Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:28 a.m.82 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-30203 DESCRIPTION: GNU Emacs could provide weaker than expected security,...

9.8CVSS9.9AI score0.01323EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:6 a.m.82 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.3.0 Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerable to a denial of service, caused by a flaw in the Unmarshal function. By sending a specially-crafted input, a remote attacker could...

8.8CVSS9.8AI score0.035EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:11 a.m.82 views

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22968, CVE-2022-24785, CVE-2017-18214, CVE-2016-4055, CVE-2018-1000613, CVE-2020-15522, CVE-2018-1000180, CVE-2020-26939, CVE-2022-22314)

Summary IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Spring is used in IBM Planning Analytics Workspace in Server-Side Rest APIs as an indirect dependency by MongoDB that is used to store content CVE-2022-22968. Node.js moment is used in IBM Planning Analytics Workspa...

9.8CVSS9AI score0.09905EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 4:54 p.m.82 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input...

6.5CVSS6.7AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/09 8:4 p.m.82 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access updates. Vulnerability Details CVEID:CVE-2023-31003 DESCRIPTION: IBM Security Access Manager Container IBM Security Verify Access...

9.8CVSS10AI score0.01034EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 5:46 p.m.82 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to Eclipse Jetty

Summary IBM Sterling Connect:Direct for Microsoft Windows uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafte...

7.5CVSS8.3AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 5:53 p.m.82 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulerabilities in TensorFlow

Summary Multiple vulnerabilities in TensorFlow have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-25658 DESCRIPTION: TensorFlow is vulnerab...

9.8CVSS9.1AI score0.01556EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/08 1:40 p.m.82 views

Security Bulletin: Vulnerability in paramiko-2.4.2-py2.py3-none-any.whl affects IBM Integrated Analytics System [CVE-2022-24302]

Summary The paramiko-2.4.2-py2.py3-none-any.whl package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-31799 Vulnerability Details CVEID:CVE-2022-24302 DESCRIPTION: Paramiko could allow a remote attacker to obtain sensitive...

9.8CVSS5.8AI score0.0208EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 4:7 p.m.82 views

Security Bulletin: Vulnerabilities in PostgreSQL may affect IBM Spectrum Protect Plus (CVE-2022-2625, CVE-2022-1552, CVE-2021-3677)

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in PostgreSQL. Vulnerabilities include obtaining sensitive information and remote execution of arbitrary code, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been addressed...

8.8CVSS9.1AI score0.12403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.82 views

Security Bulletin: Vulnerabilities in OpenSSL affects SAN Volume Controller and Storwize Family (CVE-2015-1789 CVE-2015-1791 CVE-2015-1788 )

Summary OpenSSL vulnerabilities were disclosed in June 2015 by the OpenSSL Project. OpenSSL is used by SAN Volume Controller and Storwize Family. SAN Volume Controller and Storwize Family has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1789 DESCRIPTION: OpenSSL is...

7.5CVSS7.3AI score0.74483EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 8:35 p.m.82 views

Security Bulletin: There is a vulnerability in Apache Commons BCEL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42920)

Summary There is a vulnerability in Apache Commons BCEL used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds writ...

9.8CVSS9.7AI score0.02836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.82 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796 could allow a remote attacker to obtain sensitive information, cause an application to...

7.5CVSS9.1AI score0.39633EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 11:26 p.m.82 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with multiple IBM Security products

Summary IBM WebSphere Application Server is shipped as a component of multiple IBM Security products. Information about a security vulnerability affecting these products has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Classloader Manipulation...

7.5CVSS7.3AI score0.96121EPSS
Exploits4Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 3:5 p.m.82 views

Security Bulletin: Vulnerabilities in the Open Source Node.js runtime affect IBM Event Streams (CVE-2021-44533, CVE-2022-21824, CVE-2021-44531, CVE-2021-44532)

Summary Node.js is used by Event Streams as the runtime for the UI component. This fix updates the Node.js runtime to 16.15.0. Vulnerability Details CVEID: CVE-2021-44533 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of...

8.2CVSS1AI score0.21514EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/16 6:26 p.m.82 views

Security Bulletin: IBM Security QRadar Event and Flow Exporter App is vulnerable to using components with known vulnerabilities (CVE-2021-31535, CVE-2020-17541)

Summary IBM Security QRadar Event and Flow Exporter App is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2021-31535 DESCRIPTION: X.Org libX11 is vulnerable to a denial of service, caused by improper input validatio...

9.8CVSS2.4AI score0.10634EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/25 10:33 p.m.82 views

Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

9.8CVSS1.3AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 7:55 p.m.82 views

Security Bulletin: IBM DataPower Gateway Operand affected by vulnerabilities in Go (CVE-2021-44716, CVE-2021-44717)

Summary Ibm DataPower Gateway, when deployed by DataPower Operator on Kubernetes & OpenShift, is subject to a potential denial of service. IBM has addressed the relevant CVEs Vulnerability Details CVEID: CVE-2021-44717 DESCRIPTION: Golang Go could allow a remote attacker to bypass security...

7.5CVSS1.5AI score0.03958EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 11:53 p.m.82 views

Security Bulletin: IBM Planning Analytics is affected by security vulnerabilities.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.75. Vulnerability Details CVEID: CVE-2021-39040 DESCRIPTION: IBM Planning Analytics could be vulnerable to malicious file upload by not validating the file types or...

9.8CVSS1.5AI score0.03563EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 4:53 p.m.82 views

Security Bulletin: Vulnerability in Apache Log4J adressed in Crypto Hardware Initialization and Maintenance (CVE-2021-44228)

Summary Crypto Hardware Initialization and Maintenance CHIM 3.0.0 as shipped with CCA 7.2.55 for MTM 4769 is affected by a vulnerability in Apache Log4J CVE-2021-44228. CHIM is using Apache Log4J for internal logging purposes of regular user activity. Vulnerability Details CVEID: CVE-2021-44228...

10CVSS1.1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:6 p.m.82 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j affect IBM Db2 Web Query for i

Summary There are multiple vulnerabilities in Apache Log4j CVE-2021-44228 and CVE-2021-45046 as described in the vulnerability details section. Apache Log4j is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in D...

10CVSS1.3AI score0.99999EPSS
Exploits353Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 9:37 a.m.82 views

Security Bulletin: Security vulnerability has been identified in Apache Log4j library shipped with IBM License Metric Tool v9 (CVE-2021-44228).

Summary There is a vulnerability in Apache Log4j used by VM Manager tool component which is a part of IBM License Metric Tool infrastructure. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/14 8:35 p.m.82 views

Security Bulletin: IBM QRadar SIEM Application Framework v1 (CentOS6) is End of Life

Summary IBM QRadar SIEM's App Framework V1, based on CentOS 6, contains known vulnerabilities and is based on technologies that are no longer being supported. Vulnerability Details CVEID: CVE-2019-9636 DESCRIPTION: Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a...

9.8CVSS9.5AI score0.62906EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/07 7:14 p.m.82 views

Security Bulletin: This Power System firmware update is being released to address DHCP issue number CVE-2018-5732

Summary POWER9/POWER8: In response to a recently reported DHCP client security vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-5732. Vulnerability Details CVEID: CVE-2018-5732 DESCRIPTION: ISC DHCP is...

7.5CVSS0.2AI score0.0496EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/03 6:47 p.m.82 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-7226 DESCRIPTION: Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decod...

9.8CVSS9AI score0.78684EPSS
Exploits33Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/14 4:55 p.m.82 views

Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified

Summary IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerabilities. Vulnerability Details CVEID: CVE-2021-20254 DESCRIPTION: Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a coding error when converting...

6.8CVSS0.8AI score0.01616EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/04 11:10 p.m.82 views

Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the...

5.8CVSS1.6AI score0.09149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/17 5:40 p.m.83 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2799 DESCRIPTION: An unspecified...

7.4CVSS1.6AI score0.15141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:7 a.m.82 views

Security Bulletin: TS3310 is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability to expose 64k of...

7.5CVSS0.9AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.82 views

Security Bulletin: Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1819, CVE-2015-5600, CVE-2015-7183, CVE-2015-7181, CVE-2015-7182)

Summary Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the...

9.8CVSS2AI score0.10238EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 7:44 p.m.81 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 004 Vulnerability Details CVEID:CVE-2023-26965 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the loadImage function in /libtiff/tools/tiffcrop.c. By...

7.5CVSS7.8AI score0.46836EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:38 p.m.81 views

Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to gain...

9.8CVSS10AI score0.02919EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 9:23 a.m.81 views

Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit

Summary The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable, as per the CVEs listed in the Vulnerability Details section. These vulnerabilities affect some development tasks in the product toolkit. CVE-2022-29599 and CVE-2020-10683 only affect Test and Java...

9.8CVSS9.9AI score0.86503EPSS
Exploits12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 3:3 p.m.81 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2020-35491 DESCRIPTION: FasterXML jackson-databind could allow a remote attack...

9.8CVSS9.6AI score0.20135EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 10:18 p.m.81 views

Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018

Summary TCG Trusted Platform Module code is used by PowerVM to support virtual TPM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2023-1017 and CVE-2023-1018, by upgrading PowerVM and thus addressing the exposure to the TCG TPM vulnerability. Vulnerability Details...

7.8CVSS7.1AI score0.05552EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.81 views

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the Apache Tomcat component affect the product's management GUI. The CLI interface is unaffected. The applicable CVEs are CVE-2016-5385 CVE-2016-5386 CVE-2016-5387 CVE-2016-5388. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker t...

8.1CVSS7.3AI score0.55724EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/13 8:58 p.m.81 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2022-34165)

Summary An HTTP header injection vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5,...

5.4CVSS5.4AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:41 p.m.81 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...

5.9CVSS5.9AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 2:38 p.m.81 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library

Summary IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library leading to a denial of service or arbitrary code execution. Vulnerability Details CVEID: CVE-2022-25313 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by stack exhaustion in buildmodel...

9.8CVSS1.2AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.81 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. This bulletin also addresse...

5CVSS5AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 5:3 a.m.81 views

Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)

Summary Apache Log4j was used by 2 of the third party components used in Datacap as part of its logging infrastructure. The fix includes Apache Log4j v.2.17.1 for one of these third party component used in Datacap. The fix removes Apache Log4j for second third party component used in Datacap...

7.5CVSS1.2AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 3:20 a.m.81 views

Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises

Summary IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below. The recommended solution is to upgrade to Fix Pack version...

7.5CVSS6AI score0.01457EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/20 8:35 p.m.81 views

Security Bulletin: IBM Security Guardium is vulnerable to a denial of service vulnerability in Apache log4j2 component (CVE-2021-45105 & CVE-2021-45046)

Summary IBM Security Guardium is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. IBM Security Guardium has addressed the vulnerabilities with an upgrade. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS0.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/06 5:6 p.m.81 views

Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i

Summary IBM HTTP Server powered by Apache for i is vulnerable to the issues described in the vulnerability details section. IBM i has addressed the applicable CVEs in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable t...

9.8CVSS8.8AI score0.99999EPSS
Exploits5Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/24 6:44 p.m.81 views

Security Bulletin: Vulnerabilities in Apache Ant affect IBM Installation Manager and IBM Packaging Utility

Summary Vulnerabilities have been identified in the Apache Ant shipped with IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed these applicable CVEs. Vulnerability Details CVEID: CVE-2021-36374 DESCRIPTION: Apache Ant is...

5.5CVSS6AI score0.0262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/24 10:31 p.m.81 views

Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712

Summary OpenSSL is provided as an API available to application developers on IBM i. The OpenSSL APIs on IBM i are vulnerable to the issues described in the vulnerability details section. The applicability of each vulnerability is determined by an application's specific use of OpenSSL. IBM i has...

9.8CVSS9AI score0.87816EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/10 2:15 p.m.81 views

Security Bulletin: Multiple vulnerabilities in ICU libraries used in IBM DataPower Gateway

Summary IBM has addressed the following vulnerabilities in the ICU libraries used by drouter: CVE-2014-8147, CVE-2014-8146, CVE-2017-14952, CVE-2020-10531, Vulnerability Details CVEID: CVE-2014-8147 DESCRIPTION: ICU Project ICU4C library could allow a local attacker execute arbitrary code on the...

9.8CVSS9.1AI score0.2447EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/21 7:55 p.m.81 views

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in the kernel

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2015-2922 DESCRIPTION: Linux Kernel, built with the IPv6 networking supportCONFIGIPV6, is vulnerable to a denial of service, caused by the improper handling of Router...

7.8CVSS6.7AI score0.98745EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.81 views

Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

Summary IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. Vulnerability Details CVEID: CVE-2019-2610 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technolo...

8.2CVSS1.3AI score0.01684EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/07 3:25 p.m.81 views

Security Bulletin: IBM Informix Client SDK is affected by GSKIT vulnerabilities

Summary IBM Informix Client SDK has addressed the issues reported for the following GSKIT vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit...

10CVSS0.9AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/12 4:10 p.m.81 views

Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition affect IBM Transformation Extender

Summary There are vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 and 8, IBM SDK, Java Technology Edition Version 8 and Eclipse Open J9 that affect IBM Transformation Extender. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified vulnerability in...

7.2CVSS2AI score0.02984EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000