Lucene search
K
IbmMost viewed

35743 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 6:13 p.m.73 views

Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common

Summary IBM Storage Protect Server uses the http2-server and http2-common components and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2019-9511 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...

7.8CVSS6.9AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 9:31 a.m.73 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...

9CVSS7.3AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 7:40 p.m.73 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI

Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.1AI score0.99019EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.73 views

Security Bulletin: Vulnerabilities in Libxml2 affect System x Integrated Management Module (IMM) (CVE-2014-0191, CVE-2014-3660)

Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details CVE-ID:...

5CVSS7.4AI score0.081EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/07 4:0 p.m.73 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.73 views

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. The applicable CVEs are CVE-2016-7117 CVE-2016-6828 CVE-2016-102...

10CVSS9.1AI score0.24299EPSS
Exploits24Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.73 views

Security Bulletin: Multiple vulnerabilities in IPv6 and MQ affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products

Summary Vulnerabilities in the IPv6 and MQ components affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products. Applicable CVEs are CVE-2016-10142 and CVE-2017-11176. Vulnerability Details CVEID: CVE-2016-10142 DESCRIPTION: The IETF IPv6 protocol is vulnerable to a denial of...

8.6CVSS7.5AI score0.03631EPSS
Exploits8Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:39 p.m.73 views

Security Bulletin: There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40705)

Summary There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-40705 DESCRIPTION: Apache SOAP is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a...

7.5CVSS7.6AI score0.01414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:48 a.m.73 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SAN b-type Switches

Summary OpenSSL issues from March 2015 containing 12 CVE were disclosed. This bulletin addresses the vulnerabilities that have been referred to as Open SSL used by IBM SAN b-type Switches. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By...

7.5CVSS8.3AI score0.44503EPSS
Exploits1Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 11:44 a.m.73 views

Security Bulletin: IBM MQ Operator and Queue Manager container images are vulnerable to vulnerabilities from libksba and sqlite (CVE-2022-47629 and CVE-2022-35737)

Summary Issues were identified in Red Hat UBI packages libksba and sqlite that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-47629 DESCRIPTION: Libksba could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS9.5AI score0.17981EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.73 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2020-28852 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while...

7.5CVSS7.6AI score0.02297EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/27 10:20 a.m.73 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information.. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected security, caused by the failure to check the return...

9.1CVSS8AI score0.02587EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:9 a.m.73 views

Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)

Summary There is a vulnerability that allows redirecting of HTTP traffic with CGI applications that may affect IBM HTTP Server IHS. This vulnerability is known as "HTTPOXY". Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP...

8.1CVSS8AI score0.55724EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/16 6:39 p.m.73 views

Security Bulletin: Vulnerabilities in Intel Chipset affect IBM Cloud Pak System (CVE-2021-0060, CVE-2021-0147, CVE-2021-33080)

Summary Vulnerabilities in Intel Chipset affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-0060 DESCRIPTION: Intel SPS could allow a physical attacker to gain elevated privileges on the system, caused by insufficient...

7.2CVSS5.8AI score0.0084EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 11:27 a.m.73 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest (CVE-2021-35561, CVE-2022-21299, CVE-2022-21496)

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in April 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

5.3CVSS6.9AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/01 6:57 a.m.73 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by IBM WebSphere Cast Iron Solution & App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Apr 2022, IBM WebSphere Cast Iron Solution & App Connect Professional have addressed the...

5.3CVSS0.7AI score0.02805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/27 9:21 p.m.73 views

Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by IBM Engineering Systems Design Rhapsody RDM components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1. Vulnerability...

10CVSS2.2AI score0.99999EPSS
Exploits357Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 5:6 p.m.73 views

Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects DS8000 Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argumen...

10CVSS8.6AI score0.94859EPSS
Exploits29Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.73 views

Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031)

Summary IBM InfoSphere Master Data Management is vulnerable to a Novell NetIQ Sentinel issue and could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVE-ID: CVE-2016-1000031 DESCRIPTION: Novell NetIQ Sentinel could allow a remote attacker to execute...

7.5CVSS1.7AI score0.34731EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:33 p.m.73 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Python (CVE-2021-3733)

Summary Security Vulnerabilities affect IBM Cloud Private - Python Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class in urllib. By persuading a vict...

6.5CVSS0.9AI score0.04675EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.73 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Global Name Management (CVE-2019-2769, CVE-2019-2762, CVE-2019-2816).

Summary There are multiple vulnerabilities in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Global Name Management. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions...

2.5AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/09 10:51 a.m.73 views

Security Bulletin: Netcool Operations Insight is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)

Summary Multiple vulnerabilities were identified within the Apache Log4j library CVE-2021-45046, CVE-2021-45105 that is used by Netcool Operations Insight to provide logging functionality. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS0.7AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/13 11:17 a.m.73 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle July 2021 Critical Patch Update, minus CVE-2021-2341. CVE-2021-2341 will be covered in an additional bulletin. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an...

7.5CVSS0.5AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 9:10 p.m.73 views

Security Bulletin: Potential vulnerability with Node.js

Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic...

9.8CVSS1.5AI score0.69062EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:3 a.m.73 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

1AI score0.68067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/29 7:3 p.m.73 views

Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to remote attacker being able to execute arbitrary code to obtain sensitive information , the failure to restrict the number of message attachments, and disclosing sensitive information...

10CVSS1AI score0.33937EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/17 9:36 a.m.73 views

Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13934...

7.5CVSS1.2AI score0.87553EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/10 8:34 p.m.73 views

Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)

Summary JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting XSS Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attack...

6.9CVSS0.8AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.73 views

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze

Summary AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...

9.3CVSS0.9AI score0.82017EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/06 8:52 p.m.73 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-11358)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could...

6.1CVSS0.6AI score0.87218EPSS
Exploits4Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/02 3:30 p.m.73 views

Security Bulletin: IBM Spectrum Protect Client Web Interface is vulnerable to a clickjacking attack (CVE-2018-1853)

Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage...

6.1CVSS1.9AI score0.01183EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/12 9:20 p.m.73 views

Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3060 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, high...

7.1CVSS1.7AI score0.03683EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.73 views

Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH

Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details: CVEID: CVE-2016-10009...

7.8CVSS0.6AI score0.37431EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/05 2:30 p.m.73 views

Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.13.0. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Analytics. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been addressed in IBM GSKit. IBM Cogn...

10CVSS0.9AI score0.78675EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/23 4:30 p.m.73 views

Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager

Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...

9.8CVSS1.5AI score0.37925EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.73 views

Security Bulletin: Vulnerabilities in Bash affect the IBM Hyper-Scale Manager component of the XIV Management Tools (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Hyper-Scale Manager component of the XIV Management Tools...

10CVSS1.7AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.73 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on Dec 16, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

7.5CVSS1.4AI score0.57595EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.73 views

Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Vulnerabilities in Python, rpcbind, SQLite packages affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2014-4650 DESCRIPTION: Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failu...

9.8CVSS1.6AI score0.28319EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:47 p.m.73 views

Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the WebSphere Application Server vulnerability (CVE-2014-0964)

Summary There is a potential denial of service with Tivoli Netcool Service Quality Manager when running a Heartbleed scanning tool. Vulnerability Details CVE ID: CVE-2014-0964 DESCRIPTION: IBM WebSphere Application Server is not vulnerable to the Heartbleed vulnerability CVE-2014-0160 where secur...

7.5CVSS0.9AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:47 a.m.73 views

Security Bulletin: Vulnerability in IBM Rational ClearQuest with potential for TLS Attack (CVE-2013-0169)

Summary The IBM GSKit component used in Rational ClearQuest is susceptible to a Transport Layer Security protocol vulnerability known as "Lucky Thirteen." The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing dat...

2.6CVSS0.8AI score0.35584EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 1:54 a.m.72 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

9.3CVSS10AI score0.87806EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:50 a.m.72 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive...

7.8CVSS9.8AI score0.19753EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:58 a.m.72 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2002-0080 DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...

7.5CVSS9.4AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:57 a.m.72 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

10CVSS9.2AI score0.83223EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 9:31 a.m.72 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS9.5AI score0.08279EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 7:33 p.m.72 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...

5.9CVSS4.8AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 8:25 p.m.72 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.

Summary Db2 Web Query is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-20860 and CVE-2023-20862, a remote attacker...

9.8CVSS9AI score0.46836EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 6:39 p.m.72 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to remote code execution and failing to secure passwords due to multiple vulnerabilities

Summary IBM i Access Client Solutions is vulnerable to remote code execution due to a flaw which fails to authenticate the origin of a serialized object CVE-2023-45185, and insecurely storing passwords by allowing the password encryption key to be retrieved CVE-2023-45184 or decoded using a brute...

8.8CVSS7.2AI score0.01624EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.72 views

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in the Kernel

Summary IBM RackSwitch firmware products have addressed the following Kernel vulnerabilities. Vulnerability Details CVEID: CVE-2020-13974 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the drivers/tty/vt/keyboard.c...

7.8CVSS1.7AI score0.00617EPSS
Exploits1Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 5:29 p.m.72 views

Security Bulletin: IBM MQ is affected by a vulnerability in libcURL

Summary An issue was identified within the libcurl library that affects IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality. This is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID: CVE-2023-38039 DESCRIPTION: cURL libcurl ...

7.5CVSS6.5AI score0.62246EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000