Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:45 a.m.74 views

Security Bulletin: Vulnerabilities in OpenSSH affects Power Hardware Management Console

Summary OpenSSH is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the...

7.8CVSS0.6AI score0.88944EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:6 a.m.74 views

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy

Summary There are multiple vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources causing a denial of service due to a resource leak...

7.5CVSS0.5AI score0.7795EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/22 5:33 p.m.74 views

Security Bulletin: IBM MQ is vulnerable to an issue within OpenSSL (CVE-2021-23840)

Summary An issue was identified with OpenSSL which is shipped on IBM MQ for IBM i platforms and used within the Advanced Messaging Security component. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in...

7.5CVSS1.5AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 7:3 a.m.74 views

Security Bulletin: A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237)

Summary A vulnerability on unbounded memory allocation was addressed by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and...

5.9CVSS1.2AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 7:35 p.m.74 views

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in libcurl (CVE-2019-5436)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in libcurl. Vulnerability Details CVEID: CVE-2019-5436 DESCRIPTION: cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftpreceivepacket function. By...

7.8CVSS2.3AI score0.49739EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 8:13 p.m.74 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)

Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...

7.5CVSS0.6AI score0.53336EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:54 a.m.74 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/24 12:4 p.m.74 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-10086)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has...

7.5CVSS2.9AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.74 views

Security Bulletin: IBM Netezza Host Management NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296)

Summary Multiple vulnerabilities were found in the Linux NTP component. RedHat released a patch to address these vulnerabilities. Vulnerability Details CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weaker than expected security, caused by the...

7.5CVSS0.8AI score0.7809EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/30 9:45 p.m.74 views

Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-10915 DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security restrictions, caused by an issue with improperly resting internal state in between...

9.8CVSS1.2AI score0.49268EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:33 a.m.74 views

Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM

Summary PowerKVM is affected by several vulnerabilities in qemu. These vulnerabilities have been addressed by IBM. Vulnerability Details CVEID: CVE-2016-5338 DESCRIPTION: Qemu, built with the ESP/NCR53C9x controller emulation support, is vulnerable to a denial of service, caused by an out of boun...

9.8CVSS0.9AI score0.0773EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.74 views

Security Bulletin: Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 and Gen2 (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM XIV Storage System has addressed the applicable CVEs. Vulnerability Details CVEID:...

4.3CVSS0.8AI score0.98685EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.74 views

Security Bulletin: IBM DS8870 Release 7.2 is affected by an additional vulnerability in OpenSSL (CVE-2014-0160)

Summary Security vulnerabilities have been discovered in OpenSSL which have an impact on the IBM Power Servers incorporated in the IBM DS8870. While another IBM security bulletin addresses this vulnerability in these IBM Power servers generally...

7.5CVSS0.6AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.74 views

Security Bulletin: Vulnerabilities in httpd affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance

Summary Vulnerabilities have been identified for httpd packages in Open Source Apache HTTP Server that affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance CVE-2014-0118, CVE-2014-0226, CVE-2014-0231. Vulnerability Details CVE-ID: CVE-2014-0118 DESCRIPTION: The deflateinfilter...

6.8CVSS7.9AI score0.85744EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.74 views

Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's

Summary Apache Tomcat prior to version 6.0.48 is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specifie...

9.1CVSS0.5AI score0.39633EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 5:35 a.m.73 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is...

9.1CVSS10AI score0.99621EPSS
Exploits71Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/22 9:25 p.m.73 views

Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.

Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. B...

9.8CVSS9.8AI score0.99957EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:20 a.m.73 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...

9.8CVSS9.5AI score0.07269EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:41 a.m.73 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

7.8CVSS8.3AI score0.46836EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 5:8 p.m.73 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.

Summary Mulitple vulnerabilities have been addressed in IBM Cloud Pak System 2.3.4.0 and IBM Cloud Pak System 2.3.5.0. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the...

9.8CVSS10AI score0.90407EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 4:26 p.m.73 views

Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following IBM i PTFs in response to CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. This security bulletin has been updated, on October 16, 2018, as additional IBM i PTFs are now available to mitigate the Spectre and Meltdown vulnerabilities...

5.6CVSS7.4AI score0.93838EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 8:5 p.m.73 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite...

8.4CVSS9.3AI score0.00887EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/29 7:44 a.m.73 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerability reported in Apache ActiveMQ. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused by an...

10CVSS9.7AI score0.99654EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 3:4 p.m.73 views

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-43804, CVE-2023-37920)

Summary Vulnerabilities in Python could allow a remote authenticated attacker to obtain sensitive information CVE-2023-43804. AIX's Python packaging also includes Certifi, which is vulnerable to CVE-2023-37920. Python is used by AIX as part of Ansible node management automation. Vulnerability...

9.8CVSS7.3AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/13 3:22 p.m.73 views

Security Bulletin: Mutiple Vulnerabilties Affecting Watson Machine Learning Accelerator on Cloud Pak for Data version

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data version 2.6.0 is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2022-29361 DESCRIPTION: Pallets Werkzeug is vulnerable to HTTP request smuggling, caus...

9.8CVSS9.6AI score0.51733EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 1:37 p.m.73 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary...

9.8CVSS9AI score0.76768EPSS
Exploits34Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/30 11:9 a.m.73 views

Security Bulletin: Addressing the Security vulnerability CVE-2022-23437,CVE-2009-2625,CVE-2012-0881,CVE-2013-4002 found in xercesImpl-2.9.1.jar and its previous versions affects ITCAM for Transactions

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following xercesImpl-2.9.1.jar vulnerability and updated xercesImpl.jar from version 2.5.0 to 2.12.2 and its dependency xml-apis.jar to version 2.5.0 Vulnerability Details...

7.8CVSS6.8AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 11:38 a.m.73 views

Security Bulletin: Multiple vulnerabilities of Apache Ant (ant-1.7.0.jar, ant-1.8.4.jar) have affected APM JBoss, APM WebLogic and APM SAP NetWeaver Java™ Stack Agents.

Summary APM JBoss, APM WebLogic and APM SAP NetWeaver Java™ Stack Agents are vulnerable to Apache Antant-1.7.0.jar, ant-1.8.4.jar CVE-2021-36373, CVE-2020-1945, CVE-2012-2098, CVE-2020-11979, CVE-2021-36374. The fix includes ant jar upgraded to ant-1.10.13.jar. Vulnerability Details...

7.5CVSS7.2AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 9:31 a.m.73 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...

9CVSS7.3AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 7:40 p.m.73 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI

Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.1AI score0.99019EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/07 4:0 p.m.73 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 3:19 p.m.73 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2021-46848 DESCRIPTION: GNU Libtasn1 could allow a remote attacker to obtain sensitive information, caused by an out-of-bound access flaw in ETYPEOK. By sending a...

9.8CVSS10AI score0.92984EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:50 p.m.73 views

Security Bulletin: There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management (CVE-2022-21681, CVE-2022-21680)

Summary There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in inline.reflinkSearch. By...

7.5CVSS7.6AI score0.02828EPSS
Exploits2Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.73 views

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem 840 and V840 (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem 840 and V840 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID : CVE-2013-1740...

10CVSS9.1AI score0.06381EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.73 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack...

8.1CVSS8AI score0.55724EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 11:48 p.m.73 views

Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM InfoSphere Global Name Management (CVE-2022-22475, CVE-2022-22476)

Summary The IBM WebSphere Liberty used in IBM InfoSphere Global Name Management is vulnerable to identity spoofing by an authenticated user. This issue only affects ENS, a part of GNM 6 installed by a small minority of GNM customers. For GNM customers not using ENS, there is no vulnerability...

8.8CVSS6.9AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/27 10:20 a.m.73 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information.. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected security, caused by the failure to check the return...

9.1CVSS8AI score0.02587EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 1:20 p.m.73 views

Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics

Summary Multiple vulnerabilities exist in Spark, which is used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Spark and packages that are associated with Spark that resolve the vulnerabilities. Vulnerability Details...

9.8CVSS9.1AI score0.29726EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:34 a.m.73 views

Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)

Summary Apache Commons Fileupload is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastucture. Information about security vulnerabilities affecting Apache Commons Fileupload has been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-2186...

7.5CVSS8.1AI score0.83175EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:9 a.m.73 views

Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)

Summary There is a vulnerability that allows redirecting of HTTP traffic with CGI applications that may affect IBM HTTP Server IHS. This vulnerability is known as "HTTPOXY". Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP...

8.1CVSS8AI score0.55724EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 11:27 a.m.73 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest (CVE-2021-35561, CVE-2022-21299, CVE-2022-21496)

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in April 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

5.3CVSS6.9AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/01 6:57 a.m.73 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by IBM WebSphere Cast Iron Solution & App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Apr 2022, IBM WebSphere Cast Iron Solution & App Connect Professional have addressed the...

5.3CVSS0.7AI score0.02651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 10:36 a.m.73 views

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4155 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by data leak flaw in the wa...

7.8CVSS1.1AI score0.05528EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/27 9:21 p.m.73 views

Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by IBM Engineering Systems Design Rhapsody RDM components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1. Vulnerability...

10CVSS2.2AI score0.99999EPSS
Exploits357Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 5:6 p.m.73 views

Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects DS8000 Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argumen...

10CVSS8.6AI score0.94859EPSS
Exploits29Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:33 p.m.73 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Python (CVE-2021-3733)

Summary Security Vulnerabilities affect IBM Cloud Private - Python Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class in urllib. By persuading a vict...

6.5CVSS0.9AI score0.04675EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.73 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Global Name Management (CVE-2019-2769, CVE-2019-2762, CVE-2019-2816).

Summary There are multiple vulnerabilities in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Global Name Management. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions...

2.5AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 11:45 p.m.73 views

Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224

Summary IBM HTTP Server powered by Apache for i is vulnerable to the issue described in the vulnerability details section. IBM i has addressed the applicable CVE in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to ...

8.2CVSS1.2AI score0.82295EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 6:1 a.m.73 views

Security Bulletin: Tivoli Netcool/OMNIbus WebGUI is vulnerable to Apache log4j vulnerability (CVE-2021-44228)

Summary Tivoli Netcool/OMNIbus WebGUI may be impacted by the vulnerability Apache Log4j CVE-2021-44228 through the use of Log4j-api. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server WAS component/product which are affected. Vulnerability...

10CVSS0.4AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:38 p.m.73 views

Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).

Summary NTP Network Time Protocol used to synchronize the time on your Power Hardware Management Console HMC with a centralized NTP server. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in...

7.5CVSS0.5AI score0.04071EPSS
Exploits0
Total number of security vulnerabilities5000