Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/01/29 12:31 a.m.70 views

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j

Summary There are vulnerabilities in the version of Apache Log4j that is used by IBM Data Virtualization on Cloud Pak for Data CVE-2021-45046 and CVE-2021-45105 which is used for logging. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...

10CVSS7.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/25 2:48 p.m.70 views

Security Bulletin: Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)

Summary There are multiple vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307 as described in the vulnerability details section. Apache Log4j v1 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM h...

9.8CVSS10.1AI score0.81147EPSS
Exploits10Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 11:47 p.m.70 views

Security Bulletin: Apache commons-compress security vulnerabilities in IBM Content Manager

Summary Apache commons-compress security vulnerabilities in IBM Content Navigator ICN toolkit affecting Administration Console for Content Platform Engine ACCE Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...

7.5CVSS7.8AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 4:19 a.m.70 views

Security Bulletin: IBM Security Directory Integrator NOT Affected by CVE-2021-44228 Exploit

Summary IBM Security Directory Integrator NOT Affected by CVE-2021-44228 Exploit. Vulnerability Details After conducting extensive research on product code base, it is determined that all versions of IBM Security Directory Integrator are not vulnerable to Java library Apache log4j v2 with JNDI...

10CVSS3.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 1:32 p.m.70 views

Security Bulletin: IBM Application Navigator is vulnerable to an remote attacker exploitation of Apache Log4j (CVE-2021-44228)

Summary The IBM Application Navigator contains a copy of Apache Log4j which is not used by the IBM Application Navigator function. Out of an abundance of caution this update removes the unused copy of Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow ...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/13 2:44 p.m.70 views

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Summary There are multiple Ruby vulnerabilities that affect IBM Cloud Foundry Migration Runtime that could cause a denial of service, HTTP response splitting, a remote attacker to bypass security restrictions, a remote attacker to obtain sensitive information, a local attacker to gain unauthorize...

8.1CVSS9.9AI score0.0865EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/26 5:24 p.m.70 views

Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications

Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Axis.jar V1.x Vulnerability Details CVEID: CVE-2018-8032 DESCRIPTION: Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default...

7.5CVSS0.9AI score0.86503EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/18 3:46 p.m.70 views

Security Bulletin: Vulnerabilities in XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js affect IBM Spectrum Control

Summary Multiple vulnerabiilities in XStream, Apache HTTP components, FasterXML Jackson Databind, OpenSSL, and Node.js may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when unmarshallin...

9.3CVSS0.9AI score0.85001EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/29 6:58 p.m.70 views

Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January 2020, April 2020 and July 2020. IBM Cognos Business Intelligence has addressed the applicable...

9.8CVSS1AI score0.87553EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/27 11:48 p.m.70 views

Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-8169 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to...

7.8CVSS0.5AI score0.53336EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/02 8:22 p.m.70 views

Security Bulletin: Vulnerability in OpenSSH affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-5600)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in OpenSSH. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in OpenSSH. Vulnerability Details: CVE-ID: CVE-2015-5600 Description:...

8.5CVSS0.7AI score0.09302EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/02 5:21 p.m.70 views

Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via HTTP/2.

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and...

7.8CVSS0.4AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/19 3:30 p.m.70 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has...

10CVSS0.5AI score0.49024EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.70 views

Security Bulletin: Java CVE-2015-2590

Summary An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact and affects IBM i java. Vulnerability Details CVEID: CVE-2015-2590 DESCRIPTION: An unspecified vulnerability and Java SE Embedde...

10CVSS1.9AI score0.25469EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/06 7:5 p.m.70 views

Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities

Summary IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities Vulnerability Details CVEID: CVE-2019-9500 DESCRIPTION: CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159642 for the current score. CVSS Vector:...

8.4CVSS0.4AI score0.05789EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/07 12:45 p.m.70 views

Security Bulletin: Potential denial of service in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2018-10237)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

5.9CVSS3.7AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.70 views

Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module

Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on TLS 1.2, affect IBM Flex System Chassis Management Module. Vulnerability Details Summary The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 "SLOTH" vulnerability on...

10CVSS0.6AI score0.50129EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/05 7:50 p.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to...

9CVSS1AI score0.07215EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/15 3:50 p.m.70 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)

Summary An OpenSSL vulnerability was disclosed on June 12 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused b...

7.5CVSS0.9AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:38 a.m.70 views

Security Bulletin: Vulnerabilities in Apache HTTPD affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in Apache HTTPD. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-9788 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by the failure to properly initialize memory used to process ''Digest''...

9.8CVSS1.5AI score0.57472EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - April 2015

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 5, 6 and 7, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses the RC4 Bar Mitzvah Attack for...

5CVSS0.8AI score0.98685EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.70 views

Security Bulletin: Vulnerability in SSLv3 affects TS4500 (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in TS4500. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused ...

4.3CVSS2.3AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.70 views

Security Bulletin: Vulnerabilities in Bash affect IBM System Storage Storwize V7000 Unified (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM System Storage Storwize V7000 Unified. Vulnerability Details The following vulnerabilities are only exploitable by users who already ha...

10CVSS1.3AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:4 p.m.70 views

Security Bulletin: A security vulnerability has been identified in the IBM HTTP server component of IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2017-12618)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Please consult the security...

7.5CVSS0.7AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:47 p.m.70 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.7.0. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8. These issues were disclosed as part of the IBM Java SDK updates in July 2016, October 2016, January 201...

9.8CVSS1.2AI score0.95707EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:56 a.m.70 views

IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6

Abstract Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR13FP1 and earlier. Content VULNERABILITY DETAILS There are multiple security vulnerabilities in the IBM Java Runtime Environment used in WebSphere Cast Iron. CVE...

10CVSS9.6AI score0.22753EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:41 a.m.69 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

9.8CVSS9.8AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/03 11:21 p.m.69 views

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...

10CVSS10AI score0.10608EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:38 a.m.69 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly consider...

9.8CVSS9.1AI score0.05623EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/11 10:15 p.m.69 views

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425, CVE-2023-52426, CVE-2023-6597)

Summary Vulnerabilities in Python could allow a remote or local attacker to cause a denial of service CVE-2023-52425, CVE-2023-52426 or launch further attacks on the system CVE-2023-6597. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2023-524...

7.8CVSS7.1AI score0.01815EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 7:37 p.m.69 views

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities (CVE-2024-1597, CVE-2023-26159)

Summary IBM Security Verify Information Queue ISIQ v10.0.8 has addressed vulnerabilities in the third-party libraries with an update. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted...

10CVSS8.6AI score0.0481EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/04 6:35 p.m.69 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections caus...

6.5CVSS5.4AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/04 7:22 a.m.69 views

Security Bulletin: urllib3-1.26.16-py2.py3-none-any.whl (Publicly disclosed vulnerability found by Mend) was vulnerable to this CVE-2023-43804

Summary Security Bulletin: urllib3-1.26.16-py2.py3-none-any.whl Publicly disclosed vulnerability found by Mend was vulnerable to this CVE-2023-43804 : This bulltetin identifies the vulnerability and it's solution. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remot...

8.1CVSS6.8AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.69 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.

Summary The following vulnerability in PHP has been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2018-19518 DESCRIPTION: University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by...

8.5CVSS1.2AI score0.9523EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/06 9:40 a.m.69 views

Security Bulletin: Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 (CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325).

Summary Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325. IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 have addressed the applicable issues. Vulnerability Details CVEID:CVE-2023-3978 DESCRIPTION:...

7.5CVSS8.3AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 2:7 p.m.70 views

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...

9.8CVSS8.3AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/26 8:26 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2023-32005 DESCRIPTION: Node.js could allow a remote attacker to obtain sensitive information, caused by the failure to restrict file stats through the fs.statfs API in...

9.8CVSS8.3AI score0.03906EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 9:3 a.m.69 views

Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM Application Performance Management products

Summary Apache Commons FileUpload is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not...

9.8CVSS9AI score0.83175EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/22 7:8 a.m.69 views

Security Bulletin: IBM Storage Protect Space Management is vulnerable to confidentiality impact, availability impact, integrity impact, and arbitrary code execution due to multiple CVEs in IBM Java

Summary IBM Storage Protect Space Management is affected by multiple vulnerabilities in IBM Java: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597. The vulnerabilties can lead to high confidentiality impact, high high...

9.1CVSS8.5AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/11 2:9 p.m.69 views

Security Bulletin: Vulnerabilities in IBM Websphere Application Server affects IBM Application Performance Management.

Summary IBM Websphere Application Server - Liberty is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated...

9.8CVSS8.2AI score0.46836EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/01 7:58 p.m.69 views

Security Bulletin: Multiple denial of Service vulnerabilities in snappy-java may affect IBM Business Automation Workflow (CVE-2023-34453, CVE-2023-34454, CVE-2023-34455)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Serivce attack. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request, a remote...

7.5CVSS6.9AI score0.01762EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/01 4:2 p.m.69 views

Security Bulletin: IBM MQ Explorer is affected by vulnerabilities in Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)

Summary IBM MQ is affected by vulnerabilites in Eclipse Jetty. This is used in the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

5.3CVSS5.9AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/22 4:30 p.m.69 views

Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities

Summary IBM Security Directory Integrator has addressed several security issues in open source packages. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2018-1270 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS9.9AI score0.98518EPSS
Exploits65Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.69 views

Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM) (CVE-2015-3200)

Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details: CVE-ID: CVE-2015-3200 Description: lighttpd could...

7.5CVSS7.5AI score0.09978EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.69 views

Security Bulletin: Vulnerability in the Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-6214)

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems have addressed the following vulnerability in the Linux Kernel. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems have addressed the followin...

7.5CVSS8.3AI score0.04666EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.69 views

Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the GUI may allow an authenticated attacker to escalate their privilege on IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. Vulnerability Details CVEID:CVE-2022-43873 DESCRIPTION: An authenticated user can exploit a...

8.8CVSS7.7AI score0.00614EPSS
Exploits0Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.69 views

Security Bulletin: Vulnerability in Network Security Services (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2730)

Summary There is a vulnerability in Network Security Services NSS that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed by Mozilla in July 2015. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Network Security Services NSS before 3.19.1 does no...

4.3CVSS4.2AI score0.03594EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 11:20 a.m.69 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox ESR have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Firefox ESR CVE-2023-23599, CVE-2023-23603, CVE-2023-23605, CVE-2023-23602, CVE-2023-23601, CVE-2023-23598. Firefox ESR is used by APM Synthetic Playback Agent for running the selenium scripts. The fix includes support for Firefox 102.7 ESR...

8.8CVSS9.1AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/17 10:4 p.m.69 views

Security Bulletin: Vulnerability in libc affects AIX (CVE-2021-29860)

Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Added iFix for 7.1 TL5 SP11 There is a vulnerability in the libc.a library that affects AIX. Vulnerability Details CVEID:CVE-2021-29860 DESCRIPTION: IBM AIX could allow a non-privileg...

6.2CVSS6.1AI score0.00258EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 1:51 p.m.69 views

Security Bulletin: Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package(CVE-2022-26336)

Summary Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. By persuading a victim to open a specially-crafted TNEF file, a remote attacker could exploit this vulnerability to cause the server to crashCVE-2022-26336 Vulnerability Details...

5.5CVSS5.5AI score0.0152EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000