Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 6:5 p.m.71 views

Security Bulletin: IBM N Series Data ONTAP SMI-S Agent is affected by vulnerability in OpenSSL

Summary IBM N Series Data ONTAP SMI-S Agent is affected by vulnerability in OpenSSL CVE-2014-0160 Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker...

7.5CVSS7.4AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.71 views

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateway appliances (CVE-2014-3570, CVE-2015-0204)

Summary SSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM DataPower Gateway has addressed the corresponding applicable CVEs. Vulnerability Details CVEID: CVE-2014-35...

5CVSS6.1AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/12 12:7 p.m.71 views

Security Bulletin: Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-26116)

Summary A Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2020-26116 Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserti...

7.2CVSS0.6AI score0.0642EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/14 3:11 p.m.71 views

Security Bulletin: Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Vulnerabilities in Java are affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

4.3CVSS1.9AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/27 2:34 a.m.71 views

Security Bulletin: IBM QRadar Network Security is affected by Network Time Protocol (NTP) vulnerabilities (CVE-2020-11868, CVE-2020-13817)

Summary IBM QRadar Network Security is affected by Network Time Protocol NTP vulnerabilities of denial of service by flaw in ntpd, relying on unauthenticated IPv4 time sources in ntpd. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a...

7.5CVSS0.6AI score0.04071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/26 7:44 p.m.71 views

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this...

6.9CVSS0.5AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/11 9:17 p.m.71 views

Security Bulletin: IBM Cognos Controller 2020Q1 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller 10.4.1 IF4, 10.4.0 IF7, 10.3.1 IF13 and 10.3.0 FP1 IF14. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and the IBM® Runtime Environment Jav...

9.8CVSS0.4AI score0.94494EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.71 views

Security Bulletin: Multiple Vulnerabilities in OpenSSH affect IBM i

Summary OpenSSH is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-10009 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading of a specially crafted PKCS11 module across a...

7.8CVSS1.6AI score0.37431EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/12 6:0 p.m.71 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on APR 16, 2018 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVEID:...

7.5CVSS0.6AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/03 4:5 p.m.71 views

Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only mode. A remote...

7.8CVSS1.2AI score0.15716EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/23 6:8 a.m.71 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2014-0114, CVE-2016-1181, CVE-2016-1182, CVE-2012-1007)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

2.5AI score0.95821EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/16 10:15 a.m.71 views

Security Bulletin: Vulnerabilities in Bash affect IBM InfoSphere Guardium Database Activity Monitoring (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM InfoSphere Guardium Database Activity Monitoring. Vulnerability...

10CVSS1.5AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/22 3:56 a.m.71 views

Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities

Summary Some versions of Rational DOORS Web Access are shipped with an Apache Tomcat application server that contains security vulnerabilities. Apache Tomcat has been updated to incorporate fixes for these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1305 DESCRIPTION: Apache Tomcat coul...

6.5CVSS0.7AI score0.17716EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:32 a.m.71 views

Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS

Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.0.0 to 1.5.2.5 of IBM SONAS Vulnerability Details IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of...

9.8CVSS3.2AI score0.87598EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.71 views

Security Bulletin: IBM Security Access Manager for Web is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)

Summary Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. IBM Security Access Manager for Web...

9.8CVSS2.6AI score0.10238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:48 p.m.72 views

Security Bulletin: zlib vulnerability may affect IBM® SDK, Java™ Technology Edition

Summary zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVE IDs: CVE-2016-984...

9.8CVSS2.1AI score0.07489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:48 p.m.71 views

Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.

Summary IBM OpenPages GRC Platform has addressed potential security exposure due to multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVEID: CVE-2017-6056 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A...

9.8CVSS0.7AI score0.90338EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.71 views

Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect WebSphere DataPower XC10 Appliance

Summary There are multiple vulnerabilities in Network Time Protocol NTP implementation that is used by WebSphere DataPower XC10 Appliance. These vulnerabilities addressed include the ability to crash application and disable ntp service. Vulnerability Details CVEID: CVE-2016-7426 DESCRIPTION: NTP ...

7.5CVSS1.3AI score0.12367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:16 a.m.70 views

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability due to invscout (CVE-2022-36768)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to obtain root privileges CVE-2022-36768. Vulnerability Details CVEID:CVE-2022-36768 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtai...

8.4CVSS7.5AI score0.00214EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 12:57 p.m.70 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to the...

7.5CVSS10AI score0.03174EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/24 3:1 a.m.70 views

Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime

Summary The IBM SPSS Collaboration and Deployment Services using IBM Semeru Runtime Quarterly CPU - Jan 2023 - Includes OpenJDK January 2023 CPU plus CVE-2022-4304. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.9CVSS6.9AI score0.16195EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 7:56 a.m.70 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

10CVSS9.9AI score0.99999EPSS
Exploits138Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/13 3:43 p.m.70 views

Security Bulletin: Vulnerabilty in the .NET Core Framework may affect IBM Robotic Process Automation and could allow an attacker to remotely execute arbitrary code.

Summary There is a vulnerability in System.Drawing.Comman used by IBM Robotic Process Automation as part of the .NET Core framework. CVE-2021-24112. The vulnerability could allow an attacker to remotely execute arbitrary code. This bulletin identifies the security fixes to apply to address this...

9.8CVSS8.1AI score0.0327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 6:47 p.m.70 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...

7.8CVSS8.4AI score0.05794EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/18 8:4 p.m.70 views

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)

Summary IBM Security Guardium has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2023-0041 DESCRIPTION: IBM Security Guardium could allow a user to take over another user's session due to insufficient session expiration. CVSS Base score: 6.3 CVSS Temporal Score: See:...

8.8CVSS7.3AI score0.55367EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 2:44 p.m.70 views

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation

Summary Python, Apache Spark, Tensorflow and Traefik contain multiple vulnerabilities and are used by IBM Robotic Process Automation as part of Watson NLP CVE-2022-40898, CVE-2023-22946, CVE-2023-25658, CVE-2023-25659, CVE-2023-25660, CVE-2023-25661, CVE-2023-25662, CVE-2023-25663, CVE-2023-25664...

9.9CVSS9.1AI score0.02659EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/30 5:27 p.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in runtime errors, denial of service attacks, remote code execution, or remote access authentication bypass. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2018-17142 DESCRIPTION: Golang Go is...

9.3CVSS10AI score0.2241EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 2:1 p.m.70 views

Security Bulletin: IBM MQ as used by IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM MQ as used by IBM QRadar SIEM contains multiple vulnerabilities. IBM QRadar SIEM has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2020-4682 DESCRIPTION: IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code ...

10CVSS8.1AI score0.0769EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 6:54 p.m.70 views

Security Bulletin: IBM Integration Bus is vulnerable to a remote attack due to Apache Jena (CVE-2021-39239, CVE-2022-28890, CVE-2023-22665).

Summary IBM Integration Bus is vulnerable to a remote attack due to Apache Jena CVE-2021-39239, CVE-2022-28890, CVE-2023-22665. Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of...

9.8CVSS7.2AI score0.04007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 8:52 a.m.70 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-31047 DESCRIPTION: Django could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker...

9.8CVSS9.1AI score0.70425EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/08 9:14 p.m.70 views

Security Bulletin: cURL as used by IBM QRadar WinCollect Agent contains multiple vulnerabilities

Summary cURL as used by IBM QRadar WinCollect Agent contains multiple vulnerabilities. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2023-27533 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a TELNET option IAC...

8.8CVSS8.2AI score0.02195EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/09 5:3 p.m.70 views

Security Bulletin: OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities.

Summary OpenSSL for IBM i is vulnerable to a denial of service caused by error in certificate verification CVE-2023-0464, a denial of service caused by arbitrary pointers to memcmp CVE-2023-0286, denial of service caused by a double-free error CVE-2022-4450, denial of service caused by...

7.5CVSS8AI score0.59501EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.70 views

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a remote...

9CVSS9.1AI score0.0802EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/20 8:51 a.m.70 views

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2023-25921, CVE-2023-25926, CVE-2023-25685, CVE-2023-25922, CVE-2023-25925)

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 and v4.1.1.7. Please upgrade to GKLM v4.2 or apply the latest fix packs 4.1.1 FP 7 for the fixes...

8.8CVSS7AI score0.01379EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/20 3:3 p.m.71 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to server-side request forgery due to Apache CXF CVE-2022-46364 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS9.4AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 6:50 p.m.70 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to SnakeYAML

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from SnakeYAML. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

7.5CVSS7.2AI score0.02191EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 11:35 a.m.70 views

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service attacks due to snakeYAML

Summary SnakeYAML is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service attacks. CVE-2022-25857, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749, CVE-2022-38750 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package...

7.5CVSS6.7AI score0.02191EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:6 p.m.70 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...

9.8CVSS8.6AI score0.3197EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/19 7:41 p.m.70 views

Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)

Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could...

7.5CVSS7.3AI score0.01448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 1:21 p.m.70 views

Security Bulletin: Apache POI up to 4.1.0 allows an attacker while converting user-provided document to XML

Summary In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker​​. Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive...

5.5CVSS7.6AI score0.0099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/16 8:43 p.m.70 views

Security Bulletin: IBM Planning Analytics Workspace is affected by a vulnerability [CVE-2022-31129]

Summary IBM Planning Analytics Workspace is affected by a vulnerability. Moment.js is a library used to parse, validate, manipulate, and display dates and times in JavaScript. This vulnerability has been addressed. CVE-2022-31129 Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...

7.5CVSS7.5AI score0.04923EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/19 11:40 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server April 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates...

5.3CVSS5.7AI score0.02651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/11 8:56 a.m.70 views

Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 04 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...

7.5CVSS7.4AI score0.99298EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 6:12 p.m.70 views

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)

Summary Vulnerabilities in libcurl such as denial of service and man-in-the-middle attacks may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID:CVE-2022-32206 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable "links" ...

6.5CVSS7.5AI score0.3197EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/25 2:3 a.m.70 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2020-14039 DESCRIPTION: Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements...

9.8CVSS9.9AI score0.27392EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 5:38 p.m.70 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues due to Eclipse Jetty

Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Sterling Secure Proxy has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw i...

7.5CVSS6.9AI score0.99298EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 5:36 p.m.70 views

Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty

Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Secure External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions,...

7.5CVSS6.9AI score0.99298EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 4:1 p.m.70 views

Security Bulletin: Java Spring vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2022-22965)

Summary IBM Watson Knowledge Catalog in Cloud Pak for Data is potentially vulnerable to arbitrary code execution due to Java Spring data binding vulnerability CVE-2022-22965. Vulnerability Details CVEID: CVE-2022-22965 DESCRIPTION: Spring Framework could allow a remote attacker to execute arbitra...

9.8CVSS1.2AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 2:48 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On due to Expat vulnerabilities

Summary There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server CVE-2022-25313, CVE-2022-25315, CVE-2022-25235,CVE-2022-25236, CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825,...

10CVSS1.5AI score0.34174EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.70 views

Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects IBM Security Network Intrusion Prevention System (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused b...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000