Lucene search
K
IbmMost viewed

35680 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/12/19 7:41 p.m.70 views

Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)

Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could...

7.5CVSS7.3AI score0.01448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 1:21 p.m.70 views

Security Bulletin: Apache POI up to 4.1.0 allows an attacker while converting user-provided document to XML

Summary In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker​​. Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive...

5.5CVSS7.6AI score0.0099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/16 8:43 p.m.70 views

Security Bulletin: IBM Planning Analytics Workspace is affected by a vulnerability [CVE-2022-31129]

Summary IBM Planning Analytics Workspace is affected by a vulnerability. Moment.js is a library used to parse, validate, manipulate, and display dates and times in JavaScript. This vulnerability has been addressed. CVE-2022-31129 Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...

7.5CVSS7.5AI score0.04923EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/19 11:40 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server April 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates...

5.3CVSS5.7AI score0.02805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/11 8:56 a.m.70 views

Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 04 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...

7.5CVSS7.4AI score0.99298EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 6:12 p.m.70 views

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)

Summary Vulnerabilities in libcurl such as denial of service and man-in-the-middle attacks may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID:CVE-2022-32206 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable "links" ...

6.5CVSS7.5AI score0.3197EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 5:37 p.m.70 views

Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

10CVSS10AI score0.99998EPSS
Exploits122Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/25 2:3 a.m.70 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2020-14039 DESCRIPTION: Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements...

9.8CVSS9.9AI score0.27392EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/11 9:14 a.m.70 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022

Summary In addition to many updates of open source packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF011 and 22.0.1-IF001. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to...

9.8CVSS9.3AI score0.70561EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 5:38 p.m.70 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues due to Eclipse Jetty

Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Sterling Secure Proxy has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw i...

7.5CVSS6.9AI score0.99298EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 5:36 p.m.70 views

Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty

Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Secure External Authentication Server has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions,...

7.5CVSS6.9AI score0.99298EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 5:5 p.m.70 views

Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the following fix for IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID: CVE-2019-11251 DESCRIPTION: Kubernetes could allow a remote attacker to...

9.8CVSS10.2AI score0.86978EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 4:1 p.m.70 views

Security Bulletin: Java Spring vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2022-22965)

Summary IBM Watson Knowledge Catalog in Cloud Pak for Data is potentially vulnerable to arbitrary code execution due to Java Spring data binding vulnerability CVE-2022-22965. Vulnerability Details CVEID: CVE-2022-22965 DESCRIPTION: Spring Framework could allow a remote attacker to execute arbitra...

9.8CVSS1.2AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 8:52 a.m.70 views

Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.

Summary Linux Kernel used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2020-27777 . Vulnerability Details CVEID: CVE-2020-27777 DESCRIPTION: Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security...

7.2CVSS1.6AI score0.00501EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 2:48 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On due to Expat vulnerabilities

Summary There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server CVE-2022-25313, CVE-2022-25315, CVE-2022-25235,CVE-2022-25236, CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825,...

10CVSS1.5AI score0.34174EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/29 12:31 a.m.70 views

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j

Summary There are vulnerabilities in the version of Apache Log4j that is used by IBM Data Virtualization on Cloud Pak for Data CVE-2021-45046 and CVE-2021-45105 which is used for logging. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...

10CVSS7.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/25 2:48 p.m.70 views

Security Bulletin: Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)

Summary There are multiple vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307 as described in the vulnerability details section. Apache Log4j v1 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM h...

9.8CVSS10.1AI score0.81147EPSS
Exploits10Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 11:47 p.m.70 views

Security Bulletin: Apache commons-compress security vulnerabilities in IBM Content Manager

Summary Apache commons-compress security vulnerabilities in IBM Content Navigator ICN toolkit affecting Administration Console for Content Platform Engine ACCE Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...

7.5CVSS7.8AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 3:27 a.m.70 views

Security Bulletin: IBM QRadar Network Security is NOT Affected by CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 exploits

Summary IBM QRadar Network Security is NOT Affected by CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 exploits. IBM QRadar Network Security uses WebSphere Liberty as application server. Liberty package contains log4j binaries, however they are not used by Liberty & IBM QRadar...

10CVSS0.8AI score0.99999EPSS
Exploits356Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 4:19 a.m.70 views

Security Bulletin: IBM Security Directory Integrator NOT Affected by CVE-2021-44228 Exploit

Summary IBM Security Directory Integrator NOT Affected by CVE-2021-44228 Exploit. Vulnerability Details After conducting extensive research on product code base, it is determined that all versions of IBM Security Directory Integrator are not vulnerable to Java library Apache log4j v2 with JNDI...

10CVSS3.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 1:32 p.m.70 views

Security Bulletin: IBM Application Navigator is vulnerable to an remote attacker exploitation of Apache Log4j (CVE-2021-44228)

Summary The IBM Application Navigator contains a copy of Apache Log4j which is not used by the IBM Application Navigator function. Out of an abundance of caution this update removes the unused copy of Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow ...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/13 2:44 p.m.70 views

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Summary There are multiple Ruby vulnerabilities that affect IBM Cloud Foundry Migration Runtime that could cause a denial of service, HTTP response splitting, a remote attacker to bypass security restrictions, a remote attacker to obtain sensitive information, a local attacker to gain unauthorize...

8.1CVSS9.9AI score0.0865EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/26 5:24 p.m.70 views

Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications

Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Axis.jar V1.x Vulnerability Details CVEID: CVE-2018-8032 DESCRIPTION: Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default...

7.5CVSS0.9AI score0.86503EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/29 6:58 p.m.70 views

Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January 2020, April 2020 and July 2020. IBM Cognos Business Intelligence has addressed the applicable...

9.8CVSS1AI score0.87553EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/03 2:31 a.m.70 views

Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-2991 DESCRIPTION: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.017 and prior. Easily exploitable...

6.5CVSS1AI score0.03726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/02 5:21 p.m.70 views

Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via HTTP/2.

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and...

7.8CVSS0.4AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/19 3:30 p.m.70 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has...

10CVSS0.5AI score0.49024EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/06 7:5 p.m.70 views

Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities

Summary IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities Vulnerability Details CVEID: CVE-2019-9500 DESCRIPTION: CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159642 for the current score. CVSS Vector:...

8.4CVSS0.4AI score0.05789EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/07 12:45 p.m.70 views

Security Bulletin: Potential denial of service in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2018-10237)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

5.9CVSS3.7AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.70 views

Security Bulletin: Vulnerability in Linux Kernel affects IBM RackSwitch Products (CVE-2017-6214)

Summary IBM RackSwitch Products have addressed the following vulnerability in Linux Kernel. Vulnerability Details Summary IBM RackSwitch Products have addressed the following vulnerability in Linux Kernel. Vulnerability Details: CVEID: CVE-2017-6214 Description: Linux Kernel is vulnerable to a...

7.5CVSS1.1AI score0.04666EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.70 views

Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module

Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on TLS 1.2, affect IBM Flex System Chassis Management Module. Vulnerability Details Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on...

10CVSS0.6AI score0.50129EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/05 7:50 p.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to...

9CVSS1AI score0.07215EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 3:50 p.m.70 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)

Summary An OpenSSL vulnerability was disclosed on June 12 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused b...

7.5CVSS0.9AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:38 a.m.70 views

Security Bulletin: Vulnerabilities in Apache HTTPD affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in Apache HTTPD. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-9788 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by the failure to properly initialize memory used to process ''Digest''...

9.8CVSS1.5AI score0.57472EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - April 2015

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 5, 6 and 7, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses the RC4 Bar Mitzvah Attack for...

5CVSS0.8AI score0.98685EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.70 views

Security Bulletin: Vulnerability in SSLv3 affects TS4500 (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in TS4500. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused ...

4.3CVSS2.3AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.70 views

Security Bulletin: Vulnerabilities in Bash affect IBM System Storage Storwize V7000 Unified (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM System Storage Storwize V7000 Unified. Vulnerability Details The following vulnerabilities are only exploitable by users who already ha...

10CVSS1.3AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:4 p.m.70 views

Security Bulletin: A security vulnerability has been identified in the IBM HTTP server component of IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2017-12618)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Please consult the security...

7.5CVSS0.7AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:47 p.m.70 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.7.0. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8. These issues were disclosed as part of the IBM Java SDK updates in July 2016, October 2016, January 201...

9.8CVSS1.2AI score0.95707EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:56 a.m.70 views

IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6

Abstract Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR13FP1 and earlier. Content VULNERABILITY DETAILS There are multiple security vulnerabilities in the IBM Java Runtime Environment used in WebSphere Cast Iron. CVE...

10CVSS9.6AI score0.22753EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:41 a.m.69 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

9.8CVSS9.8AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:37 a.m.69 views

Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...

9.8CVSS9.9AI score0.96121EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/03 11:21 p.m.69 views

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...

10CVSS10AI score0.10608EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:38 a.m.69 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly consider...

9.8CVSS9.1AI score0.05623EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.69 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573...

9.8CVSS6.8AI score0.99957EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/25 4:14 p.m.69 views

Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. These fixes resolve the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere...

7.5CVSS6.9AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 5:15 a.m.69 views

Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper...

9.8CVSS9.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/11 10:15 p.m.69 views

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425, CVE-2023-52426, CVE-2023-6597)

Summary Vulnerabilities in Python could allow a remote or local attacker to cause a denial of service CVE-2023-52425, CVE-2023-52426 or launch further attacks on the system CVE-2023-6597. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2023-524...

7.8CVSS7.1AI score0.01815EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 7:37 p.m.69 views

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities (CVE-2024-1597, CVE-2023-26159)

Summary IBM Security Verify Information Queue ISIQ v10.0.8 has addressed vulnerabilities in the third-party libraries with an update. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted...

10CVSS8.6AI score0.0481EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/04 6:35 p.m.69 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections caus...

6.5CVSS5.4AI score0.00592EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000