Lucene search
K
IbmMost viewed

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/05/27 9:21 p.m.73 views

Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by IBM Engineering Systems Design Rhapsody RDM components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1. Vulnerability...

10CVSS2.2AI score0.99999EPSS
Exploits357Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 5:6 p.m.73 views

Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects DS8000 Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argumen...

10CVSS8.6AI score0.94859EPSS
Exploits29Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.73 views

Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031)

Summary IBM InfoSphere Master Data Management is vulnerable to a Novell NetIQ Sentinel issue and could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVE-ID: CVE-2016-1000031 DESCRIPTION: Novell NetIQ Sentinel could allow a remote attacker to execute...

7.5CVSS1.7AI score0.34731EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:33 p.m.73 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Python (CVE-2021-3733)

Summary Security Vulnerabilities affect IBM Cloud Private - Python Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class in urllib. By persuading a vict...

6.5CVSS0.9AI score0.04675EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.73 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Global Name Management (CVE-2019-2769, CVE-2019-2762, CVE-2019-2816).

Summary There are multiple vulnerabilities in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Global Name Management. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions...

2.5AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 11:45 p.m.73 views

Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224

Summary IBM HTTP Server powered by Apache for i is vulnerable to the issue described in the vulnerability details section. IBM i has addressed the applicable CVE in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to ...

8.2CVSS1.2AI score0.82295EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 6:1 a.m.73 views

Security Bulletin: Tivoli Netcool/OMNIbus WebGUI is vulnerable to Apache log4j vulnerability (CVE-2021-44228)

Summary Tivoli Netcool/OMNIbus WebGUI may be impacted by the vulnerability Apache Log4j CVE-2021-44228 through the use of Log4j-api. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server WAS component/product which are affected. Vulnerability...

10CVSS0.4AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:38 p.m.73 views

Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).

Summary NTP Network Time Protocol used to synchronize the time on your Power Hardware Management Console HMC with a centralized NTP server. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in...

7.5CVSS0.5AI score0.04071EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 9:10 p.m.73 views

Security Bulletin: Potential vulnerability with Node.js

Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic...

9.8CVSS1.5AI score0.69062EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:3 a.m.73 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

1AI score0.68067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/29 7:3 p.m.73 views

Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to remote attacker being able to execute arbitrary code to obtain sensitive information , the failure to restrict the number of message attachments, and disclosing sensitive information...

10CVSS1AI score0.33937EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/17 9:36 a.m.73 views

Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13934...

7.5CVSS1.2AI score0.87553EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/10 8:34 p.m.73 views

Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)

Summary JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting XSS Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attack...

6.9CVSS0.8AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.73 views

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze

Summary AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...

9.3CVSS0.9AI score0.82017EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/06 8:52 p.m.73 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-11358)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could...

6.1CVSS0.6AI score0.87218EPSS
Exploits4Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/02 3:30 p.m.73 views

Security Bulletin: IBM Spectrum Protect Client Web Interface is vulnerable to a clickjacking attack (CVE-2018-1853)

Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage...

6.1CVSS1.9AI score0.01183EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/12 9:20 p.m.73 views

Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3060 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, high...

7.1CVSS1.7AI score0.03683EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.73 views

Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH

Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. Vulnerability Details: CVEID: CVE-2016-10009...

7.8CVSS0.6AI score0.37431EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/05 2:30 p.m.73 views

Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.13.0. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Analytics. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been addressed in IBM GSKit. IBM Cogn...

10CVSS0.9AI score0.78675EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/23 4:30 p.m.73 views

Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager

Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...

9.8CVSS1.5AI score0.37925EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.73 views

Security Bulletin: Vulnerabilities in Bash affect the IBM Hyper-Scale Manager component of the XIV Management Tools (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Hyper-Scale Manager component of the XIV Management Tools...

10CVSS1.7AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.73 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on Dec 16, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

7.5CVSS1.4AI score0.57595EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.73 views

Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Vulnerabilities in Python, rpcbind, SQLite packages affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2014-4650 DESCRIPTION: Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failu...

9.8CVSS1.6AI score0.28319EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:47 p.m.73 views

Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the WebSphere Application Server vulnerability (CVE-2014-0964)

Summary There is a potential denial of service with Tivoli Netcool Service Quality Manager when running a Heartbleed scanning tool. Vulnerability Details CVE ID: CVE-2014-0964 DESCRIPTION: IBM WebSphere Application Server is not vulnerable to the Heartbleed vulnerability CVE-2014-0160 where secur...

7.5CVSS0.9AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:47 a.m.73 views

Security Bulletin: Vulnerability in IBM Rational ClearQuest with potential for TLS Attack (CVE-2013-0169)

Summary The IBM GSKit component used in Rational ClearQuest is susceptible to a Transport Layer Security protocol vulnerability known as "Lucky Thirteen." The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing dat...

2.6CVSS0.8AI score0.35584EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:25 a.m.72 views

Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423)

Summary Insufficient input validation in IBM Common Cryptographic Architecture CCA may affect Hardware Security Module HSM availability. An affected IBM 4767 or IBM 4769 HSM may be forced into a check-stop condition by specially-crafted requests from HSM users. Recovery from a check-stop conditio...

6.5CVSS5.3AI score0.00251EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:57 a.m.72 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

10CVSS9.2AI score0.83223EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 12:57 p.m.72 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to the...

7.5CVSS10AI score0.03174EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 10:8 p.m.72 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2398) and security restrictions bypass (CVE-2024-2466, CVE-2024-2004) due to cURL libcurl

Summary Vulnerabilities in cURL libcurl could allow a remote attacker to cause a denial of servce CVE-2024-2398 or bypass security restrictions CVE-2024-2466, CVE-2024-2004. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HM...

8.6CVSS6.9AI score0.36081EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 9:31 a.m.72 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS9.5AI score0.08279EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 7:33 p.m.72 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...

5.9CVSS4.8AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 4:54 p.m.72 views

Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository

Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...

9.8CVSS10AI score0.99615EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 8:25 p.m.72 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.

Summary Db2 Web Query is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-20860 and CVE-2023-20862, a remote attacker...

9.8CVSS9AI score0.46836EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.72 views

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in the Kernel

Summary IBM RackSwitch firmware products have addressed the following Kernel vulnerabilities. Vulnerability Details CVEID: CVE-2020-13974 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the drivers/tty/vt/keyboard.c...

7.8CVSS1.7AI score0.00617EPSS
Exploits1Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 5:29 p.m.72 views

Security Bulletin: IBM MQ is affected by a vulnerability in libcURL

Summary An issue was identified within the libcurl library that affects IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality. This is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID: CVE-2023-38039 DESCRIPTION: cURL libcurl ...

7.5CVSS6.5AI score0.62246EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 9:11 p.m.72 views

Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.10 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace...

9.3CVSS9.1AI score0.76249EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/18 9:56 a.m.72 views

Security Bulletin: Vulnerabilities in Certifi, cryptography, python-requests and Tornado can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore [CVE-2023-37920, CVE-2023-38325, CVE-2023-32681, CVE-2023-28370]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Certifi, cryptography, python-requests and Tornado which include obtaining sensitive information, phishing attacks and weaker security, as described by the CVEs in the "Vulnerability...

9.8CVSS7.2AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 10:42 a.m.72 views

Security Bulletin: Vulnerabilities found in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center [CVE-2017-12626 and X-Force ID: 220800]

Summary Multiple vulnerabilities have been identified in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published which addressed the applicable CVE 2017-1262 and X-Force ID: 2208...

7.5CVSS9.4AI score0.10248EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/18 8:18 a.m.72 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js with details below. CVE-2023-30584, CVE-2023-30585,...

7.7CVSS8.2AI score0.03906EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.72 views

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. The applicable CVEs are CVE-2016-7117 CVE-2016-6828 CVE-2016-102...

10CVSS9.1AI score0.24299EPSS
Exploits24Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 9:25 p.m.72 views

Security Bulletin: IBM Watson Assistant for Cloud pak for Data is affected by vulnerabilities in Pallets Werkzeug .

Summary Potential vulnerabilities in Pallets Werkzeug has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service,...

7.5CVSS6.5AI score0.0142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:39 p.m.72 views

Security Bulletin: There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40705)

Summary There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-40705 DESCRIPTION: Apache SOAP is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a...

7.5CVSS7.6AI score0.01414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:48 a.m.72 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SAN b-type Switches

Summary OpenSSL issues from March 2015 containing 12 CVE were disclosed. This bulletin addresses the vulnerabilities that have been referred to as Open SSL used by IBM SAN b-type Switches. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By...

7.5CVSS8.3AI score0.44503EPSS
Exploits1Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:48 a.m.72 views

Security Bulletin: IBM b-type SAN switches and directors affected by OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016].

Summary IBM b-type SAN switches and directors addressing OpenSSL Security Advisory 22 Sep 2016 and 26 Sep 2016 vulnerabilities. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation o...

10CVSS9.1AI score0.95707EPSS
Exploits9Affected Software12
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:12 a.m.72 views

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154

Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID ...

10CVSS9.1AI score0.06381EPSS
Exploits5Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/19 1:54 p.m.72 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

10CVSS10AI score0.70561EPSS
Exploits42Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/19 11:52 a.m.72 views

Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/17 5:35 p.m.72 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java...

7.8CVSS7AI score0.04513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 4:12 p.m.72 views

Security Bulletin: IBM DataPower Gateway affected by vulnerability in Java (CVE-2022-21626)

Summary IBM has addressed the CVE, which potentially affects JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service...

5.3CVSS5.5AI score0.01746EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/04 12:9 a.m.72 views

Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC

Summary BIND is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE Vulnerability Details CVEID:CVE-2021-25219 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw in response processing. By abusing a lame cache, an attacker could exploit th...

5.3CVSS5.7AI score0.08001EPSS
Exploits0Affected Software2
Total number of security vulnerabilities5000