Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/02/29 4:57 p.m.•84 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...

6.2CVSS6.2AI score0.00116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/07 10:45 p.m.•84 views

Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in the Kernel

Summary IBM Flex System switch firmware products have addressed the following Kernel vulnerabilities. Vulnerability Details CVEID: CVE-2020-13974 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the...

7.8CVSS1.2AI score0.00617EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/26 2:34 p.m.•84 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-44487)

Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability that exploits HTTP/2 protocol by allowing a denial of service because request cancellation can reset many streams quickly CVE-2023-44487. Vulnerability Details CVE-2023-44487 Description: Th...

7.5CVSS6.2AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/05 8:12 a.m.•84 views

Security Bulletin: IBM Security Verify Privilege On-Premise is affected by multiple security vulnerabilities

Summary IBM Security Verify Privilege On-Premise has addressed several security issues. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2022-43891 DESCRIPTION: IBM Security Verify Privilege On-Premises could allow a remote attacker to obtain sensitive information when a...

8.8CVSS9.3AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/03 5:20 p.m.•84 views

Security Bulletin: IBM i is vulnerable to a local privilege escalation (CVE-2023-40375).

Summary IBM i is vulnerable to a local privilege escalation due to a flaw in the base operating system code related to the Integrated application server for IBM i as described in the vulnerability details section. The vulnerability exists even when the Integrated application server is not...

7.8CVSS7.8AI score0.00147EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/25 9:11 a.m.•84 views

Security Bulletin: Multiple vulnerabilities in The Bouncy Castle Crypto Package For Java affect IBM Application Performance Management products

Summary The Bouncy Castle Crypto Package For Java is used by IBM Application Performance Management. The vulnerabilities below have been addressed. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain...

9.8CVSS8.9AI score0.08878EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/05 12:52 p.m.•84 views

Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)

Summary Multiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.1CVSS8.5AI score0.13258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/10 4:1 a.m.•84 views

Security Bulletin: Vulnerability in IBM Java (CVE-2022-3676) affects Power HMC

Summary IBM Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface call...

6.5CVSS6.5AI score0.00589EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/01 2:26 p.m.•84 views

Security Bulletin: Zlib for IBM i is vulnerable to a buffer overflow issue during inflate (CVE-2022-37434)

Summary Zlib for IBM i is vulnerable to a heap-based buffer overflow during inflate as described in the vulnerability details section. IBM i has addressed the vulnerability in Zlib with a fix as described in the remediation/fixes section. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zl...

9.8CVSS10AI score0.1593EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/25 1:11 p.m.•84 views

Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...

9.8CVSS10AI score0.96121EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/30 8:39 a.m.•84 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-34165)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...

5.4CVSS5.9AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/02 7:51 p.m.•84 views

Security Bulletin: IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Standard contains a component called EDB Failover Manager EFM and uses a version of Apache Log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID:...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/24 8:1 p.m.•84 views

Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-4104)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker t...

7.5CVSS1AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/28 8:34 p.m.•84 views

Security Bulletin: Multiple vulnerabilities in IBM SANnav software used by IBM b-type SAN directors and switches (CVE-2021-45105 and CV-2021-45046)

Summary The IBM SANnav Management Portal and Global View products do not directly use Apache Log4j2, but other modules used by IBM SANnav contain Apache Log4j2 code. IBM SANnav does not expose direct access to these services. The fix removes the Apache Log4j library. Vulnerability Details CVEID:...

10CVSS0.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/10/06 1:30 a.m.•84 views

Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary Vulnerabilities in the Linux Kernel such as execution of arbitrary code, denial of service, bypassing security restrictions, and obtaining or disclosing of information may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25212 DESCRIPTION: Linux Kernel could allow a...

7.2CVSS8.1AI score0.00802EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/10/05 7:25 p.m.•84 views

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about a security vulnerability affecting WebSphere Application Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...

7.5CVSS2.2AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/02/05 7:10 p.m.•84 views

Security Bulletin: Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000613, CVE-2017-13098, CVE-2018-1000180)

Summary Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection fl...

9.8CVSS2.1AI score0.24282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/01/27 12:5 a.m.•84 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-2974 DESCRIPTION: An unspecified vulnerability in product related to the Server Oracle MySQL component could allow an...

8.8CVSS1AI score0.86006EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/07/15 10:35 p.m.•84 views

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z

Summary AT&T has released versions 1801-z for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches Vulnerabili...

9.3CVSS1.3AI score0.09393EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/07/25 2:35 p.m.•84 views

Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities

Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000004 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sound system. A remote attacker could exploit this vulnerability to caus...

10CVSS0.9AI score0.52189EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/16 2:18 p.m.•84 views

Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown

Summary IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEID:...

5.6CVSS0.7AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/12/23 4:47 p.m.•83 views

Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read

Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...

8.1CVSS6.3AI score0.02394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 4:3 a.m.•83 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...

9.8CVSS10AI score0.60679EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/15 2:31 p.m.•83 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-4527 DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function. By...

10CVSS10AI score0.81422EPSS
Exploits38Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/15 1:37 p.m.•83 views

Security Bulletin: IBM Operational Decision Manager November 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2023-3404...

9.8CVSS9.3AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/06 6:48 p.m.•83 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass securit...

9.8CVSS9.8AI score0.95302EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/21 2:10 p.m.•83 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. Vulnerability Details CVEID:CVE-2022-43930 DESCRIPTION: IBM Db2 is vulernable to an Information Disclosure as sensitive information may be included in a log file. CVS...

7.5CVSS6.1AI score0.00492EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/10 2:11 a.m.•83 views

Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676)

Summary There are vulnerabilities in IBM® Semeru Runtime Open Edition 11 used by SPSS Collaboration and Deployment Services. These issues have been addressed. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight...

6.5CVSS6.2AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/30 5:17 p.m.•83 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID:CVE-2022-41910 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the MakeGrapplerFunctionItem function i...

9.8CVSS8.1AI score0.00579EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/08 8:7 p.m.•83 views

Security Bulletin: IBM Security Guardium is affected by a jsoup vulnerability (CVE-2021-37714)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause th...

7.5CVSS7.3AI score0.06873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/02 4:25 p.m.•83 views

Security Bulletin: Security Vulnerability in Apache Tika used by Content Collector for Email in Content Search Services container (affected, not vulnerable)

Summary In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a...

5.5CVSS4.9AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 11:13 p.m.•83 views

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.0.1

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.0.1 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-3304 PM54356 DESCRIPTION: WebSphere Application Server could allow a remote attacker to hijack a valid user’s session, caused by an...

7.5CVSS8.5AI score0.0388EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/22 3:2 a.m.•83 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-1788)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...

4.3CVSS6.4AI score0.23222EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/19 8:54 p.m.•83 views

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...

9.8CVSS8.9AI score0.25802EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/04 12:52 p.m.•83 views

Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)

Summary In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. dojox/grid/Builder.js and dojox/grid/cells/base.js, providing the class dojox/Grid/DataGrid, are affected by CVE-2018-15494, an unescaped string injection vulnerability. Vulnerability Details CVEID:...

9.8CVSS0.6AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/22 12:10 p.m.•83 views

Security Bulletin: June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed a CVE that could allow an unauthenticated attacker to cause a denial of service and two CVEs that could allow an...

5.3CVSS1.6AI score0.02805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/12 10:52 p.m.•83 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass (CVE-2019-4591)

Summary IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass. Vulnerability Details CVEID: CVE-2019-4591 DESCRIPTION: IBM Maximo Asset Management does not invalidate session after logout which could allow a local user to impersonate another user on the system. CVSS Base...

7.8CVSS1.1AI score0.0027EPSS
Exploits0Affected Software19
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/07 6:38 p.m.•83 views

Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment updates deferred from Oracle Oct 2021 CPU CVE-2021-35550...

7.1CVSS1AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/16 4:5 p.m.•83 views

Security Bulletin: A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager

Summary A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has...

7.5CVSS2.2AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/23 7:48 p.m.•83 views

Security Bulletin: A vulnerability in sudo affects IBM Security Network Intrusion Prevention System (CVE-2014-9680)

Summary A security vulnerability has been discovered in sudo used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-9680 DESCRIPTION: Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ...

3.3CVSS4.7AI score0.0047EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/27 2:10 a.m.•83 views

Security Bulletin: IBM Spectrum LSF is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Spectrum LSF as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

9CVSS7AI score0.99999EPSS
Exploits43Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/14 9:7 p.m.•83 views

Security Bulletin: IBM Db2® Warehouse is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j open source library used by IBM® Db2® Warehouse is affected by multiple vulnerabilitiies CVE-2021-45105 and CVE-2021-45046. This library is used by the Db2 Federation, Spark, Livy and IBM Spectrum Protect as part of its logging infrastructure. The fix includes includes Apache...

10CVSS0.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/13 5:23 a.m.•83 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-4104, CVE-2021-45046)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

2.5AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/11/25 8:58 a.m.•83 views

Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager

Summary Vulnerabilities exist in IBM Netcool Agile Service Manager, these have been addressed. Vulnerability Details CVEID: CVE-2021-21290 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sendin...

6.2CVSS6.5AI score0.18891EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/10/08 8:19 p.m.•83 views

Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-2991 DESCRIPTION: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.017 and prior. Easily exploitable...

6.5CVSS1AI score0.03726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/10/14 4:59 p.m.•83 views

Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Using Components with Known Vulnerabilities vulnerability

Summary IBM Security Guardium is aware of the following vulnerability Vulnerability Details CVEID: CVE-2016-1000342 DESCRIPTION: Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the ECDSA. A remote attacker cou...

9.8CVSS0.5AI score0.24282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/16 10:3 p.m.•83 views

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities

Summary IBM Security Guardium is affected by Using Components with Known Vulnerabilities. IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2014-3584 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received...

10CVSS1.4AI score0.63029EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/15 7:3 a.m.•83 views

Security Bulletin: Logjam vulnerability in TLS affects IBM CICS Transaction Gateway (CVE-2015-4000)

Summary The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher...

4.3CVSS0.3AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/29 2:11 a.m.•82 views

Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID:CVE-2016-8735 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially...

9.8CVSS9.7AI score0.90338EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 2:37 a.m.•82 views

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...

9.8CVSS9.9AI score0.4292EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000