Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:37 p.m.78 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...

5.9CVSS6AI score0.00475EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 6:57 p.m.78 views

Security Bulletin: IBM MQ is affected by an issue in IBM WebSphere Application Server Liberty (CVE-2023-24998)

Summary A denial of service issue was identified in IBM WebSphere Application Server Liberty due to Apache Commons FileUpload, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.78 views

Security Bulletin: Vulnerabilities in IPv6 and MQ affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in the IPv6 and MQ components which affect the IBM FlashSystem™ 840 and IBM FlashSystem 900. An exploit of these vulnerabilities CVE-2016-10142 and CVE-2017-11176 could make the system susceptible to attacks which could allow an attacker to trigger a kernel panic...

8.6CVSS7.9AI score0.03631EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:43 p.m.78 views

Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in modproxyajp. An...

7.5CVSS8.5AI score0.19008EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 7:18 a.m.78 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-23477)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

9.8CVSS9.1AI score0.01949EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 11:26 a.m.78 views

Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records

Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted reques...

9.8CVSS6.8AI score0.7848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:57 p.m.78 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2012-5783)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have...

7AI score0.09254EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 1:29 a.m.78 views

Security Bulletin: IBM MQ and IBM WebSphere MQ are affected by Side channel attacks on modular exponentiation (CVE-2016-0702)

Summary IBM MQ and WebSphere MQ have addressed CVE-2016-0702 The GSKit cryptographic libraries supplied with MQ are impacted by the same issue described in the OpenSSL disclosure. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive...

5.1CVSS6.2AI score0.0191EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.78 views

Security Bulletin: Vulnerabilities in Bash affect IBM/Cisco Switches and Directors (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM/Cisco switches and directors. Vulnerability Details CVE-ID :...

10CVSS9.3AI score0.99999EPSS
Exploits158Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/17 9:46 a.m.78 views

Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

Summary Multiple Vulnerabilities have been found in Node.js used by the Common UI Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-7660 DESCRIPTION: serialize-javascript could allow a remote attacker to execute arbitrary code on the...

9.8CVSS10AI score0.04456EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 2:53 p.m.78 views

Security Bulletin: Multiple vulnerabilities in the Golang language affect IBM Event Streams

Summary This security vulnerability affects Golang that is used by the IBM Event Streams CLI component Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in...

9.1CVSS0.6AI score0.03958EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/15 1:17 a.m.78 views

Security Bulletin: Vulnerablity in Apache Log4j affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2021-44228)

Summary The following security vulnerability has been identified in the WebSphere Application Server. Apache Log4j 2.x is not used by IBM Tivoli Composite Application Manager for Application Diagnostics, but log4j-1.2.4.jar is present in one of the ear files installed on WebSphere Application...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 5:37 p.m.78 views

Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)

Summary Apache HTTP Server as used by IBM QRadar SIEM contains multiple vulnerabilities which include buffer overflow and denial of service. Vulnerability Details CVEID: CVE-2021-44790 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the...

9.8CVSS10.1AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 3:49 p.m.78 views

Security Bulletin: IBM Cloud Pak for Network Automation is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Cloud Pak for Network Automation as part of its logging functionality. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the...

10CVSS0.6AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/03 8:47 p.m.78 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2021) affects IBM InfoSphere Information Server (CVE-2021-2341 CVE-2021-35578 CVE-2021-35564)

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified...

5.3CVSS6.5AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 6:59 a.m.78 views

Security Bulletin: Stored IQ for Legal is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)

Summary Apache Log4j is included in WebSphere Application Server Traditional, which is distributed with Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046 impacting Stored IQ for Legal application. Stored IQ for Legal uses Apache Log4j for logging...

10CVSS1.2AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 11:20 p.m.78 views

Security Bulletin: Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Jackson, jQuery, and Dom4j, such as execution of arbitrary code, cross-site scripting, and obtaining sensitive information, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2020-24616 DESCRIPTION: FasterXML jackson-databind could allow a...

9.8CVSS8.3AI score0.99019EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/05 8:51 p.m.78 views

Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)

Summary IBM Sterling B2B Integrator has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker...

7.8CVSS1.7AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/02 6:4 p.m.78 views

Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-29608 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds and NULL pointer dereference flaw in "RaggedTensorToTensor". By...

7.8CVSS1.1AI score0.00287EPSS
Exploits60Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/10 8:52 p.m.78 views

Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules

Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.103.000.051 and Modules. Vulnerability Details CVEID: CVE-2021-22890 DESCRIPTION: cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a session tickets confusing issue when using a HTT...

8.1CVSS1AI score0.60122EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.78 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

9.8CVSS0.6AI score0.90338EPSS
Exploits7Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.78 views

Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938)

Summary Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code o...

9.8CVSS0.4AI score0.9927EPSS
Exploits45Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/01 7:21 a.m.79 views

Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS

Summary Vulnerabilities in libcurl and cURL affect Rational DOORS. Vulnerability Details CVEID: CVE-2016-8616 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protoco...

7.5CVSS0.4AI score0.05915EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/14 6:41 p.m.78 views

Security Bulletin: Vulnerabilities in Apache Commons Compress

Summary There are vulnerabilities in Appache Commons Compress used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an...

7.5CVSS1.5AI score0.16157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/05 6:10 p.m.78 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784)

Summary Apache Tomcat Publicly disclosed vulnerability Vulnerability Details CVEID: CVE-2018-11784 Description: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability...

4.3CVSS0.7AI score0.94494EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/30 8:20 a.m.78 views

Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)

Summary Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Vulnerability Details Abstract Older versions of lighttpd, used by System x IMM contain multiple vulnerabilities. Content Vulnerability Details: CVE ID: CVE-2011-4362 Description: Integer signedness error i...

7.5CVSS0.7AI score0.16246EPSS
Exploits14
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.78 views

Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)

Summary An Apache Struts vulnerability of arbitrary code execution was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts...

10CVSS0.2AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:18 p.m.78 views

Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details...

5.6CVSS0.7AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:39 p.m.78 views

Security Bulletin: IBM Cognos TM1 is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos TM1, These were disclosed in the 02/09/2015, 04/09/2015 and 05/14/2015 X-Force Reports. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version...

7.8CVSS6.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.78 views

Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)

Summary There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive...

7.5CVSS0.4AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:38 a.m.77 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open Source Software OSS components used by IBM Cognos Analytics. Additionally, Cognos Analytics is vulnerable to an XML External Entity Injection XXE. For more information about the vulnerability impact, refer to t...

9.8CVSS9.3AI score0.03283EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.77 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 5:28 p.m.77 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 9 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a...

9.8CVSS10AI score0.20459EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 2:33 p.m.77 views

Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...

7.8CVSS7.6AI score0.01429EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 12:43 a.m.77 views

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details CVEID:CVE-2023-38371 DESCRIPTION: IBM Security Access Manager uses weaker than expected cryptographic algorithms that could...

7.8CVSS6.3AI score0.00705EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 9:17 a.m.77 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193, CVE-2023-50308, 268195)

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746,...

8.4CVSS8.4AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 2:1 a.m.77 views

Security Bulletin: IBM Spectrum Symphony provides upgraded software packages to address known CVEs

IBM Spectrum Symphony Fix 601860 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601860. IBM Spectrum Symphony 7.3.2 with Fix 601860 is a security fix that provides upgraded versions of software packages included with IBM Spectrum...

8.1CVSS7.9AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:0 p.m.77 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker...

9.8CVSS9.8AI score0.51733EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 3:7 p.m.77 views

Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server

Summary IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache HTTP Server Vulnerability Details CVEID:CVE-2023-27522 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header b...

9.8CVSS9.4AI score0.8377EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 1:59 p.m.77 views

Security Bulletin: IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. IBM Cognos Analytics is vulnerable to an Arbitrary File Write via Archive Extraction Zip Slip in JSZip CVE-2022-48285. This has been addressed by upgrading JZIP to a non-vulnerable version. A Server-Side Request Forgery...

7.3CVSS7.7AI score0.01411EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/04 6:17 p.m.77 views

Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)

Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...

7.5CVSS5.9AI score0.00643EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 11:30 a.m.77 views

Security Bulletin: A vulnerability has been identified in the IBM Spectrum Scale GUI where a remote authenticated user can execute commands [CVE-2022-45047]

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI that could allow a remote authenticated user to execute commands. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Apache MINA SSHD could allow a remote...

9.8CVSS9.6AI score0.03571EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/24 9:7 p.m.78 views

Security Bulletin: There are several vulnerabilities in AntiSamy used by BM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-28367, CVE-2022-29577)

Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading...

6.1CVSS6.6AI score0.01239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 7:36 a.m.77 views

Security Bulletin: IBM Aspera Faspex 5.0.4 can be vulnerable to improperly unauthorized password changes

Summary IBM Aspera Faspex could allow an unauthenticated user to change another user's credentials. The unauthenticated user can get a token that then lets them change another user's password. This issue has been resolved. Vulnerability Details CVEID:CVE-2023-27875 DESCRIPTION: IBM Aspera Faspex...

7.5CVSS7.5AI score0.00559EPSS
Exploits0Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 3:26 a.m.77 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.15, which is the only supported version, is impacted by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.16. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

9.8CVSS9.4AI score0.95302EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:57 p.m.77 views

Security Bulletin: Vulnerability in http2-common affects IBM Process Mining (Multiple CVEs)

Summary There is a vulnerability in http2-common that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-9517 DESCRIPTION: Multiple vendors...

7.8CVSS6.9AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.77 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated...

9.8CVSS9.1AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:12 p.m.77 views

Security Bulletin: A vulnerability in Apache Log4j affects IBM InfoSphere Information Server (CVE-2021-44228)

Summary A vulnerability Log4Shell in Apache Log4j used by IBM InfoSphere Information Server was addressed. Various components in Information Server use Log4j to log messages for diagnostics. The fix upgrades log4j to version 2.16.0. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache...

10CVSS9.8AI score0.99999EPSS
Exploits352Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.77 views

Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)

Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachment...

6.5CVSS6.5AI score0.06257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/16 7:43 p.m.77 views

Security Bulletin: IBM Content Manager Enterprise Edition is is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Summary Apache Log4j is used by IBM Content Manager Enterprise Edition, as part of is logging infrastructure. This fix includes Apache Log4j V2.17.1. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused b...

7.5CVSS8.6AI score0.81147EPSS
Exploits9Affected Software1
Total number of security vulnerabilities5000