Lucene search
K
IbmMost viewed

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 12:42 a.m.74 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)

Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...

7.5CVSS8AI score0.17673EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/30 10:25 a.m.74 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID:CVE-2022-35959 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the implementation of...

9.8CVSS7.4AI score0.00596EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/17 2:52 p.m.74 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-43680_CVE-2013-0340_CVE-2017-9233)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.3AI score0.19433EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 1:20 p.m.74 views

Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics

Summary Multiple vulnerabilities exist in Spark, which is used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Spark and packages that are associated with Spark that resolve the vulnerabilities. Vulnerability Details...

9.8CVSS9.1AI score0.29726EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:34 a.m.74 views

Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)

Summary Apache Commons Fileupload is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastucture. Information about security vulnerabilities affecting Apache Commons Fileupload has been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-2186...

7.5CVSS8.1AI score0.83175EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/22 6:4 p.m.74 views

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products are vulnerable due to an OpenSSL issue. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit...

5.3CVSS7.3AI score0.04425EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/10 4:27 p.m.74 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the...

8.1CVSS8.4AI score0.77766EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/05 10:39 p.m.74 views

Security Bulletin: Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)

Summary There is a vulnerability in Apache log4j used by Spark and Zookeeper that is affecting QRadar User Behavior AnalyticsUBA. This has been addressed in both dependencies and UBA has been updated to the patched versions. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j coul...

7.5CVSS8.7AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 5:31 a.m.74 views

Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to use of Apache HTTP server CVE-2022-22720

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-22720 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are...

9.8CVSS9.2AI score0.28189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 4:4 p.m.74 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Elastic Storage System due to its use of Log4j for logging and this fix upgrades to Apache Log4j V2.17.1. Vulnerability Details CVEID: CVE-2021-4104...

7.5CVSS1.6AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 10:36 a.m.74 views

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-4155 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by data leak flaw in the wa...

7.8CVSS1.1AI score0.05528EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/07 7:34 p.m.74 views

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.74. Vulnerability Details CVEID: CVE-2021-39047 DESCRIPTION: Some IBM products are vulnerable to cross-site scripting. This vulnerability allows users to embed...

9.8CVSS1AI score0.30367EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 11:45 p.m.74 views

Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224

Summary IBM HTTP Server powered by Apache for i is vulnerable to the issue described in the vulnerability details section. IBM i has addressed the applicable CVE in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to ...

8.2CVSS1.2AI score0.82295EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 5:43 a.m.74 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

2.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 6:1 a.m.74 views

Security Bulletin: Tivoli Netcool/OMNIbus WebGUI is vulnerable to Apache log4j vulnerability (CVE-2021-44228)

Summary Tivoli Netcool/OMNIbus WebGUI may be impacted by the vulnerability Apache Log4j CVE-2021-44228 through the use of Log4j-api. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server WAS component/product which are affected. Vulnerability...

10CVSS0.4AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/04 3:59 p.m.74 views

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-28374 DESCRIPTION: Linux Kernel could allow a remote authenticated attacker to traverse directories on the system, caused by insufficient identifier checking in the LIO SCSI target code. An attacker...

8.1CVSS7.8AI score0.06692EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/19 3:38 p.m.74 views

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs

Summary Cloud Pak for Security CP4S v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions. Vulnerability Details CVEID: CVE-2020-24332 DESCRIPTION: TrouSerS could allow a remote...

9.8CVSS10.6AI score0.93422EPSS
Exploits75Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:6 a.m.74 views

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy

Summary There are multiple vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources causing a denial of service due to a resource leak...

7.5CVSS0.5AI score0.7795EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/22 5:33 p.m.74 views

Security Bulletin: IBM MQ is vulnerable to an issue within OpenSSL (CVE-2021-23840)

Summary An issue was identified with OpenSSL which is shipped on IBM MQ for IBM i platforms and used within the Advanced Messaging Security component. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in...

7.5CVSS1.5AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 7:3 a.m.74 views

Security Bulletin: A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237)

Summary A vulnerability on unbounded memory allocation was addressed by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and...

5.9CVSS1.2AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 7:35 p.m.74 views

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in libcurl (CVE-2019-5436)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in libcurl. Vulnerability Details CVEID: CVE-2019-5436 DESCRIPTION: cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftpreceivepacket function. By...

7.8CVSS2.3AI score0.49739EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 8:13 p.m.74 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)

Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...

7.5CVSS0.6AI score0.53336EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:54 a.m.74 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/24 12:4 p.m.74 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-10086)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has...

7.5CVSS2.9AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.74 views

Security Bulletin: IBM i is affected by GSKIT vulnerability CVE-2018-1388

Summary IBM i GSKIT is vulnerable to this security vulnerability. IBM i has addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1388 DESCRIPTION: GSKit V7 may disclose side channel information via discrepencies between valid and invalid PKCS1 padding. CVSS Base Score: 9.1 CVSS...

7.5CVSS1AI score0.02192EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.74 views

Security Bulletin: IBM Netezza Host Management NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296)

Summary Multiple vulnerabilities were found in the Linux NTP component. RedHat released a patch to address these vulnerabilities. Vulnerability Details CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weaker than expected security, caused by the...

7.5CVSS0.8AI score0.7809EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/17 3:34 p.m.74 views

Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.

Summary Multiple security vulnerabilities have been identified and fixed in the IBM Security Privileged Identity Manager Appliance. Vulnerability Details CVEID: CVE-2018-1049 DESCRIPTION: Systemd is vulnerable to a denial of service, caused by a race condition between .mount and .automount units....

10CVSS1AI score0.96121EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/30 9:45 p.m.74 views

Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-10915 DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security restrictions, caused by an issue with improperly resting internal state in between...

9.8CVSS1.2AI score0.49268EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:33 a.m.74 views

Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM

Summary PowerKVM is affected by several vulnerabilities in qemu. These vulnerabilities have been addressed by IBM. Vulnerability Details CVEID: CVE-2016-5338 DESCRIPTION: Qemu, built with the ESP/NCR53C9x controller emulation support, is vulnerable to a denial of service, caused by an out of boun...

9.8CVSS0.9AI score0.0773EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.74 views

Security Bulletin: IBM DS8870 Release 7.2 is affected by an additional vulnerability in OpenSSL (CVE-2014-0160)

Summary Security vulnerabilities have been discovered in OpenSSL which have an impact on the IBM Power Servers incorporated in the IBM DS8870. While another IBM security bulletin addresses this vulnerability in these IBM Power servers generally...

7.5CVSS0.6AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.74 views

Security Bulletin: Vulnerabilities in httpd affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance

Summary Vulnerabilities have been identified for httpd packages in Open Source Apache HTTP Server that affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance CVE-2014-0118, CVE-2014-0226, CVE-2014-0231. Vulnerability Details CVE-ID: CVE-2014-0118 DESCRIPTION: The deflateinfilter...

6.8CVSS7.9AI score0.85744EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.74 views

Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's

Summary Apache Tomcat prior to version 6.0.48 is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specifie...

9.1CVSS0.5AI score0.39633EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 5:35 a.m.73 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is...

9.1CVSS10AI score0.99621EPSS
Exploits71Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 12:57 p.m.73 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to the...

7.5CVSS10AI score0.03174EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 5:8 p.m.73 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.

Summary Mulitple vulnerabilities have been addressed in IBM Cloud Pak System 2.3.4.0 and IBM Cloud Pak System 2.3.5.0. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the...

9.8CVSS10AI score0.90407EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 4:26 p.m.73 views

Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following IBM i PTFs in response to CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. This security bulletin has been updated, on October 16, 2018, as additional IBM i PTFs are now available to mitigate the Spectre and Meltdown vulnerabilities...

5.6CVSS7.4AI score0.93838EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 8:5 p.m.73 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite...

8.4CVSS9.3AI score0.00887EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 10:8 p.m.73 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2398) and security restrictions bypass (CVE-2024-2466, CVE-2024-2004) due to cURL libcurl

Summary Vulnerabilities in cURL libcurl could allow a remote attacker to cause a denial of servce CVE-2024-2398 or bypass security restrictions CVE-2024-2466, CVE-2024-2004. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HM...

8.6CVSS6.9AI score0.36081EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 4:54 p.m.73 views

Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository

Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...

9.8CVSS10AI score0.99615EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/29 7:44 a.m.73 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerability reported in Apache ActiveMQ. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused by an...

10CVSS9.7AI score0.99654EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 3:4 p.m.73 views

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-43804, CVE-2023-37920)

Summary Vulnerabilities in Python could allow a remote authenticated attacker to obtain sensitive information CVE-2023-43804. AIX's Python packaging also includes Certifi, which is vulnerable to CVE-2023-37920. Python is used by AIX as part of Ansible node management automation. Vulnerability...

9.8CVSS7.3AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/13 3:22 p.m.73 views

Security Bulletin: Mutiple Vulnerabilties Affecting Watson Machine Learning Accelerator on Cloud Pak for Data version

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data version 2.6.0 is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2022-29361 DESCRIPTION: Pallets Werkzeug is vulnerable to HTTP request smuggling, caus...

9.8CVSS9.6AI score0.51733EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 1:37 p.m.73 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary...

9.8CVSS9AI score0.76768EPSS
Exploits34Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 9:11 p.m.73 views

Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.10 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace...

9.3CVSS9.1AI score0.76249EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 11:38 a.m.73 views

Security Bulletin: Multiple vulnerabilities of Apache Ant (ant-1.7.0.jar, ant-1.8.4.jar) have affected APM JBoss, APM WebLogic and APM SAP NetWeaver Java™ Stack Agents.

Summary APM JBoss, APM WebLogic and APM SAP NetWeaver Java™ Stack Agents are vulnerable to Apache Antant-1.7.0.jar, ant-1.8.4.jar CVE-2021-36373, CVE-2020-1945, CVE-2012-2098, CVE-2020-11979, CVE-2021-36374. The fix includes ant jar upgraded to ant-1.10.13.jar. Vulnerability Details...

7.5CVSS7.2AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 6:13 p.m.73 views

Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common

Summary IBM Storage Protect Server uses the http2-server and http2-common components and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2019-9511 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...

7.8CVSS6.9AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 9:31 a.m.73 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...

9CVSS7.3AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 7:40 p.m.73 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI

Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.1AI score0.99019EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.73 views

Security Bulletin: Vulnerabilities in Libxml2 affect System x Integrated Management Module (IMM) (CVE-2014-0191, CVE-2014-3660)

Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details CVE-ID:...

5CVSS7.4AI score0.081EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/07 4:0 p.m.73 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000