Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/07/10 8:34 a.m.79 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2016-8743)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products and...

7.5CVSS0.9AI score0.13252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.79 views

Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)

Summary There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive...

7.5CVSS0.4AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.79 views

Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM PureApplication System.

Summary Nine OpenSSL vulnerabilities were disclosed in August 2014. This bulletin addresses the two vulnerabilities that are applicable to virtual machines which are deployed by IBM PureApplication System using the IBM OS Image for Red Hat Linux Systems and the IBM OS Image for AIX Systems...

6.8CVSS0.9AI score0.23292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:1 a.m.79 views

Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Bash is available in Red Hat Linux virtual machine images that can be deployed by using IBM Workload Deployer. Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory...

10CVSS0.9AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 8:29 a.m.78 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases

Summary IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases. This bulletin identifies the steps required to address these...

8.8CVSS9.8AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/01 10:52 a.m.78 views

Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary The certificate for a remote system in a policy-based replication partnership is not correctly validated in the GUI on IBM Storage Virtualize products. Vulnerability Details CVEID:CVE-2023-47700 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtuali...

7.5CVSS6.7AI score0.00546EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 11:1 a.m.78 views

Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable to CVE-2023-42282. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to...

9.8CVSS9.4AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 2:1 a.m.78 views

Security Bulletin: IBM Spectrum Symphony provides upgraded software packages to address known CVEs

IBM Spectrum Symphony Fix 601860 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601860. IBM Spectrum Symphony 7.3.2 with Fix 601860 is a security fix that provides upgraded versions of software packages included with IBM Spectrum...

8.1CVSS7.9AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 6:36 p.m.78 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)

Summary UPDATED May 17 Corrected the affected fileset levels for AIX 7.2 TL5 and removed bos.net.tcp.bind 7.2.5.200.: A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795. AIX uses ISC BIND as part of i...

7.5CVSS7.1AI score0.02299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 1:59 p.m.78 views

Security Bulletin: IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. IBM Cognos Analytics is vulnerable to an Arbitrary File Write via Archive Extraction Zip Slip in JSZip CVE-2022-48285. This has been addressed by upgrading JZIP to a non-vulnerable version. A Server-Side Request Forgery...

7.3CVSS7.7AI score0.01411EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:37 p.m.78 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...

5.9CVSS6AI score0.00475EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 6:57 p.m.78 views

Security Bulletin: IBM MQ is affected by an issue in IBM WebSphere Application Server Liberty (CVE-2023-24998)

Summary A denial of service issue was identified in IBM WebSphere Application Server Liberty due to Apache Commons FileUpload, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 7:18 a.m.78 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-23477)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

9.8CVSS9.1AI score0.01949EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 11:26 a.m.78 views

Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records

Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted reques...

9.8CVSS6.8AI score0.7848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:57 p.m.78 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2012-5783)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have...

7AI score0.09254EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 1:29 a.m.78 views

Security Bulletin: IBM MQ and IBM WebSphere MQ are affected by Side channel attacks on modular exponentiation (CVE-2016-0702)

Summary IBM MQ and WebSphere MQ have addressed CVE-2016-0702 The GSKit cryptographic libraries supplied with MQ are impacted by the same issue described in the OpenSSL disclosure. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive...

5.1CVSS6.2AI score0.0191EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/17 9:46 a.m.78 views

Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

Summary Multiple Vulnerabilities have been found in Node.js used by the Common UI Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-7660 DESCRIPTION: serialize-javascript could allow a remote attacker to execute arbitrary code on the...

9.8CVSS10AI score0.04456EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 2:53 p.m.78 views

Security Bulletin: Multiple vulnerabilities in the Golang language affect IBM Event Streams

Summary This security vulnerability affects Golang that is used by the IBM Event Streams CLI component Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in...

9.1CVSS0.6AI score0.03958EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/15 1:17 a.m.78 views

Security Bulletin: Vulnerablity in Apache Log4j affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2021-44228)

Summary The following security vulnerability has been identified in the WebSphere Application Server. Apache Log4j 2.x is not used by IBM Tivoli Composite Application Manager for Application Diagnostics, but log4j-1.2.4.jar is present in one of the ear files installed on WebSphere Application...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/14 8:12 p.m.78 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

Summary IBM Sterling Connect:Direct for UNIX Certified Container is hosted by Red Hat Universal Base Image. Due to use of Red Hat Universal Base Image and binutils package, IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to the following: buffer overflow CVE-2019-20838,...

9.8CVSS9.6AI score0.50732EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 5:37 p.m.78 views

Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)

Summary Apache HTTP Server as used by IBM QRadar SIEM contains multiple vulnerabilities which include buffer overflow and denial of service. Vulnerability Details CVEID: CVE-2021-44790 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the...

9.8CVSS10.1AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 3:49 p.m.78 views

Security Bulletin: IBM Cloud Pak for Network Automation is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Cloud Pak for Network Automation as part of its logging functionality. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the...

10CVSS0.6AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/03 8:47 p.m.78 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2021) affects IBM InfoSphere Information Server (CVE-2021-2341 CVE-2021-35578 CVE-2021-35564)

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified...

5.3CVSS6.5AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/10 10:29 a.m.78 views

Security Bulletin: Vulnerability in Linux Kernel affects IBM Spectrum Copy Data Management (CVE-2021-29650)

Summary A denial of service vulnerability in the Linux Kernel may affect IBM Spectrum Copy Data Management Vulnerability Details CVEID: CVE-2021-29650 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table val...

5.5CVSS6.2AI score0.00413EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 11:20 p.m.78 views

Security Bulletin: Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Jackson, jQuery, and Dom4j, such as execution of arbitrary code, cross-site scripting, and obtaining sensitive information, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2020-24616 DESCRIPTION: FasterXML jackson-databind could allow a...

9.8CVSS8.3AI score0.99019EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/05 8:51 p.m.78 views

Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)

Summary IBM Sterling B2B Integrator has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker...

7.8CVSS1.7AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/02 6:4 p.m.78 views

Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-29608 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds and NULL pointer dereference flaw in "RaggedTensorToTensor". By...

7.8CVSS1.1AI score0.00287EPSS
Exploits60Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/10 8:52 p.m.78 views

Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules

Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.103.000.051 and Modules. Vulnerability Details CVEID: CVE-2021-22890 DESCRIPTION: cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a session tickets confusing issue when using a HTT...

8.1CVSS1AI score0.60122EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.78 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

9.8CVSS0.6AI score0.90338EPSS
Exploits7Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.78 views

Security Bulletin: OpenSSL vulnerabilities affect IBM Rational Team Concert (CVE-2016-1240, CVE-2016-6797, etc)

Summary OpenSSL vulnerabilities were disclosed recently by the OpenSSL Project. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1240 DESCRIPTION: Apache Tomcat could...

9.8CVSS0.8AI score0.95707EPSS
Exploits37Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/24 11:1 a.m.78 views

Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management

Summary Samba is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-1472 DESCRIPTION: Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by an error when establishing a...

10CVSS0.9AI score0.99512EPSS
Exploits75Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.78 views

Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938)

Summary Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code o...

9.8CVSS0.4AI score0.9927EPSS
Exploits45Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/01 7:21 a.m.79 views

Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS

Summary Vulnerabilities in libcurl and cURL affect Rational DOORS. Vulnerability Details CVEID: CVE-2016-8616 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protoco...

7.5CVSS0.4AI score0.05915EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/14 6:41 p.m.78 views

Security Bulletin: Vulnerabilities in Apache Commons Compress

Summary There are vulnerabilities in Appache Commons Compress used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an...

7.5CVSS1.5AI score0.16157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/16 3:45 p.m.78 views

Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111)

Summary Vulnerabilities in OpenSSH affect AIX. Vulnerability Details CVEID: CVE-2019-6109 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by missing character encoding in the progress display. A man-in-the-middle attacker could exploit this vulnerability to...

8.8CVSS0.9AI score0.58204EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/05 6:10 p.m.78 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784)

Summary Apache Tomcat Publicly disclosed vulnerability Vulnerability Details CVEID: CVE-2018-11784 Description: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability...

4.3CVSS0.7AI score0.94494EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/30 8:20 a.m.78 views

Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)

Summary Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Vulnerability Details Abstract Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Content Vulnerability Details: CVE ID: CVE-2011-4362 Description: Integer signedness error i...

7.5CVSS0.7AI score0.16246EPSS
Exploits14
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.78 views

Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)

Summary An Apache Struts vulnerability of arbitrary code execution was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts...

10CVSS0.2AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:18 p.m.78 views

Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details...

5.6CVSS0.7AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:39 p.m.78 views

Security Bulletin: IBM Cognos TM1 is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos TM1, These were disclosed in the 02/09/2015, 04/09/2015 and 05/14/2015 X-Force Reports. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version...

7.8CVSS6.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.78 views

Security Bulletin: Multiple vulnerabilities fixed in IBM HTTP Server (APAR PI22070)

Summary IBM HTTP Server is affected by multiple vulnerabilities. Vulnerability Details CVE ID: CVE-2014-0226 Description: The IBM HTTP server is vulnerable to a heap-based buffer overflow, caused by a race condition in the modstatus module when handling the scoreboard. By sending a...

6.8CVSS7.5AI score0.85744EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.77 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 5:28 p.m.77 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 9 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a...

9.8CVSS10AI score0.20459EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 2:33 p.m.77 views

Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...

7.8CVSS7.6AI score0.01429EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 9:17 a.m.77 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193, CVE-2023-50308, 268195)

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746,...

8.4CVSS8.4AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:50 p.m.77 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.

Summary Vulnerabilities in Puma and Amazon Ion were remediated in IBM Observability with Instana build 266. Vulnerability Details CVEID:CVE-2024-21647 DESCRIPTION: Puma is vulnerable to a denial of service, caused by incorrect behavior when parsing chunked transfer encoding bodies. By sending a...

7.5CVSS7.2AI score0.00958EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:0 p.m.77 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker...

9.8CVSS9.8AI score0.51733EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 3:7 p.m.77 views

Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server

Summary IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server Vulnerability Details CVEID:CVE-2023-27522 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header b...

9.8CVSS9.4AI score0.8377EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/04 6:17 p.m.77 views

Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)

Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...

7.5CVSS5.9AI score0.00643EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 11:30 a.m.77 views

Security Bulletin: A vulnerability has been identified in the IBM Spectrum Scale GUI where a remote authenticated user can execute commands [CVE-2022-45047]

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI that could allow a remote authenticated user to execute commands. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Apache MINA SSHD could allow a remote...

9.8CVSS9.6AI score0.03571EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000