Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:17 a.m.79 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions,...

9.8CVSS9.7AI score0.9378EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:51 a.m.79 views

Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.

Summary Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities, listed in multiple CVEs CVE-2023-34981, CVE-2022-1471, CVE-2022-4065, CVE-2021-23450, CVE-2021-23450, CVE-2022-40151, CVE-2022-41966, CVE-2023-41080, CVE-2022-48285, CBE-2020-11971, CVE-2023-28709,...

9.8CVSS9.9AI score0.99615EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 10:29 p.m.79 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.1 Vulnerability Details CVEID:CVE-2024-32465 DESCRIPTION: Git could allow a physical attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a specially crafted request, an...

9.8CVSS9.2AI score0.01491EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 1:13 p.m.79 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS9.1AI score0.99957EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 10:0 a.m.79 views

Security Bulletin: IBM MQ Appliance is vulnerable to open redirect due to follow-redirects (CVE-2023-26159)

Summary Follow-redirects is used by IBM MQ Appliance as part of the MQ Console. CVE-2023-26159. Vulnerability Details CVEID: CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit...

7.3CVSS6.1AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 7:58 p.m.79 views

Security Bulletin: Security vulnerability in IBM Datacap Navigator plugin

Summary Due to an issue in the client-side Dynamsoft Service, IBM Datacap Navigator plugin is at risk for malicious code to be executed remotely. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 275484 DESCRIPTION: Due to inadequate...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 10:38 a.m.79 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper...

9.8CVSS10AI score0.76768EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/20 9:35 a.m.79 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

Summary IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron CVE-2023-4863. Electron is used for Discovery Connectors in IBM App Connect Enterprise. Vulnerability Details CVEID:CVE-2023-4863 DESCRIPTION: Google Chrome is vulnerable to a heap-based buffer...

8.8CVSS9.2AI score0.99735EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 7:46 p.m.79 views

Security Bulletin: Apache Kafka is vulnerable to CVE-2022-34917 and CVE-2023-25194 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Kafka which is vulnerable to CVE-2022-34917 and CVE-2023-25194. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a...

8.8CVSS8.6AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/04 3:21 p.m.79 views

Security Bulletin: IBM Virtualization Engine TS7700 is vulnerable to a privilege escalation threat (CVE-2023-24958)

Summary IBM Virtualization Engine TS7700 is vulnerable to a privilege escalation threat CVE-2023-24958. IBM Virtualization Engine TS7700 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24958 DESCRIPTION: A vulnerability in the IBM TS7700 Management Interface could allow an...

8.8CVSS9.2AI score0.01091EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/26 3:33 p.m.79 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.1 Vulnerability Details CVEID:CVE-2023-0767 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.8CVSS10AI score0.8377EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.79 views

Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

Summary Security Bulletin: Vulnerabilities in Network Security Services NSS and Netscape Portable Runtime NSPR affect IBM SAN Volume Controller and Storwize Family CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545 Vulnerability Details Security Bulletin ---...

10CVSS8.9AI score0.06381EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 7:38 p.m.79 views

Security Bulletin: IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities.

Summary IBM Navigator for i provides server administration functionality for IBM i. An authenticated user with authority to interact with IBM Navigator for i is able to download log files, view file attributes, and perform SQL injection attacks as described in the vulnerability details section. I...

6.3CVSS4.9AI score0.00989EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 8:8 p.m.79 views

Security Bulletin: Vulnerability in bpmn affects IBM Process Mining . WS-2019-0148

Summary There is a vulnerability in bpmn that could allow a remote attacker to execute a malicious script due to XSS. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details IBM X-Force ID: 221056 DESCRIPTION...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 5:38 a.m.79 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-2068, CVE-2022-2097)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands ...

10CVSS8.8AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.79 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2020-11023)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input by the option elements CVE-2020-11023. jQuery is used by the runtime components included in IBM Watson Speech. Please read...

6.9CVSS6.5AI score0.8383EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.79 views

Security Bulletin: A vulnerability in Apache Tomcat affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary A vulnerability in Apache Tomcat affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2022-23181 DESCRIPTION: Apache Tomcat could allow a local authenticated attacker to gain...

7CVSS6.8AI score0.00692EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 5:45 p.m.79 views

Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Sterling Order Management as part of its web application framework used for creating Java EE web applications . We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 29. Vulnerability Details...

10CVSS10AI score0.99998EPSS
Exploits122Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.79 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-4104, CVE-2021-45046)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a securi...

9.2AI score0.99977EPSS
Exploits41Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/08 12:25 p.m.79 views

Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 - CVE-2021-44832

Summary Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. Apache...

8.5CVSS2.3AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/27 12:33 p.m.79 views

Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-46669, CVE-2022-24048, MariaDB - 219814, MariaDB - 219815, CVE-2022-24050, CVE-2022-24052

Summary Summary guidance: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used and it is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the processing of SQL queries. The specific flaw exists...

7.8CVSS2.7AI score0.02403EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 7:47 p.m.79 views

Security Bulletin: IBM Security Verify Adapters are vulnerable to denial of service and bypass security restrictions due to OpenSSL (CVE-2021-3449, CVE-2021-3450)

Summary OpenSSL is used by the IBM Security Verify Adapters as part of its SSL communication. IBM Security Verify Adapters are vulnerable to denial of service CVE-2021-3449 and could allow a remote attacker to bypass security restrictions CVE-2021-3450 The fix includes OpenSSL version 1.1.1k...

7.4CVSS2.2AI score0.62906EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/07 9:20 p.m.80 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21360)

Summary An unspecified vulnerability in Java SE - CVE-2022-21360 related to the ImageIO component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...

5.3CVSS1.4AI score0.03486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/29 6:27 a.m.79 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

7.8CVSS7.2AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/24 10:26 p.m.79 views

Security Bulletin: Vulnerability in AIX nimsh (CVE-2022-22351)

Summary UPDATED Mar 24 See Change History: There is a vulnerability in the AIX nimsh daemon. Vulnerability Details CVEID: CVE-2022-22351 DESCRIPTION: IBM AIX could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh...

8.6CVSS8.2AI score0.01174EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 12:58 p.m.79 views

Security Bulletin: IBM Operational Decision Manager is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) .

Summary The Rule Designer client shipped with IBM Operational Decision Manager includes Apache Log4j CVE-2021-45105 and CVE-2021-45046 which contains vulnerable code. The fix removes Apache Log4j. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

10CVSS7.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 6:1 p.m.79 views

Security Bulletin: IBM Integrated Analytics System is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j is used by IBM Integrated Analytics System in the Db2 warehouse container as part of its logging infrastructure. The fix includes includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused b...

10CVSS1.3AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 1:14 p.m.79 views

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for Email (CVE-2021-45105)

Summary Apache Log4j open source library is used by Content Collector for Email. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protec...

5.9CVSS0.7AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/10 2:48 p.m.79 views

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44832) shipped with IBM Workload Scheduler

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. Information about security vulnerabilities affecting WAS have been published in security bulletins, and IBM recommends th...

0.8AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 3:43 p.m.79 views

Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Symphony

Summary Log4j is used by IBM Spectrum Symphony for generating logs in some of its components. This bulletin provides patches for the Log4Shell vulnerability CVE-2021-44228 to IBM Spectrum Symphony. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 2:40 a.m.79 views

Security Bulletin: IBM Planning Analytics 2.0: Apache Log4j Vulnerabilities (CVE-2021-45046 & CVE-2021-45105)

Summary Within IBM Planning Analytics 2.0, only the IBM Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilties. Apache Log4j is used by IBM Planning Analytics Workspace as part of its logging infrastructure. This bulletin addresses the exposure to...

10CVSS0.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:45 a.m.79 views

Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console

Summary Power Hardware Management Console is affected by security vulnerabilities in the Linux Kernel. Power Hardware Management Console has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-10229 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code...

10CVSS8.6AI score0.12791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:5 p.m.79 views

Security Bulletin: Vulnerabilities in Kernel affect Power Hardware Management Console

Summary Kernel is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details Relevant CVE Information: CVEID: CVE-2018-1000004 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sound system. A remote...

10CVSS1.1AI score0.52189EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/02 10:11 p.m.79 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-20386 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory leak in the buttonopen function in...

9.8CVSS0.9AI score0.17939EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/26 10:55 p.m.79 views

Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2020-11868, CVE-2020-13817, and CVE-2020-15025)

Summary There are vulnerabilities in NTPv4 that affect AIX. Vulnerability Details CVEID: CVE-2020-15025 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a memory leak when a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file in ntpd. By sending...

7.5CVSS0.2AI score0.04071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.79 views

Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2015-8380, CVE-2015-8382, CVE-2015-8391)

Summary The PCRE pcreexec buffer overflow vulnerabilities affect IBM Netezza SQL Extensions Toolkit. Vulnerability Details CVEID: CVE-2015-8380 DESCRIPTION: PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of a pattern with a \01 string by the pcreexec function...

9.8CVSS1.3AI score0.06404EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/03 11:45 p.m.79 views

Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Solr was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2017-12629 DESCRIPTION: Apache Lucene could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of XML External Entity XXE entries...

9.8CVSS1.2AI score0.91896EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.79 views

Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL...

7.5CVSS1AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/28 5:5 p.m.79 views

Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-16276 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper bounds checking in the yurexread function in drivers/usb/misc/yurex.cr. By sending a specially-crafte...

10CVSS0.5AI score0.74041EPSS
Exploits47Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/01 6:52 p.m.79 views

Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-12163, CVE-2017-12151, CVE-2017-12150)

Summary Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method that: - could allow a remote authenticated attacker to obtain sensitive information, caused by a memory leak over SMB1 CVE-2017-12163 - could provide weaker than expected security, caused by the failure to...

7.4CVSS0.5AI score0.13228EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/10 8:34 a.m.79 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2016-8743)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products and...

7.5CVSS0.9AI score0.13252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.79 views

Action required for IBM MQ on AWS Quick Start for security vulnerabilities in Ubuntu.

Abstract Ubuntu is shipped as a component of IBM MQ in AWS Quick Start. Information about a security vulnerability affecting Ubuntu has been published in a security bulletin. Content Please consult Ubuntu's security bulletin Information Leak via speculative execution side channel attacks...

5.6CVSS2.6AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.79 views

Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM PureApplication System.

Summary Nine OpenSSL vulnerabilities were disclosed in August 2014. This bulletin addresses the two vulnerabilities that are applicable to virtual machines which are deployed by IBM PureApplication System using the IBM OS Image for Red Hat Linux Systems and the IBM OS Image for AIX Systems...

6.8CVSS0.9AI score0.23292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:1 a.m.79 views

Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Bash is available in Red Hat Linux virtual machine images that can be deployed by using IBM Workload Deployer. Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory...

10CVSS0.9AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/02 10:36 p.m.78 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation. IBM WebSphere Liberty Profile is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to...

7.5CVSS8.6AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 8:29 a.m.78 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases

Summary IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases. This bulletin identifies the steps required to address these...

8.8CVSS9.8AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/01 10:52 a.m.78 views

Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary The certificate for a remote system in a policy-based replication partnership is not correctly validated in the GUI on IBM Storage Virtualize products. Vulnerability Details CVEID:CVE-2023-47700 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtuali...

7.5CVSS6.7AI score0.00546EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 11:1 a.m.78 views

Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable to CVE-2023-42282. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to...

9.8CVSS9.4AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 6:36 p.m.78 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)

Summary UPDATED May 17 Corrected the affected fileset levels for AIX 7.2 TL5 and removed bos.net.tcp.bind 7.2.5.200.: A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795. AIX uses ISC BIND as part of i...

7.5CVSS7.1AI score0.02299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/20 10:22 a.m.78 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

9.8CVSS8.4AI score0.05664EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000