Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/05/01 2:59 p.m.76 views

Security Bulletin: Multiple vulnerabilities in golang affect IBM Db2® REST

Summary IBM Db2® REST is affected by multiple vulnerabilities found in Golang Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploi...

7.5CVSS7.7AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/19 5:26 p.m.76 views

Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

6.9CVSS7.2AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/11 11:47 a.m.76 views

Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-23498 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when datasource query...

10CVSS9.9AI score0.99019EPSS
Exploits71Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.76 views

Security Bulletin: Vulnerabilities in OpenSSH affect SAN Volume Controller and Storwize Family (CVE-2015-6563 CVE-2015-6564)

Summary OpenSSH vulnerabilities were disclosed in May 2016 by the OpenSSH Project. OpenSSH is used by SAN Volume Controller and Storwize Family in its CLI. SAN Volume Controller and Storwize Family products have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-6563 DESCRIPTION...

6.9CVSS7.4AI score0.00599EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 6:3 a.m.76 views

Security Bulletin: Vulnerability in Apache Commons FileUpload library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-24998)

Summary Fix is available for vulnerability in Apache Commons FileUpload library affecting Tivoli Netcool/OMNIbus WebGUI CVE-2023-24998. Apache Commons FileUpload is used by Tivoli Netcool/OMNIbus WebGUI to facilitate file upload in Map Resources admin page. The fix includes Apache Commons...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 9:8 a.m.76 views

Security Bulletin: IBM Cloud Pak for Network Automation v2.4.4 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation v2.4.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-4883 DESCRIPTION: libXpm could allow a remote attacker to execute arbitrary code on the system, caused by compression commands depend on $PAT...

8.8CVSS9.3AI score0.47102EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.76 views

Security Bulletin: Vulnerabilities in Bash affect IBM FlashSystem 840 and V840 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM FlashSystem 840 and V840 products. Vulnerability Details The following vulnerabilities are only exploitable by users who already have...

10CVSS9.1AI score0.99999EPSS
Exploits158Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 8:50 p.m.76 views

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-1586)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-1586 DESCRIPTION: PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the compilexclassmatchingpath function in...

9.1CVSS9.3AI score0.02993EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:25 p.m.76 views

Security Bulletin: IBM Aspera Orchestrator affected by OpenSSL vulnerability (CVE-2022-2068)

Summary Aspera Orchestrator has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the crehash script. By sending a...

10CVSS9.8AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 5:19 p.m.76 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS9.8AI score0.05299EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:57 a.m.76 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM

Summary A vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related t...

5.3CVSS5.9AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:2 p.m.76 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2014-7810)

Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server and User Management Service new in BAW 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM...

6.7AI score0.13872EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/02 7:54 p.m.76 views

Security Bulletin: Information Disclosure and Denial of Service Vulnerabilities in the IBM Spectrum Protect Backup-Archive Client may affect IBM Spectrum Protect for Space Management (CVE-2022-22478, CVE-2022-22474)

Summary The IBM Spectrum Protect back-up archive client is vulnerable to information disclosure and denial of service vulnerabilities which may affect IBM Spectrum Protect for Space Management. Vulnerability Details CVEID:CVE-2022-22478 DESCRIPTION: IBM Spectrum Protect Client 8.1.0.0 through...

7.5CVSS6.3AI score0.0103EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 6:32 p.m.76 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2021-3121 DESCRIPTION: An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an...

8.6CVSS9.4AI score0.51733EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.76 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and switches (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cisco MDS Directors and switches. IBM Cisco MDS Directors and switches has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3193 DESCRIPTION: OpenSSL could allow a...

7.5CVSS7.3AI score0.44016EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/11 4:0 p.m.76 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...

9.8CVSS0.9AI score0.99677EPSS
Exploits120Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/14 10:23 p.m.76 views

Security Bulletin: Multiple Security Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is shipped as a component of IBM OpenPages with Watson. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.5CVSS2.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.76 views

Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2014-3565)

Summary The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol SNMP.One security vulnerability has been discovered in net-snmp used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-3565 DESCRIPTION: Net-SNMP...

5CVSS8.3AI score0.04619EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/03 6:52 p.m.76 views

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-3541 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack whic...

9.8CVSS10.2AI score0.62906EPSS
Exploits43Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/08 2:32 p.m.76 views

Security Bulletin: IBM Safer Payments v5.7 to v6.3 releases are affected by an OpenSSL Security Advisory (CVE-2021-3711)

Summary IBM Safer Payments v5.7, v6.0, v6.1, v6.2, v6.3 are affected by an OpenSSL Security Advisory. IBM Safer Payments has resolved this vulnerability. Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the...

9.8CVSS9.9AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/30 12:44 p.m.76 views

Security Bulletin: Vulnerabilities in IBM Java Runtime and libxml2 affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition Version 8, as well as a vulnerability in GNOME libxml2 version 2.7.8. Both components are used by Tivoli Netcool/OMNIbus. The JRE vulnerability was disclosed as part of the IBM Java SDK updates in April 2021. Th...

8.8CVSS8.1AI score0.03653EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/15 12:53 p.m.76 views

Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following fixes for AIX and VIOS in response to CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5715 CVEID: CVE-2017-5753 CVEID: CVE-2017-5754 iFixes released on August 17, 2018: Updated AIX and VIOS fixes for CVE-2017-5715, know...

5.6CVSS0.93838EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/19 9:27 p.m.76 views

Security Bulletin: Vulnerability CVE-2020-4788 in the IBM Power9 processor affects IBM i

Summary The IBM Power9 processor is used on IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-4788 DESCRIPTION: IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. CVSS Bas...

5.1CVSS1AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.76 views

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Application Developer for WebSphere Software (CVE-2015-1791, CVE-2015-1792, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM SDK for Node.js for the Cordova tools in Rational Application Developer fo...

7.5CVSS1AI score0.9986EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/02 3:42 p.m.76 views

Security Bulletin: OpenSSL as used in IBM QRadar Network Packet Capture is vulnerable to information exposure (CVE-2018-5407)

Summary OpenSSL as used in IBM QRadar Network Packet Capture is susceptible to information exposure. Vulnerability Details CVEID: CVE-2018-5407 Description: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution...

4.7CVSS1.5AI score0.03418EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/25 3:15 p.m.76 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with OpenPages GRC Platform (CVE-2018-10237)

Summary IBM WebSphere Application Server is shipped as a component of OpenPages GRC Platform. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM WebSphere...

2.5AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/30 8:35 a.m.76 views

Security Bulletin: Flex System Integrated Management Module 2 (IMM2) is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details Abstract Security vulnerabilities have been discovered in OpenSSL. Content Vulnerability Details: CVE ID: CVE-2014-0160 Description: OpenSSL could allow a remote attacker to obtain sensitive information, cause...

7.5CVSS0.5AI score0.99999EPSS
Exploits89
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.76 views

Security Bulletin: Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 and Gen2 (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM XIV Storage System has addressed the applicable CVEs. Vulnerability Details CVEID:...

4.3CVSS0.8AI score0.98685EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:50 p.m.76 views

Security Bulletin: IBM Tivoli Workload Scheduler (CVE-2014-6271, CVE-2014-7169)

Summary IBM Tivoli Workload Scheduler is not vulnerable to CVE-2014-6271 or CVE-2014-7169 Bash vulnerability as shipped out of the box, but action could be required because Tivoli Workload Scheduler installation on AIX through Launchpad requires bash. Vulnerability Details CVE-2014-6271 and...

10CVSS0.6AI score0.99999EPSS
Exploits140Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.76 views

Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2016-10011 DESCRIPTION: OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a privilege separation flaw. An attacker could exploit...

7.8CVSS1.1AI score0.88944EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:41 p.m.76 views

Security Bulletin: Security Vulnerabilities in OpenSSL, glibc, gcc, Net-SNMP, and OpenSSH affect IBM Security Proventia Network Enterprise Scanner

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Proventia Network Enterprise Scanner. This bulletin addresses the applicable CVEs as well as other CVEs related to glibc, gcc, Net-SNMP, and OpenSSH. CVE-2015-5600,...

8.5CVSS0.8AI score0.83645EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:22 p.m.76 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted,...

10CVSS0.9AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/22 9:25 p.m.75 views

Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.

Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. B...

9.8CVSS9.8AI score0.99957EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:10 a.m.75 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452 Vulnerability Details CVEID:CVE-2021-31618 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of...

7.5CVSS7.8AI score0.65067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:27 a.m.75 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2019-13224 DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by ...

9.8CVSS9.6AI score0.27095EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:40 a.m.75 views

Security Bulletin: Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF015 and 22.0.1-IF005. Vulnerability Details CVEID:CVE-2022-41735 DESCRIPTION: IBM Business Process Manager 21.0.1 throug...

8.2CVSS10AI score0.19653EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.75 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)

Summary IBM App Connect Enterprise Connector Discovery is vulnerable to a remote attack due to jsonpath-plus. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...

9.8CVSS7.3AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/28 4:4 p.m.75 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...

7.5CVSS7.2AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 6:51 p.m.75 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

10CVSS9.5AI score0.99999EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.75 views

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in OpenSSH

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authenticatio...

7.8CVSS1.4AI score0.98631EPSS
Exploits26Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 8:57 p.m.75 views

Security Bulletin: Google Guava is vulnerable to CVE-2023-2976 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Google Guava which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's defau...

7.1CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/23 10:37 p.m.75 views

Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow embeds a version of IBM Content Navigator that is vulnerable to denial of service attacks and missing authorization. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer...

8.8CVSS7.6AI score0.19653EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 7:58 p.m.75 views

Security Bulletin: IBM MQ is affected by issues in IBM WebSphere Application Server Liberty (CVE-2022-3509, CVE-2022-3171)

Summary Issues were identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a...

7.5CVSS6.5AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.75 views

Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978)

Summary There is a vulnerability in open source Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to execute arbitrary code on the vulnerable system or cause a denial of service...

7.5CVSS8.3AI score0.02386EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 1:55 p.m.75 views

Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2022-21626)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 - Includes Oracle October 2022 CPU Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION:...

5.3CVSS5.9AI score0.01746EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 11:55 p.m.75 views

Security Bulletin: IBM Content Navigator eFormPlugin is vulnerable to a denial of service attack (CVE-2022-40159, CVE-2022-40160)

Summary IBM Content Navigator eFormPlugin is vulnerable to a DoS attack. IBM Content Navigator has addressed the vulnerability as described below. CVE-2022-40159, CVE-2022-40160. Vulnerability Details CVEID: CVE-2022-40159 DESCRIPTION: JXPath is vulnerable to a denial of service, caused by a...

6.5CVSS7.3AI score0.01188EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 9:43 a.m.75 views

Security Bulletin: Potential vulnerability in Apache Calcite Avatica affects IBM Operations Analytics - Log Analysis (CVE-2022-36364)

Summary Prior to version 1.22.0 vulnerability in Apache Calcite Avatica allow a remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-36364 DESCRIPTION: Apache Calcite Avatica could allow a remote attacker to execute arbitrary code on t...

8.8CVSS8.9AI score0.02276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/02 4:51 p.m.75 views

Security Bulletin: Potential vulnerability in Apache Commons IO affect IBM Operations Analytics - Log Analysis (CVE-2021-29425)

Summary Prior to version 2.7 vulnerability in Apache Commons IO allow remote attacker to traverse directories on the system to view arbitrary files Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused...

4.8CVSS6.4AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.75 views

Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- IBM| TSM 6.3.1.0| Two unauthorized...

10CVSS8.7AI score0.48298EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 10:39 p.m.75 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5

Abstract Cross reference list for security vulnernabilities fixed in IBM WebSphere Appplication Server Fix Pack 8.5.5 Content VULNERABILITY DETAILS: CVE ID:CVE-2013-0482 PM76582 DESCRIPTION: The WebSphere Application Server JAX-WS Web Services Security WS-Security run time could allow a network...

7.8CVSS7.9AI score0.35584EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000