Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 12:4 p.m.75 views

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)

Summary Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and man-in-the-middle attacks may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2021-22946 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

8.1CVSS7.5AI score0.04224EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/15 9:35 p.m.75 views

Security Bulletin: Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System

Summary Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-46143 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS10AI score0.97108EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/08 3:42 p.m.75 views

Security Bulletin: Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler. This issue was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35586 DESCRIPTION: An unspecified vulnerability in Java SE relat...

9.8CVSS8.1AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/08 8:16 a.m.75 views

Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities

Summary Apache HTTP Server provides HTTP services for SiteProtector. IBM Security SiteProtector System has addressed the following vulnerabilities in an express update CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813 and CVE-2022-30556 : Vulnerability Details...

9.8CVSS8.9AI score0.19008EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/30 6:55 a.m.75 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS0.8AI score0.19008EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/14 3:48 p.m.75 views

Security Bulletin: Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...

9.8CVSS8.1AI score0.30367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 4:27 p.m.75 views

Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service, due to OpenSSL (CVE-2022-0778)

Summary IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service, due to OpenSSL CVE-2022-0778. This affects the version of node.js and DataDirect ODBC driver shipped with IBM App Connect Enterprise and IBM Integration Bus. The fix includes OpenSSL 1.1.1n Vulnerabili...

7.5CVSS1.7AI score0.70561EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 3:37 p.m.75 views

Security Bulletin: IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518)

Summary There is a denial of service vulnerability in FasterXML jackson-databind CVE-2020-36518 open source library included in IBM Informix Dynamic Server for IBM InformixHQ. FasterXML jackson-databind 2.13.2.2 resolves the vulnerability. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION:...

7.5CVSS8AI score0.0486EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 4:47 p.m.75 views

Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager

Summary IBM WebSphere Application Server WAS is shipped with IBM Security Identity Manager ISIM. Information about security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS2.5AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 2:18 p.m.75 views

Security Bulletin: Dojo vulnerability in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2021-23450)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS7.2AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 3:7 p.m.75 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Switches and Directors.

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cisco Switches and Directors has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By connecting to a...

7.5CVSS8.3AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 3:19 p.m.75 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this...

9.8CVSS9.9AI score0.44515EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 12:24 a.m.75 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access

Summary Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access product. Vulnerability Details CVEID: CVE-2021-3520 DESCRIPTION: lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted fil...

9.8CVSS9.9AI score0.62906EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 6:2 p.m.75 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.5CVSS2.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 7:6 p.m.75 views

Security Bulletin: Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-45105, CVE-2021-45046)

Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log...

10CVSS0.2AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 9:55 p.m.75 views

Security Bulletin: Vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift may be affected by vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka such as bypass of security restrictions, denial of service, execution of arbitrary code, elevation of privileges, buffer...

8.8CVSS9.6AI score0.1578EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:45 a.m.75 views

Security Bulletin: Vulnerabilities in OpenSSH affects Power Hardware Management Console

Summary OpenSSH is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the...

7.8CVSS0.6AI score0.88944EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:38 p.m.75 views

Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).

Summary NTP Network Time Protocol used to synchronize the time on your Power Hardware Management Console HMC with a centralized NTP server. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in...

7.5CVSS0.5AI score0.04071EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 7:42 p.m.75 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons IO

Summary A vulnerability in Apache Commons IO that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the...

5.8CVSS1.5AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/02 1:32 a.m.75 views

Security Bulletin: Steps to update Java - QMF for Workstation & QMF Vision

Summary An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in...

4.3CVSS0.9AI score0.02245EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/08 11:5 p.m.75 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)

Summary An Apache ActiveMQ man-in-the-middle vulnerability was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI...

5.9CVSS1.8AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/20 2:1 p.m.75 views

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...

9.8CVSS1AI score0.96121EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.75 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2179 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending...

7.8CVSS1.2AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.75 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Netezza PureData System for Analytics (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Netezza PureData System for Analytics. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

4.3CVSS0.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/02 2:50 a.m.75 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Security Privileged Identity Manager ISPIM. These issues were disclosed as part of the IBM Java SDK updates in July 2018, April 2018, January 2018, October 2017. Vulnerability Details July 2018 CVEID:...

10CVSS1.3AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:1 a.m.75 views

Security Bulletin: Rational Directory Server and Rational Directory Administrator can be affected by vulnerabilities (CVE-2015-0138 and CVE-2014-0227)

Summary This security bulletin is a notice of security vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and in Apache Tomcat server, version 6, which impacts IBM Rational Directory Server 5.2.x, 5.1.1.x and Rational Directory Administrator 6.x Vulnerability Details...

6.4CVSS0.9AI score0.21045EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/27 11:25 p.m.74 views

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to address following vulnerabilities. Review the Vulnerability Details section below for additional information. CVE-2023-40547 CVSS Base Score:8.3, CVE-2024-5564 CVSS Base Score:8.1, CVE-2022-48624 CVSS Base Score:7.8, CVE-2022-48624 CVSS Bas...

8.6CVSS9.2AI score0.91327EPSS
Exploits17Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:33 a.m.74 views

Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.

Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details CVEID:CVE-2022-2923 DESCRIPTION: Vim is vulnerable t...

7.8CVSS10AI score0.05533EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:23 a.m.74 views

Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...

9CVSS9.9AI score0.03796EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:20 a.m.74 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...

9.8CVSS9.5AI score0.07269EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:18 a.m.74 views

Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-34054...

9.8CVSS8.5AI score0.764EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 5:24 p.m.74 views

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)

Summary UPDATED 4/10: The included README was updated for clarity. Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2024-56346, CVE-2024-56347. Vulnerability Details CVEID:CVE-2024-56346 DESCRIPTION: IBM AIX nimesis NIM master service could allow a remote...

10CVSS9.9AI score0.01058EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:41 a.m.74 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

7.8CVSS8.3AI score0.46836EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 2:6 p.m.74 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM i (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS7AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 5:22 p.m.74 views

Security Bulletin: IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253.

Summary IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local...

7.5CVSS6.5AI score0.25939EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/22 9:19 a.m.74 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .

Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: glibc is vulnerable to a...

8.1CVSS9.1AI score0.91969EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/06 7:49 p.m.74 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within Open VPN a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent and VPN Modules. Vulnerabilities contained within Eclipse Jetty and Netty a 3rd party component were addressed in the IBM MaaS360 Mobile Enterprise Gateway...

9.8CVSS9.9AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 8:15 a.m.74 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3

Summary OpenSSL, go-yaml, GnuTLS , OpenTelemetry-Go and urllib3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerabl...

8.1CVSS8.3AI score0.05533EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 4:10 p.m.74 views

Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.11 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...

9.8CVSS9.4AI score0.99615EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/27 2:32 p.m.74 views

Security Bulletin: There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453)

Summary There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk...

7.5CVSS6.9AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 11:43 a.m.74 views

Security Bulletin: Multiple vulnerabilities of Apache Groovy (groovy-all-2.3.11.jar) have affected APM JBoss and APM WebLogic Agent [CVE-202-17521, CVE-2016-6814, CVE-2015-3253]

Summary APM JBoss and APM WebLogic Agents are vulnerable to Apache Groovygroovy-all-2.3.11.jar. CVE-2020-17521, CVE-2016-6814, CVE-2015-3253 The fix includes groovy-all-2.3.11.jar upgraded to groovy-all-2.5.21.jar. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow ...

9.8CVSS8.7AI score0.42983EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 1:25 p.m.74 views

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities

Summary IBM MQ Appliance has resolved multiple open source vulnerabilities CVE-2022-40303, CVE-2022-40304, CVE-2021-46848 and CVE-2022-43680. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.1CVSS8.8AI score0.22791EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:50 p.m.74 views

Security Bulletin: There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management (CVE-2022-21681, CVE-2022-21680)

Summary There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in inline.reflinkSearch. By...

7.5CVSS7.6AI score0.02828EPSS
Exploits2Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.74 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack...

8.1CVSS8AI score0.55724EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.74 views

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem 840 and V840 (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem 840 and V840 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID : CVE-2013-1740...

10CVSS9.1AI score0.06381EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 11:48 p.m.74 views

Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM InfoSphere Global Name Management (CVE-2022-22475, CVE-2022-22476)

Summary The IBM WebSphere Liberty used in IBM InfoSphere Global Name Management is vulnerable to identity spoofing by an authenticated user. This issue only affects ENS, a part of GNM 6 installed by a small minority of GNM customers. For GNM customers not using ENS, there is no vulnerability...

8.8CVSS6.9AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/26 3:18 p.m.74 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges due to [CVE-2022-42919]

Summary Python is used by IBM App Connect Enterprise Certified Container for providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges. This bulletin provides patch information to...

7.8CVSS7.6AI score0.00603EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 4:12 p.m.74 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a buffer overflow CVE-2022-3602, cause a denial of service CVE-2022-3786, or obtain sensitive information CVE-2022-3358. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details...

7.5CVSS9AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/13 1:11 a.m.74 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to local information disclosure due to Postgresql JDBC (CVE-2022-41946)

Summary The Postgresql JDBC driver is used by IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...

5.5CVSS5AI score0.0048EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 12:42 a.m.74 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)

Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...

7.5CVSS8AI score0.17673EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000