Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/10/11 1:3 p.m.81 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...

7.5CVSS7.3AI score0.99298EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 2:38 p.m.81 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library

Summary IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library leading to a denial of service or arbitrary code execution. Vulnerability Details CVEID: CVE-2022-25313 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by stack exhaustion in buildmodel...

9.8CVSS1.2AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.81 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. This bulletin also addresse...

5CVSS5AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 5:3 a.m.81 views

Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)

Summary Apache Log4j was used by 2 of the third party components used in Datacap as part of its logging infrastructure. The fix includes Apache Log4j v.2.17.1 for one of these third party component used in Datacap. The fix removes Apache Log4j for second third party component used in Datacap...

7.5CVSS1.2AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 3:20 a.m.81 views

Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises

Summary IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below. The recommended solution is to upgrade to Fix Pack version...

7.5CVSS6AI score0.01457EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/20 8:35 p.m.81 views

Security Bulletin: IBM Security Guardium is vulnerable to a denial of service vulnerability in Apache log4j2 component (CVE-2021-45105 & CVE-2021-45046)

Summary IBM Security Guardium is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. IBM Security Guardium has addressed the vulnerabilities with an upgrade. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS0.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/06 5:6 p.m.81 views

Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i

Summary IBM HTTP Server powered by Apache for i is vulnerable to the issues described in the vulnerability details section. IBM i has addressed the applicable CVEs in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable t...

9.8CVSS8.8AI score0.99999EPSS
Exploits5Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/24 6:44 p.m.81 views

Security Bulletin: Vulnerabilities in Apache Ant affect IBM Installation Manager and IBM Packaging Utility

Summary Vulnerabilities have been identified in the Apache Ant shipped with IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed these applicable CVEs. Vulnerability Details CVEID: CVE-2021-36374 DESCRIPTION: Apache Ant is...

5.5CVSS6AI score0.0262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.81 views

Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By...

9.8CVSS1.3AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/24 10:31 p.m.81 views

Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712

Summary OpenSSL is provided as an API available to application developers on IBM i. The OpenSSL APIs on IBM i are vulnerable to the issues described in the vulnerability details section. The applicability of each vulnerability is determined by an application's specific use of OpenSSL. IBM i has...

9.8CVSS9AI score0.87816EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/10 2:15 p.m.81 views

Security Bulletin: Multiple vulnerabilities in ICU libraries used in IBM DataPower Gateway

Summary IBM has addressed the following vulnerabilities in the ICU libraries used by drouter: CVE-2014-8147, CVE-2014-8146, CVE-2017-14952, CVE-2020-10531, Vulnerability Details CVEID: CVE-2014-8147 DESCRIPTION: ICU Project ICU4C library could allow a local attacker execute arbitrary code on the...

9.8CVSS9.1AI score0.2447EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/21 7:55 p.m.81 views

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in the kernel

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2015-2922 DESCRIPTION: Linux Kernel, built with the IPv6 networking supportCONFIGIPV6, is vulnerable to a denial of service, caused by the improper handling of Router...

7.8CVSS6.7AI score0.98745EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.81 views

Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

Summary IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. Vulnerability Details CVEID: CVE-2019-2610 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technolo...

8.2CVSS1.3AI score0.01684EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/07 3:25 p.m.81 views

Security Bulletin: IBM Informix Client SDK is affected by GSKIT vulnerabilities

Summary IBM Informix Client SDK has addressed the issues reported for the following GSKIT vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit...

10CVSS0.9AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/12 4:10 p.m.81 views

Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition affect IBM Transformation Extender

Summary There are vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 and 8, IBM SDK, Java Technology Edition Version 8 and Eclipse Open J9 that affect IBM Transformation Extender. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified vulnerability in...

7.2CVSS2AI score0.02984EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/06 3:58 a.m.81 views

Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.53 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-1938, CVE-2020-1935 and CVE-2019-17569 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apach...

9.8CVSS0.6AI score0.9927EPSS
Exploits45Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.81 views

Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator

Summary There are multiple security vulnerabilities in ActiveMQ that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2011-4905 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when handling an openwire connection...

9.8CVSS1.4AI score0.38191EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 5:5 a.m.81 views

Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.

Summary Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities. Vulnerability Details CVE-ID: CVE-2019-9516 Description: Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By...

7.8CVSS1.2AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.81 views

Security Bulletin: Vulnerabilities in Bash affect certain IBM N Series products (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM N Series products using certain versions of the following: Data...

10CVSS2.2AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:38 a.m.80 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open Source Software OSS components used by IBM Cognos Analytics. Additionally, Cognos Analytics is vulnerable to an XML External Entity Injection XXE. For more information about the vulnerability impact, refer to t...

9.8CVSS9.3AI score0.03283EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/02 10:36 p.m.80 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation. IBM WebSphere Liberty Profile is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to...

7.5CVSS8.6AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/04 5:42 p.m.80 views

Security Bulletin: IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377)

Summary IBM QRadar SIEM is vulnerable to AJP Smuggling to Response Queue Poisoning. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of...

7.5CVSS8.6AI score0.19008EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/14 3:4 p.m.80 views

Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms offered,...

5.9CVSS6.4AI score0.93305EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 4:46 p.m.80 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products (CVE-2023-45648, CVE-2023-42795, CVE-2023-46589, CVE-2024-21733)

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing HTTP request smuggling and the obtaining of sensitive information. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to...

7.5CVSS7.3AI score0.14286EPSS
Exploits5Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 7:45 p.m.80 views

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.

Summary Unbound is used by IBM Robotic Process Automation for Cloud Pak as part of antivirus functionality. CVE-2019-25033. ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. CVE-2022-3094. GNU Binutils is used by IBM Robotic Process Automation for Cloud Pak a...

9.8CVSS8.9AI score0.13108EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/03 6:56 p.m.80 views

Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)

Summary IBM Personal Communications is susceptible to unauthorized access vulnerability when running on a compromised system by the victim opening a mail with a malicious attachment or visiting a malicious website. Malware could run with user privileges but not necessarily having access to the...

6.2CVSS6.3AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 6:55 p.m.80 views

Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Advisor With Watson App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by...

7.6CVSS7.8AI score0.69355EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 7:11 a.m.80 views

Security Bulletin: IBM Event Streams is affected by vulnerabilities in the jsonwebtoken package (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541)

Summary These security vulnerabilities affect jsonwebtoken that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementati...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:16 p.m.80 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)

Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Tomcat is vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload function. By sending a specially-crafted request with a series of uploads, a...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.80 views

Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

Summary Security Bulletin: Vulnerabilities in Network Security Services NSS and Netscape Portable Runtime NSPR affect IBM SAN Volume Controller and Storwize Family CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545 Vulnerability Details Security Bulletin ---...

10CVSS8.9AI score0.06381EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.80 views

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSSH which the IBM FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-6515 and CVE-2016-6210 could make the system susceptible to attacks which could allow an attacker to consume all available CPU resources or to enumerate users ...

7.8CVSS7.4AI score0.88944EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 8:54 p.m.80 views

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-1587)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-1587 DESCRIPTION: PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the getrecursedatalength function in the...

9.1CVSS9.2AI score0.02413EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 3:9 p.m.80 views

Security Bulletin: OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786

Summary OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate...

7.5CVSS8.5AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/20 4:55 p.m.80 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml and jackson-databind

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml CVE-2022-38751, CVE-2022-38752, CVE-2022-38750, CVE-2022-25857, CVE-2022-38749, CVE-2022-41854 and jackson-databind CVE-2022-42003, CVE-2022-42004. The resolving fi...

7.5CVSS7.3AI score0.02824EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:36 p.m.80 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of "Arrays.equals" to validate a password or key. By...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/28 3:9 a.m.80 views

Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2022-21496)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow...

5.3CVSS6AI score0.02805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.80 views

Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary IBM Business Process Manager and IBM Business Automation Workflow are affected by multiple security vulnerabilities found in Swagger UI. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput functio...

6.7AI score0.87218EPSS
Exploits9Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:26 a.m.80 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server cou...

6.8CVSS6.4AI score0.85744EPSS
Exploits7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.80 views

Security Bulletin: Vulnerabilities in Bash affect IBM/Cisco Switches and Directors (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM/Cisco switches and directors. Vulnerability Details CVE-ID :...

10CVSS9.3AI score0.99999EPSS
Exploits158Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/16 7:40 p.m.80 views

Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

Summary A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. Vulnerability Details...

7.5CVSS7.7AI score0.10608EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 5:31 a.m.80 views

Security Bulletin: Multiple security vulnerabilities have been identified in Elasticsearch shipped with IBM Tivoli Netcool Impact

Summary Elasticsearch is shipped with IBM Tivoli Netcool Impact, Information about multiple security vulnerabilities affecting elasticsearch has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-7020 DESCRIPTION: Elastic Enterprise Search could allow a remote...

8.1CVSS0.5AI score0.02149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/12 2:52 p.m.80 views

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2021-4160)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...

5.9CVSS1AI score0.03803EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/11 4:22 p.m.80 views

Security Bulletin: IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104)

Summary IBM Security Guardium has resolved CVE-2021-4104 with an appliance patch. Apache log4j is used as part of its logging infrastructure. The patch removes log4j 1.x from the Guardium system and replaces it with log4j2 V2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache...

7.5CVSS1AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.80 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Global Name Management 5.0 (CVE-2014-4263) and (CVE-2014-4244)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Global Name Management. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEI...

4CVSS5.2AI score0.03501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 2:28 p.m.80 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library (CVE-2022-23852 and CVE-2022-23990)

Summary IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library. This fix provides an upgrade to the Expat library. Vulnerability Details CVEID: CVE-2022-23852 DESCRIPTION: Expat aka libexpat could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS1.4AI score0.04525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/30 3:22 p.m.80 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2022-21741 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero condition in the implementation of depthwise convolutions in...

9.8CVSS8.5AI score0.01173EPSS
Exploits47Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/29 6:27 a.m.80 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

7.8CVSS7.2AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 3:41 p.m.80 views

Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35578).

Summary IBM License Metric Tool is vulnerable to attacks related to Java TLS vulnerability. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system...

9.8CVSS8.5AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/21 11:39 a.m.80 views

Security Bulletin: Apache Log4j vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2021-44228)

Summary IBM Watson Knowledge Catalog in Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-44228 and is used for logging. Customers are encouraged to take quick action to update their systems to Apache Log4j 2.15.0. Vulnerability Details CVEID: CVE-2021-4422...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/04 11:3 a.m.80 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Nov 2021 CPU (CVE-2021-41035, CVE-2021-35578, CVE-2021-35586, CVE-2021-35564, CVE-2021-35561, CVE-2021-35565, CVE-2021-35567)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Nov 2021. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

1.9AI score0.06886EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000