...

7.5CVSS9.2AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/13 10:3 p.m.86 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP requst smuggling and a buffer overflow attack as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes...

9.8CVSS1.9AI score0.41861EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 6:34 p.m.86 views

Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities

Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...

7.5CVSS1.1AI score0.2241EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 11:10 p.m.86 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to privilege escalation (CVE-2022-22441)

Summary A privilege escalation vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2022-22441 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to view information of higher privileged users and groups due to a privilege...

6.5CVSS1.9AI score0.0084EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 3:8 a.m.86 views

Security Bulletin: Vulnerabilities in Dojo and dom4j libraries affect Tivoli Netcool/OMNIbus WebGUI (CVE-2020-10683, CVE-2021-23450)

Summary Fix is available for vulnerabilities in Dojo and dom4j libraries affecting Tivoli Netcool/OMNIbus WebGUI CVE-2020-10683, CVE-2021-23450. Dojo is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. dom4j was required by Tivoli Netcool/OMNIbus WebGUI as part of Apache...

9.8CVSS1.3AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/22 5:56 p.m.86 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a...

9.8CVSS10.1AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/01 4:8 p.m.86 views

Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996)

Summary There are multiple vulnerabilities in AIX CAA. Vulnerability Details CVEID: CVE-2022-22350 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...

6.2CVSS5.5AI score0.00214EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.86 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Security Network Intrusion Prevention System (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

5CVSS4.6AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/28 11:1 p.m.86 views

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is affected by critical vulnerability in Log4j (CVE-2021-44228)

Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Data Virtualization on Cloud Pak for Data Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS7.5AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:34 p.m.86 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data has addressed Apache Log4j vulnerability (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages for IBM Cloud Pak for Data. This affects the IBM OpenPages logging framework. This vulnerability CVE-2021-44228 has been addressed. Customers are encouraged to take action and upgrade. Vulnerability...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 3:15 a.m.86 views

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server which is bundled in IBM WebSphere Hybrid Edition (CVE-2021-44228)

Summary Vulnerability in Apache Log4j affects WebSphere Application Server which is bundled in IBM WebSphere Hybrid Edition CVE-2021-44228 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Principal Products and Versions...

10CVSS1.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/18 6:25 a.m.86 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-40438, CVE-2021-34798)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.1.1.x and 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

1AI score0.99999EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/01 11:4 a.m.86 views

Log Analysis Security Bulletin List

Question Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis? Answer Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various components in Log Analysis, listed by...

10CVSS0.4AI score0.98567EPSS
Exploits34
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/28 10:23 p.m.86 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.0.13 FP4. These vulnerabilities have also been addressed in previous versions of IBM Cognos Analytics 11.1.x . Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial...

10CVSS10.5AI score0.34731EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/11 7:40 p.m.86 views

Startup issues for both IBM Sterling B2B Integrator and IBM Sterling File Gateway caused by Microsoft® Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066

Abstract Applying Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066 could prevent startup of both IBM Sterling B2B Integrator and IBM Sterling File Gateway. Content IBM Support has received several production down calls from IBM Sterling B2B Integrator and IBM Sterling File Gatewa...

0.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/30 7:48 a.m.86 views

Security Bulletin: Multiple Security vulnerabilities in WebSphere Application Server Community Edition

Summary There are multiple security vulnerabilies in WebSphere Application Server Community Edition. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload...

9.8CVSS0.6AI score0.90338EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:7 a.m.86 views

Security Bulletin: IBM XIV is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...

7.5CVSS0.3AI score0.99999EPSS
Exploits87
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.86 views

Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in Network Security Services (NSS) (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)

Summary Vulnerabilities have been identified in the Network Security Services NSS libraries. IBM Security Access Manager appliances use NSS and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2834 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla...

9.3CVSS2.2AI score0.0338EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:15 p.m.85 views

Security Bulletin: IBM DataPower Gateway vulnerable to XML Entity Expansion attack in Web UI (CVE-2022-31775)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-31775 DESCRIPTION: IBM DataPower Gateway is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...

9.1CVSS7.3AI score0.0115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/02 7:25 p.m.85 views

Security Bulletin: Apache Tomcat is vulnerable to CVE-2024-24549 and CVE-2024-23672 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Tomcat which is vulnerable to CVE-2024-24549 and CVE-2024-23672. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a...

7.5CVSS7.1AI score0.23072EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/06 8:44 a.m.85 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-22081, CVE-2023-5676)

Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...

5.9CVSS6AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 6:33 a.m.85 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset

Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227, CVE-2023-2453...

9.8CVSS9.1AI score0.03228EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:42 a.m.85 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...

8.6CVSS9.4AI score0.27392EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 10:40 p.m.85 views

Security Bulletin: A CVE-2023-26049 vulnerability in Eclipse Jetty affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary A vulnerability exists in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could all...

5.3CVSS4.6AI score0.013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.85 views

Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Java SE affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are CVE-2019-2989...

6.8CVSS6.4AI score0.03533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.85 views

Security Bulletin: Multiple vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. OpenSSH is used in the Command Line Interface. The applicable CVEs are...

7.8CVSS7.1AI score0.88944EPSS
Exploits17Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.85 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-33037...

5.3CVSS6.3AI score0.75353EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 3:13 p.m.85 views

Security Bulletin: Multiple Vulnerabilities (CVE-2022-45693, CVE-2022-4568) affects CICS Transaction Gateway for Multiplatforms.

Summary Multiple Vulnerabilities CVE-2022-45693, CVE-2022-4568 affects CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerabilities. Please note: PSIRT fixes for CICS Transaction Gateway for Multiplatforms 9.0 will be provided only for extended support customers with reque...

7.8CVSS7.4AI score0.01395EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:46 p.m.85 views

Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

Summary There is a vulnerability in jackson-databind that could allow a local attacker to launch a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36182 DESCRIPTION:...

10CVSS9.1AI score0.45205EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 9:24 p.m.85 views

Security Bulletin: Potential Denial of Service in IBM DataPower Gateway (CVE-2022-23806)

Summary IBM has addressed the CVE, which may have affected DataPower Operator Vulnerability Details CVEID: CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted...

9.1CVSS2AI score0.03015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 10:48 p.m.85 views

Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785)

Summary The IBM Db2 Mirror for i GUI uses Chart.js for data presentation and charting features. The version of Chart.js used by IBM Db2 Mirror for i depends upon Moment.js which is vulnerable to CVE-2022-24785 as described in the vulnerability details section. IBM has addressed the vulnerability...

7.5CVSS0.5AI score0.05664EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/07 3:42 a.m.85 views

Security Bulletin: Vulnerability in json4j - CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator

Summary Json4j is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-3918 by upgrading addressable to latest version. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execu...

9.8CVSS1.7AI score0.03563EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/08 5:31 p.m.85 views

Security Bulletin: Vulnerability in Apache Log4j affects Netcool Operation Insight (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by Netcool Operation Insight to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/25 2:41 p.m.85 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Drupal dated modernizr library

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sendi...

9.1CVSS1.2AI score0.2241EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/15 2:17 p.m.85 views

Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2020-1968)

Summary IBM MQ Appliance has resolved and OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections...

4.3CVSS1.1AI score0.04803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.85 views

Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2017-5638)

Summary A Security vulnerability relating to remote code execution CVE-2017-5638 S2-045 has been reported against Apache Struts 2, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Struts 2 package version that is vulnerable to these issues is included in several past...

10CVSS0.2AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.85 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

6.5CVSS7AI score0.83645EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:46 a.m.84 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

8.2CVSS10AI score0.87211EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:43 a.m.84 views

Security Bulletin: IBM API Connect is impacted by host header injection vulnerability (CVE-2021-38997)

Summary IBM API Connect is impacted by host header injection vulnerability. The fix addresses the host header injection CVE-2021-38997. Vulnerability Details CVEID:CVE-2021-38997 DESCRIPTION: IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOS...

5.4CVSS5.4AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 10:43 p.m.84 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially crafte...

8CVSS10AI score0.07087EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 7:12 p.m.84 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request...

9.8CVSS9.8AI score0.99957EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 10:40 a.m.84 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial o...

7.5CVSS6.2AI score0.01471EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 6:43 a.m.84 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 270. Vulnerability Details CVEID:CVE-2024-29133 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by ...

7.5CVSS8.6AI score0.02054EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000