Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 4:47 p.m.75 views

Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager

Summary IBM WebSphere Application Server WAS is shipped with IBM Security Identity Manager ISIM. Information about security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS2.5AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 2:18 p.m.75 views

Security Bulletin: Dojo vulnerability in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2021-23450)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS7.2AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 3:7 p.m.75 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Switches and Directors.

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cisco Switches and Directors has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By connecting to a...

7.5CVSS8.3AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 3:19 p.m.75 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this...

9.8CVSS9.9AI score0.44515EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 12:24 a.m.75 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access

Summary Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access product. Vulnerability Details CVEID: CVE-2021-3520 DESCRIPTION: lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted fil...

9.8CVSS9.9AI score0.62906EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 6:2 p.m.75 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.5CVSS2.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 7:6 p.m.75 views

Security Bulletin: Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-45105, CVE-2021-45046)

Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log...

10CVSS0.2AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/03 6:52 p.m.75 views

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-3541 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack whic...

9.8CVSS10.2AI score0.62906EPSS
Exploits43Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/30 12:44 p.m.75 views

Security Bulletin: Vulnerabilities in IBM Java Runtime and libxml2 affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition Version 8, as well as a vulnerability in GNOME libxml2 version 2.7.8. Both components are used by Tivoli Netcool/OMNIbus. The JRE vulnerability was disclosed as part of the IBM Java SDK updates in April 2021. Th...

8.8CVSS8.1AI score0.03653EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 7:42 p.m.75 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons IO

Summary A vulnerability in Apache Commons IO that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the...

5.8CVSS1.5AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/02 1:32 a.m.75 views

Security Bulletin: Steps to update Java - QMF for Workstation & QMF Vision

Summary An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in...

4.3CVSS0.9AI score0.02245EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/08 11:5 p.m.75 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)

Summary An Apache ActiveMQ man-in-the-middle vulnerability was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI...

5.9CVSS1.8AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/20 2:1 p.m.75 views

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...

9.8CVSS1AI score0.96121EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.75 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2179 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending...

7.8CVSS1.2AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.75 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Netezza PureData System for Analytics (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Netezza PureData System for Analytics. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

4.3CVSS0.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/02 2:50 a.m.75 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Security Privileged Identity Manager ISPIM. These issues were disclosed as part of the IBM Java SDK updates in July 2018, April 2018, January 2018, October 2017. Vulnerability Details July 2018 CVEID:...

10CVSS1.3AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/25 3:15 p.m.75 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with OpenPages GRC Platform (CVE-2018-10237)

Summary IBM WebSphere Application Server is shipped as a component of OpenPages GRC Platform. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM WebSphere...

2.5AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:1 a.m.75 views

Security Bulletin: Rational Directory Server and Rational Directory Administrator can be affected by vulnerabilities (CVE-2015-0138 and CVE-2014-0227)

Summary This security bulletin is a notice of security vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and in Apache Tomcat server, version 6, which impacts IBM Rational Directory Server 5.2.x, 5.1.1.x and Rational Directory Administrator 6.x Vulnerability Details...

6.4CVSS0.9AI score0.21045EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/27 11:25 p.m.74 views

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to address following vulnerabilities. Review the Vulnerability Details section below for additional information. CVE-2023-40547 CVSS Base Score:8.3, CVE-2024-5564 CVSS Base Score:8.1, CVE-2022-48624 CVSS Base Score:7.8, CVE-2022-48624 CVSS Bas...

8.6CVSS9.2AI score0.91327EPSS
Exploits17Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:33 a.m.74 views

Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.

Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details CVEID:CVE-2022-2923 DESCRIPTION: Vim is vulnerable t...

7.8CVSS10AI score0.05533EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:23 a.m.74 views

Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...

9CVSS9.9AI score0.03796EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:18 a.m.74 views

Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-34054...

9.8CVSS8.5AI score0.764EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 5:24 p.m.74 views

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)

Summary UPDATED 4/10: The included README was updated for clarity. Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2024-56346, CVE-2024-56347. Vulnerability Details CVEID:CVE-2024-56346 DESCRIPTION: IBM AIX nimesis NIM master service could allow a remote...

10CVSS9.9AI score0.01058EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:38 a.m.74 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2023-0044 DESCRIPTION: Quarkus could allow a remote attacker to obtain sensitive information, caused by a flaw when the Form Authentication session cookie Path attribute is se...

7.8CVSS10AI score0.0486EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 2:6 p.m.74 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM i (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS7AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 5:22 p.m.74 views

Security Bulletin: IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253.

Summary IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local...

7.5CVSS6.5AI score0.25939EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/22 9:19 a.m.74 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .

Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: glibc is vulnerable to a...

8.1CVSS9.1AI score0.91969EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/06 7:49 p.m.74 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within Open VPN a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent and VPN Modules. Vulnerabilities contained within Eclipse Jetty and Netty a 3rd party component were addressed in the IBM MaaS360 Mobile Enterprise Gateway...

9.8CVSS9.9AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 8:15 a.m.74 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3

Summary OpenSSL, go-yaml, GnuTLS , OpenTelemetry-Go and urllib3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerabl...

8.1CVSS8.3AI score0.05533EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 4:10 p.m.74 views

Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.11 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...

9.8CVSS9.4AI score0.99615EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/27 2:32 p.m.74 views

Security Bulletin: There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453)

Summary There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk...

7.5CVSS6.9AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 11:43 a.m.74 views

Security Bulletin: Multiple vulnerabilities of Apache Groovy (groovy-all-2.3.11.jar) have affected APM JBoss and APM WebLogic Agent [CVE-202-17521, CVE-2016-6814, CVE-2015-3253]

Summary APM JBoss and APM WebLogic Agents are vulnerable to Apache Groovygroovy-all-2.3.11.jar. CVE-2020-17521, CVE-2016-6814, CVE-2015-3253 The fix includes groovy-all-2.3.11.jar upgraded to groovy-all-2.5.21.jar. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow ...

9.8CVSS8.7AI score0.42983EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 1:25 p.m.74 views

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities

Summary IBM MQ Appliance has resolved multiple open source vulnerabilities CVE-2022-40303, CVE-2022-40304, CVE-2021-46848 and CVE-2022-43680. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.1CVSS8.8AI score0.22791EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 7:58 p.m.74 views

Security Bulletin: IBM MQ is affected by issues in IBM WebSphere Application Server Liberty (CVE-2022-3509, CVE-2022-3171)

Summary Issues were identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a...

7.5CVSS6.5AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/26 3:18 p.m.74 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges due to [CVE-2022-42919]

Summary Python is used by IBM App Connect Enterprise Certified Container for providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges. This bulletin provides patch information to...

7.8CVSS7.6AI score0.00603EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 4:12 p.m.74 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a buffer overflow CVE-2022-3602, cause a denial of service CVE-2022-3786, or obtain sensitive information CVE-2022-3358. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details...

7.5CVSS9AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/13 1:11 a.m.74 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to local information disclosure due to Postgresql JDBC (CVE-2022-41946)

Summary The Postgresql JDBC driver is used by IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...

5.5CVSS5AI score0.0048EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 12:42 a.m.74 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)

Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...

7.5CVSS8AI score0.17673EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/17 2:52 p.m.74 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-43680_CVE-2013-0340_CVE-2017-9233)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.3AI score0.19433EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/02 4:51 p.m.74 views

Security Bulletin: Potential vulnerability in Apache Commons IO affect IBM Operations Analytics - Log Analysis (CVE-2021-29425)

Summary Prior to version 2.7 vulnerability in Apache Commons IO allow remote attacker to traverse directories on the system to view arbitrary files Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused...

4.8CVSS6.4AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/22 6:4 p.m.74 views

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products are vulnerable due to an OpenSSL issue. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit...

5.3CVSS7.3AI score0.04425EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/10 4:27 p.m.74 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the...

8.1CVSS8.4AI score0.77766EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/05 10:39 p.m.74 views

Security Bulletin: Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)

Summary There is a vulnerability in Apache log4j used by Spark and Zookeeper that is affecting QRadar User Behavior AnalyticsUBA. This has been addressed in both dependencies and UBA has been updated to the patched versions. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j coul...

7.5CVSS8.7AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 5:31 a.m.74 views

Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to use of Apache HTTP server CVE-2022-22720

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-22720 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are...

9.8CVSS9.2AI score0.28189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 4:4 p.m.74 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Elastic Storage System due to its use of Log4j for logging and this fix upgrades to Apache Log4j V2.17.1. Vulnerability Details CVEID: CVE-2021-4104...

7.5CVSS1.6AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/07 7:34 p.m.74 views

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.74. Vulnerability Details CVEID: CVE-2021-39047 DESCRIPTION: Some IBM products are vulnerable to cross-site scripting. This vulnerability allows users to embed...

9.8CVSS1AI score0.30367EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 5:43 a.m.74 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

2.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 9:55 p.m.74 views

Security Bulletin: Vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift may be affected by vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka such as bypass of security restrictions, denial of service, execution of arbitrary code, elevation of privileges, buffer...

8.8CVSS9.6AI score0.1578EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/04 3:59 p.m.74 views

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-28374 DESCRIPTION: Linux Kernel could allow a remote authenticated attacker to traverse directories on the system, caused by insufficient identifier checking in the LIO SCSI target code. An attacker...

8.1CVSS7.8AI score0.06692EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/19 3:38 p.m.74 views

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs

Summary Cloud Pak for Security CP4S v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions. Vulnerability Details CVEID: CVE-2020-24332 DESCRIPTION: TrouSerS could allow a remote...

9.8CVSS10.6AI score0.93422EPSS
Exploits75Affected Software1
Total number of security vulnerabilities5000