Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/02/22 12:5 a.m.217 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)

Summary OpenSSL vulnerabilities were discllossed by the OpenSSL Project in October and November of 2018. IBM Spectrum Protect Plus uses OpenSSL and has addressed the applicable CVEs. 20 February 2020 - Changed fixing level from 10.1.5 to 10.1.5 patch1. 21 February 2020 - Provided link to 10.1.5...

5.9CVSS1.2AI score0.12154EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/18 3:5 p.m.214 views

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840

Summary There is a vulnerability in Apache Struts which the IBM FlashSystem™ V840 is susceptible. An exploit of that vulnerability CVE-2018-11776 could make the system susceptible to attacks which could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID:...

9.3CVSS1.1AI score0.99993EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/24 5:34 p.m.213 views

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

Summary IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4...

9.8CVSS1.1AI score0.99939EPSS
Exploits131Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 3:55 a.m.213 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure External Authentication Server (CVE-2021-44228)

Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitraty code on the system was addressed by IBM Secure External Authentication Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.6AI score0.99999EPSS
Exploits352Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 5:34 p.m.212 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager for Wireline(Deferred CVE-2020-2590 and CVE-2020-2601)

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager. This issues is disclosed as part of the IBM Java SDK updates for July 2020. Information about a security vulnerability affecting IBM WebSphere Application Server has...

0.1AI score0.04196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.211 views

Security Bulletin: IBM CICS TX Standard is vulnerable to several no confidentiality exposures due to IBM SDK, Java Technology Edition

Summary IBM SDK, Java Technology Edition is used by CICS TX Standard to run WebSphere Liberty, Fix Installer and Java based CICS applications. The fix removes the no confidentiality exposure vulnerabilities CVE-2022-21496, CVE-2022-21434 and CVE-2022-21443 from IBM SDK, JTE. Vulnerability Details...

5.3CVSS6.3AI score0.02651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/28 12:44 p.m.210 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6/7 used by ITCAM for SOA. ITCAM for SOA has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker ...

6.8CVSS2.1AI score0.03239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/12 8:0 p.m.209 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM InfoSphere Master Data Management (CVE-2021-44228 )

Summary There is a vulnerability in the Apache Log4j open source library used by IBM InfoSphere Master Data Management v11.6 and v12.0. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure...

10CVSS9.6AI score0.99999EPSS
Exploits350Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/10 9:6 p.m.208 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314,...

9.8CVSS10AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 2:20 p.m.207 views

Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services

Summary There are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulnerable to these issues. The fix includes Spring 5.3.20. Vulnerability Details CVEID: CVE-2022-22950...

9.8CVSS0.9AI score0.99677EPSS
Exploits103Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 3:51 p.m.207 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for System z (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Developer for System z. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could explo...

5CVSS1.5AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 2:1 p.m.205 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2021-3807 DESCRIPTION: Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression...

9.8CVSS7.2AI score0.37286EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/08 5:10 p.m.204 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2023-23477)

Summary IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been addressed. Vulnerability Details CVEID:CVE-2023-23477 DESCRIPTION: IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the...

9.8CVSS9.3AI score0.01949EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.203 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple IBM Java Runtime vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple IBM Java Runtime vulnerabilities. Vulnerability Details CVEID:CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. CVSS...

7.5CVSS6.4AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/26 8:52 p.m.203 views

Security Bulletin: IBM SPSS Statistics is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS1.2AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 7:29 p.m.200 views

Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-45046)

Summary IBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-45046 vulnerability. IBM Cognos Analytics has upgraded Apache Log4j to v2.16...

10CVSS7.5AI score0.99999EPSS
Exploits356Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/13 1:37 p.m.199 views

Security Bulletin: IBM Security Verify Privilege Products NOT Affected by CVE-2021-44228 Exploit

Summary IBM Security Verify Privilege Products NOT Affected by CVE-2021-44228 Exploit. Vulnerability Details OEM partner ThycoticCentrify, after conducting extensive research product code base, it is determined that none of the products outlined below are using the vulnerable Java library log4j...

10CVSS3.4AI score0.99999EPSS
Exploits350Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:44 p.m.199 views

InfoSphere Information Server Manager and the istool command may encounter errors after applying JR55455

Problem After applying JR55455, you might find that the istool command does not work correctly and that you cannot login to the Information Server Manager. Details of the fix for JR55455 can be found in the security bulletin http://www-01.ibm.com/support/docview.wss?uid=swg21982420 Symptom The...

Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/04 5:48 p.m.198 views

Security Bulletin: Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13943)

Summary Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2020-13943 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of...

4.3CVSS0.5AI score0.57286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/22 11:45 a.m.197 views

Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)

Summary Apache Log4j is used for logging in multiple components of the IBM Cloud Pak System CPS appliance: Logstash, VMware vCenter, IBM Hardware Management Console and product pattern type pType. Arbitrary code execution vulnerabilities have been identified in Apache Log4j. Vulnerability Details...

10CVSS10AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 1:26 p.m.197 views

Security Bulletin: IBM OpenPages with Watson has addressed security vulnerability in Apache Log4j (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker ...

10CVSS1.1AI score0.99999EPSS
Exploits350Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:32 a.m.196 views

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-6597 DESCRIPTION: Python could provide weaker than expected security, caused by an issue with tempfile.TemporaryDirectory fails removing...

8.6CVSS10AI score0.02945EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:3 p.m.196 views

Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011)

Summary IBM Security Network Protection has addressed vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2016-10011 DESCRIPTION: OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a privilege separation flaw. An attacker could exploit this...

7.8CVSS0.8AI score0.88944EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 2:27 p.m.194 views

Security Bulletin: IBM QRadar WinCollect agent has multiple vulnerabilities

Summary The product includes vulnerable components e.g., third party libraries that may be identified and exploited with automated tools. IBM QRadar WinCollect for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semanti...

9.1CVSS7.8AI score0.59501EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 6:34 p.m.194 views

Security Bulletin: IBM Content Navigator container deployments are vulnerable to a remote execution vulnerability (Log4j)

Summary IBM Content Navigator container deployments are vulnerable to a remote execution vulnerability. IBM Content Navigator has addressed the vulnerability as described below. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...

10CVSS1.5AI score0.99999EPSS
Exploits350Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 2:19 p.m.193 views

Security Bulletin: Cloudera Data Platform is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary IBM products for Cloudera Data Platform and Hortonworks Data Platform are affected by critical Apache Log4j vulnerability CVE-2021-44228. A malicious user could exploit this vulnerability to run arbitrary code as the user or service account running the affected software. The fix includes...

10CVSS7.6AI score0.99999EPSS
Exploits350Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/07 7:55 p.m.193 views

Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By...

5.6CVSS0.6AI score0.08101EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/28 4:30 a.m.193 views

Security Bulletin: IBM Security Guardium is affected by a Publicly disclosed Apache Struts vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when using results with no namespace and its upper action...

9.3CVSS1.8AI score0.99993EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 3:23 p.m.191 views

Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444)

Summary UPDATED Sep 13 Added iFix information for 7.1 TL5 SP10 and 7.2 TL4 SP6: A vulnerability in the AIX lpd printer daemon could allow a local user with elevated privileges to cause a denial of service CVE-2022-22444. The lpd daemon is the remote print server on AIX. Vulnerability Details...

5.5CVSS5.4AI score0.0023EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 10:39 a.m.191 views

Security Bulletin: IBM Telco Network Cloud Manager - Performance: Apache log4j Vulnerability (CVE-2021-44228)

Summary The IBM Telco Network Cloud Manager - Performance is affected by a security vulnerability. Apache Log4j is used by IBM Telco Network Cloud Manager - Performance as part of its UI service. This bulletin provides remediation for the vulnerability, CVE-2021-44228 by upgrading UI service of I...

10CVSS0.6AI score0.99999EPSS
Exploits350Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 1:7 p.m.189 views

Security Bulletin: Vulnerabilities in Apache Commons Codec affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management can lead to information disclosure

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache Commons Codec library. The vulnerability can lead t...

6.2AI score
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/22 4:46 p.m.189 views

Security Bulletin: Vulnerabilities in Oracle Java and the IBM Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968 and CVE-2023-21937 ) affect Power HMC

Summary IBM SDK, JAVA is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

7.4CVSS6.1AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 10:2 a.m.189 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

9.8CVSS9.9AI score0.8377EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 7:55 a.m.188 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Text (CVE-2022-42889)

Summary There is a vulnerability in Apache Commons Text used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-42889. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/16 11:30 a.m.188 views

Security Bulletin: IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)

Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and version 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE...

5.9CVSS5.4AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/03 9:10 p.m.188 views

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Monitoring shipped with IBM Systems Director Editions(CVE-2016-2183)

Summary IBM Tivoli Monitoring is shipped as a component of IBM Systems Director Editions. Information about a security vulnerability affecting IBM Tivoli Monitoring has been published in a security bulletin. Vulnerability Details Please consult the security bulletins listed below for the...

7.5CVSS6.6AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/05 7:44 p.m.188 views

Security Bulletin: Vulnerabilities in Apache Log4j impacts IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may impact the IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments due to their uses of Apache Log4j for logging of messages and...

10CVSS1.1AI score0.99999EPSS
Exploits354Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 5:37 p.m.188 views

Security Bulletin: IBM Security Access Manager has fixed a vulnerability in the log4j library shipped with the product. (CVE-2021-4104)

Summary The IBM Security Access Manager version 9.0 ships with a version of log4j that is vulnerable to CVE-2021-4104. The log4j library is no longer used by the IBM Security Access Manager product and a Fixpack has been provided to remove the unused library. Vulnerability Details CVEID:...

7.5CVSS2.2AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 9:33 p.m.186 views

Security Bulletin: Apache Log4j Vulnerability Afffects IBM Secure Proxy (CVE-2021-45046)

Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitrary code on the system was addressed by IBM Secure Proxy. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in...

10CVSS1AI score0.99999EPSS
Exploits352Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 12:23 p.m.185 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45105)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-45105. Vulnerabili...

5.9CVSS0.5AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 9:45 p.m.184 views

Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Asset Management (CVE-2023-43643)

Summary There is a vulnerability in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2023-43643 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using...

6.1CVSS6.4AI score0.00473EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/25 10:19 a.m.184 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2023-26115]

Summary Node.js word-wrap is used internally by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js word-wrap...

7.5CVSS7.1AI score0.01709EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/17 10:5 p.m.184 views

Security Bulletin: Vulnerability in EFS affects AIX (CVE-2021-29861)

Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Added iFix for 7.1 TL5 SP11 There is a vulnerability in EFS that affects AIX. Vulnerability Details CVEID:CVE-2021-29861 DESCRIPTION: IBM AIX could allow a non-privileged local user t...

6.2CVSS6.1AI score0.00258EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.184 views

Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Liberty for Java for IBM Cloud

Summary There are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Some HTTP/2...

7.5CVSS8AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 11:47 p.m.183 views

Security Bulletin: Vulnerability in IBM WebSphere Liberty affects IBM InfoSphere Global Name Management (CVE-2022-34165)

Summary The IBM WebSphere Liberty used in IBM InfoSphere Global Name Management is vulnerable to HTTP header injection when processing web requests. This problem is addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM...

5.4CVSS5.6AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 12:4 a.m.183 views

Security Bulletin: Apache Log4J vulnerability affects IBM Watson Studio Premium Add On in Cloud Pak for Data (CVE-2021-44228)

Summary Apache Log4j, used for logging in IBM Watson Studio Premium Add On in Cloud Pak for Data is impacted by the Apache Log4j vulnerability CVE-2021-44228. Customers are encouraged to take quick action to update their systems. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log...

10CVSS0.6AI score0.99999EPSS
Exploits350Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/29 2:30 p.m.182 views

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by improper...

9.8CVSS10AI score0.99957EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.182 views

Security Bulletin: Vulnerabilities in Network Security (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2015-7181 CVE-2015-7182 CVE-2015-7183)

Summary Vulnerabilities in Network Security NSS and Netscape Portable Runtime NSPR affect the IBM SAN Volume Controller and Storwize Family. Though the CVE descriptions below document the vunerbilities in the context of the Mozilla product, the IBM SAN Volume Controller and Storwize Family of...

9.8CVSS10AI score0.10238EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 3:40 p.m.181 views

Security Bulletin: OpenSSH for IBM i is vulnerable to a machine-in-the-middle attack due to a flaw in the SSH transport protocol. [CVE-2023-48795]

Summary OpenSSH used by IBM i is vulnerable to a machine-in-the-middle attack due to a flaw in the SSH transport protocol with certain extensions as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

5.9CVSS6.4AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/13 12:35 p.m.181 views

Security Bulletin: Vulnerabilities in openSSL and WebSphere Liberty affect IBM WIoTP MessageGateway (CVE-2022-22476 CVE-2019-11777 CVE-2022-22475 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292)

Summary There is a vulnerabilities in OpenSSL and WebSphere Liberty that affect IBM WIoTP MessageGateway. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for...

9.2AI score0.95764EPSS
Exploits6Affected Software1
Total number of security vulnerabilities5000