Lucene search
K
IbmMost viewed

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:33 p.m.80 views

Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...

7.5CVSS0.2AI score0.10448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/04 5:50 p.m.80 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2369 DESCRIPTION: An unspecified vulnerability in Java SE related to the Library component could allow an...

4.3CVSS1.9AI score0.03701EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.80 views

Security Bulletin: Vulnerabilities in OpenSSH affect Power Hardware Management Console

Summary OpenSSH is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2015-6563 DESCRIPTION: OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in...

9.8CVSS7.6AI score0.37016EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/28 4:49 a.m.80 views

Security Bulletin: Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI

Summary Fixes are available for vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI CVE-2021-23926, CVE-2018-15494, CVE-2020-5258, CVE-2021-29425 and CVE-2020-11988. Vulnerability Details CVEID: CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of...

9.8CVSS1AI score0.10608EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/03 11:45 p.m.80 views

Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Solr was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2017-12629 DESCRIPTION: Apache Lucene could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of XML External Entity XXE entries...

9.8CVSS1.2AI score0.91896EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:32 a.m.80 views

Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

Summary OpenSSL is used by IBM Storwize V7000 Unified. IBM Storwize V7000 Unified has addressed the applicable CVEs. Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unfied for providing communication security by encrypting data being transmitted. CVEID: CVE-2017-3731 DESCRIPTION:...

7.5CVSS1AI score0.57595EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.80 views

Action required for IBM MQ on AWS Quick Start for security vulnerabilities in Ubuntu.

Abstract Ubuntu is shipped as a component of IBM MQ in AWS Quick Start. Information about a security vulnerability affecting Ubuntu has been published in a security bulletin. Content Please consult Ubuntu's security bulletin Information Leak via speculative execution side channel attacks...

5.6CVSS2.6AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:17 a.m.79 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions,...

9.8CVSS9.7AI score0.93305EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:51 a.m.79 views

Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.

Summary Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities, listed in multiple CVEs CVE-2023-34981, CVE-2022-1471, CVE-2022-4065, CVE-2021-23450, CVE-2021-23450, CVE-2022-40151, CVE-2022-41966, CVE-2023-41080, CVE-2022-48285, CBE-2020-11971, CVE-2023-28709,...

9.8CVSS9.9AI score0.99615EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 10:29 p.m.79 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.1 Vulnerability Details CVEID:CVE-2024-32465 DESCRIPTION: Git could allow a physical attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a specially crafted request, an...

9.8CVSS9.2AI score0.01491EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 1:13 p.m.79 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS9.1AI score0.99957EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 12:43 a.m.79 views

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details CVEID:CVE-2023-38371 DESCRIPTION: IBM Security Access Manager uses weaker than expected cryptographic algorithms that could...

7.8CVSS6.3AI score0.00705EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 10:0 a.m.79 views

Security Bulletin: IBM MQ Appliance is vulnerable to open redirect due to follow-redirects (CVE-2023-26159)

Summary Follow-redirects is used by IBM MQ Appliance as part of the MQ Console. CVE-2023-26159. Vulnerability Details CVEID: CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit...

7.3CVSS6.1AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 7:58 p.m.79 views

Security Bulletin: Security vulnerability in IBM Datacap Navigator plugin

Summary Due to an issue in the client-side Dynamsoft Service, IBM Datacap Navigator plugin is at risk for malicious code to be executed remotely. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 275484 DESCRIPTION: Due to inadequate...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 10:38 a.m.79 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper...

9.8CVSS10AI score0.76768EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/20 9:35 a.m.79 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

Summary IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron CVE-2023-4863. Electron is used for Discovery Connectors in IBM App Connect Enterprise. Vulnerability Details CVEID:CVE-2023-4863 DESCRIPTION: Google Chrome is vulnerable to a heap-based buffer...

8.8CVSS9.2AI score0.99735EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/20 10:22 a.m.79 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

9.8CVSS8.4AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 7:46 p.m.79 views

Security Bulletin: Apache Kafka is vulnerable to CVE-2022-34917 and CVE-2023-25194 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Kafka which is vulnerable to CVE-2022-34917 and CVE-2023-25194. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a...

8.8CVSS8.6AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/04 3:21 p.m.79 views

Security Bulletin: IBM Virtualization Engine TS7700 is vulnerable to a privilege escalation threat (CVE-2023-24958)

Summary IBM Virtualization Engine TS7700 is vulnerable to a privilege escalation threat CVE-2023-24958. IBM Virtualization Engine TS7700 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24958 DESCRIPTION: A vulnerability in the IBM TS7700 Management Interface could allow an...

8.8CVSS9.2AI score0.01091EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/26 3:33 p.m.79 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.1 Vulnerability Details CVEID:CVE-2023-0767 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.8CVSS10AI score0.8377EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.79 views

Security Bulletin: Vulnerabilities in IPv6 and MQ affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in the IPv6 and MQ components which affect the IBM FlashSystem™ 840 and IBM FlashSystem 900. An exploit of these vulnerabilities CVE-2016-10142 and CVE-2017-11176 could make the system susceptible to attacks which could allow an attacker to trigger a kernel panic...

8.6CVSS7.9AI score0.03631EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 7:38 p.m.79 views

Security Bulletin: IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities.

Summary IBM Navigator for i provides server administration functionality for IBM i. An authenticated user with authority to interact with IBM Navigator for i is able to download log files, view file attributes, and perform SQL injection attacks as described in the vulnerability details section. I...

6.3CVSS4.9AI score0.00989EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:43 p.m.79 views

Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in modproxyajp. An...

7.5CVSS8.5AI score0.19008EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 8:8 p.m.79 views

Security Bulletin: Vulnerability in bpmn affects IBM Process Mining . WS-2019-0148

Summary There is a vulnerability in bpmn that could allow a remote attacker to execute a malicious script due to XSS. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details IBM X-Force ID: 221056 DESCRIPTION...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 5:38 a.m.79 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-2068, CVE-2022-2097)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands ...

10CVSS8.8AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.79 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2020-11023)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input by the option elements CVE-2020-11023. jQuery is used by the runtime components included in IBM Watson Speech. Please read...

6.9CVSS6.5AI score0.8383EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.79 views

Security Bulletin: A vulnerability in Apache Tomcat affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary A vulnerability in Apache Tomcat affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2022-23181 DESCRIPTION: Apache Tomcat could allow a local authenticated attacker to gain...

7CVSS6.8AI score0.00692EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/22 5:9 p.m.79 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by...

6.5CVSS6.6AI score0.03566EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 5:45 p.m.79 views

Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Sterling Order Management as part of its web application framework used for creating Java EE web applications . We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 29. Vulnerability Details...

10CVSS10AI score0.99998EPSS
Exploits122Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.79 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-4104, CVE-2021-45046)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a securi...

9.2AI score0.99977EPSS
Exploits41Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/08 12:25 p.m.79 views

Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 - CVE-2021-44832

Summary Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. Apache...

8.5CVSS2.3AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/27 12:33 p.m.79 views

Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-46669, CVE-2022-24048, MariaDB - 219814, MariaDB - 219815, CVE-2022-24050, CVE-2022-24052

Summary Summary guidance: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used and it is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the processing of SQL queries. The specific flaw exists...

7.8CVSS2.7AI score0.02403EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 7:47 p.m.79 views

Security Bulletin: IBM Security Verify Adapters are vulnerable to denial of service and bypass security restrictions due to OpenSSL (CVE-2021-3449, CVE-2021-3450)

Summary OpenSSL is used by the IBM Security Verify Adapters as part of its SSL communication. IBM Security Verify Adapters are vulnerable to denial of service CVE-2021-3449 and could allow a remote attacker to bypass security restrictions CVE-2021-3450 The fix includes OpenSSL version 1.1.1k...

7.4CVSS2.2AI score0.62906EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/07 9:20 p.m.80 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21360)

Summary An unspecified vulnerability in Java SE - CVE-2022-21360 related to the ImageIO component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...

5.3CVSS1.4AI score0.03486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/24 10:26 p.m.79 views

Security Bulletin: Vulnerability in AIX nimsh (CVE-2022-22351)

Summary UPDATED Mar 24 See Change History: There is a vulnerability in the AIX nimsh daemon. Vulnerability Details CVEID: CVE-2022-22351 DESCRIPTION: IBM AIX could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh...

8.6CVSS8.2AI score0.01174EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 5:37 p.m.79 views

Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)

Summary Apache HTTP Server as used by IBM QRadar SIEM contains multiple vulnerabilities which include buffer overflow and denial of service. Vulnerability Details CVEID: CVE-2021-44790 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the...

9.8CVSS10.1AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 12:58 p.m.79 views

Security Bulletin: IBM Operational Decision Manager is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) .

Summary The Rule Designer client shipped with IBM Operational Decision Manager includes Apache Log4j CVE-2021-45105 and CVE-2021-45046 which contains vulnerable code. The fix removes Apache Log4j. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

10CVSS7.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 6:1 p.m.79 views

Security Bulletin: IBM Integrated Analytics System is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j is used by IBM Integrated Analytics System in the Db2 warehouse container as part of its logging infrastructure. The fix includes includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused b...

10CVSS1.3AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 1:14 p.m.79 views

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for Email (CVE-2021-45105)

Summary Apache Log4j open source library is used by Content Collector for Email. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protec...

5.9CVSS0.7AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/10 2:48 p.m.79 views

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44832) shipped with IBM Workload Scheduler

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. Information about security vulnerabilities affecting WAS have been published in security bulletins, and IBM recommends th...

0.8AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 3:43 p.m.79 views

Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Symphony

Summary Log4j is used by IBM Spectrum Symphony for generating logs in some of its components. This bulletin provides patches for the Log4Shell vulnerability CVE-2021-44228 to IBM Spectrum Symphony. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 6:59 a.m.79 views

Security Bulletin: Stored IQ for Legal is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)

Summary Apache Log4j is included in WebSphere Application Server Traditional, which is distributed with Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046 impacting Stored IQ for Legal application. Stored IQ for Legal uses Apache Log4j for logging...

10CVSS1.2AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 2:40 a.m.79 views

Security Bulletin: IBM Planning Analytics 2.0: Apache Log4j Vulnerabilities (CVE-2021-45046 & CVE-2021-45105)

Summary Within IBM Planning Analytics 2.0, only the IBM Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilties. Apache Log4j is used by IBM Planning Analytics Workspace as part of its logging infrastructure. This bulletin addresses the exposure to...

10CVSS0.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:45 a.m.79 views

Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console

Summary Power Hardware Management Console is affected by security vulnerabilities in the Linux Kernel. Power Hardware Management Console has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-10229 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code...

10CVSS8.6AI score0.12791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:5 p.m.79 views

Security Bulletin: Vulnerabilities in Kernel affect Power Hardware Management Console

Summary Kernel is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details Relevant CVE Information: CVEID: CVE-2018-1000004 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sound system. A remote...

10CVSS1.1AI score0.52841EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/02 10:11 p.m.79 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-20386 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory leak in the buttonopen function in...

9.8CVSS0.9AI score0.17939EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/26 10:55 p.m.79 views

Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2020-11868, CVE-2020-13817, and CVE-2020-15025)

Summary There are vulnerabilities in NTPv4 that affect AIX. Vulnerability Details CVEID: CVE-2020-15025 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a memory leak when a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file in ntpd. By sending...

7.5CVSS0.2AI score0.04071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.79 views

Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2015-8380, CVE-2015-8382, CVE-2015-8391)

Summary The PCRE pcreexec buffer overflow vulnerabilities affect IBM Netezza SQL Extensions Toolkit. Vulnerability Details CVEID: CVE-2015-8380 DESCRIPTION: PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of a pattern with a \01 string by the pcreexec function...

9.8CVSS1.3AI score0.06404EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.79 views

Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL...

7.5CVSS1AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/28 5:5 p.m.79 views

Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-16276 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper bounds checking in the yurexread function in drivers/usb/misc/yurex.cr. By sending a specially-crafte...

10CVSS0.5AI score0.74041EPSS
Exploits47Affected Software1
Total number of security vulnerabilities5000