Lucene search
K
IbmMost viewed

35680 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/07 10:45 p.m.•69 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.

Summary The following vulnerability in PHP has been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2018-19518 DESCRIPTION: University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by...

8.5CVSS1.2AI score0.9523EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/25 8:19 p.m.•69 views

Security Bulletin: IBM HTTP Server is vulnerable to information disclosure due to the included Apache HTTP Server (CVE-2023-31122)

Summary IBM HTTP Server is vulnerable to information disclosure when using the modmacro module due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2023-31122 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an out-of-boun...

7.5CVSS7.4AI score0.02978EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/28 3:14 a.m.•69 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-30428, CVE-2023-30429, CVE-2023-37579 and CVE-2023-31007 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30428 DESCRIPTION: Apache Pulsar could allow a...

9.6CVSS6.9AI score0.00733EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/27 2:7 p.m.•70 views

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...

9.8CVSS8.3AI score0.0193EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/26 8:26 a.m.•70 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2023-32005 DESCRIPTION: Node.js could allow a remote attacker to obtain sensitive information, caused by the failure to restrict file stats through the fs.statfs API in...

9.8CVSS8.3AI score0.03906EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/25 9:3 a.m.•69 views

Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM Application Performance Management products

Summary Apache Commons FileUpload is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not...

9.8CVSS9AI score0.83175EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/22 7:8 a.m.•69 views

Security Bulletin: IBM Storage Protect Space Management is vulnerable to confidentiality impact, availability impact, integrity impact, and arbitrary code execution due to multiple CVEs in IBM Java

Summary IBM Storage Protect Space Management is affected by multiple vulnerabilities in IBM Java: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597. The vulnerabilties can lead to high confidentiality impact, high high...

9.1CVSS8.5AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/15 5:44 a.m.•69 views

Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products

Summary Multiple vulnerabilities in jackson-databind-2 used by IBM Application Performance Management. The vulnerabilites below have been addressed. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based...

10CVSS10AI score0.49727EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/11 2:9 p.m.•69 views

Security Bulletin: Vulnerabilities in IBM Websphere Application Server affects IBM Application Performance Management.

Summary IBM Websphere Application Server - Liberty is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated...

9.8CVSS8.2AI score0.46836EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/01 7:58 p.m.•69 views

Security Bulletin: Multiple denial of Service vulnerabilities in snappy-java may affect IBM Business Automation Workflow (CVE-2023-34453, CVE-2023-34454, CVE-2023-34455)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Serivce attack. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request, a remote...

7.5CVSS6.9AI score0.01762EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/01 4:2 p.m.•69 views

Security Bulletin: IBM MQ Explorer is affected by vulnerabilities in Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)

Summary IBM MQ is affected by vulnerabilites in Eclipse Jetty. This is used in the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

5.3CVSS5.9AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/29 9:0 p.m.•69 views

Security Bulletin: protobuf.js component is vulnerable which is used by IBM Maximo Application Suite [CVE-2023-36665]

Summary IBM Maximo Application Suite uses protobuf.js package which is vulnerable to CVE-2023-36665. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototyp...

9.8CVSS9.8AI score0.01683EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/06 5:6 a.m.•69 views

Security Bulletin: [All] Spring Framework (Publicly disclosed vulnerability)

Summary In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. This effects ITN...

9.6CVSS7.6AI score0.10736EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/14 2:32 p.m.•69 views

Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM) (CVE-2015-3200)

Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details: CVE-ID: CVE-2015-3200 Description: lighttpd could...

7.5CVSS7.5AI score0.09978EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/04 4:2 p.m.•69 views

Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP request splitting when using modproxy or the Web Server Plug-in due to the included Apache HTTP Server. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION...

9.8CVSS9.4AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/31 2:46 p.m.•69 views

Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

Summary Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability. CVE-2021-44142 Vulnerability Details CVEID:CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the...

9CVSS8.9AI score0.74042EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•69 views

Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the GUI may allow an authenticated attacker to escalate their privilege on IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. Vulnerability Details CVEID:CVE-2022-43873 DESCRIPTION: An authenticated user can exploit a...

8.8CVSS7.7AI score0.00614EPSS
Exploits0Affected Software13
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•69 views

Security Bulletin: Vulnerability in Network Security Services (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2730)

Summary There is a vulnerability in Network Security Services NSS that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed by Mozilla in July 2015. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Network Security Services NSS before 3.19.1 does no...

4.3CVSS4.2AI score0.03594EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/21 11:20 a.m.•69 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox ESR have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Firefox ESR CVE-2023-23599, CVE-2023-23603, CVE-2023-23605, CVE-2023-23602, CVE-2023-23601, CVE-2023-23598. Firefox ESR is used by APM Synthetic Playback Agent for running the selenium scripts. The fix includes support for Firefox 102.7 ESR...

8.8CVSS9.1AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/17 10:4 p.m.•69 views

Security Bulletin: Vulnerability in libc affects AIX (CVE-2021-29860)

Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Added iFix for 7.1 TL5 SP11 There is a vulnerability in the libc.a library that affects AIX. Vulnerability Details CVEID:CVE-2021-29860 DESCRIPTION: IBM AIX could allow a non-privileg...

6.2CVSS6.1AI score0.00258EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:14 p.m.•69 views

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a remote attacker to obtain sensitive information, caused by storin...

8.6CVSS8.5AI score0.05524EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 4:36 p.m.•69 views

Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint has addressed multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera High-Speed Transfer Server 4.4.1 and Aspera High-Speed Transfer Endpoint 4.4.1 Vulnerability Details CVEID:CVE-2022-27774 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain...

7.5CVSS7.3AI score0.03425EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/12 9:59 p.m.•69 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim (CVE-2022-1621)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim CVE-2022-1621 caused by improper bounds checking in the vimstrncpy findword component. Vim is used as part of the base image included in our service components. Please read...

7.8CVSS8AI score0.02303EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/06 9:23 p.m.•69 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...

6.8CVSS9.9AI score0.99931EPSS
Exploits56Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 10:56 a.m.•69 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...

6.8CVSS9.2AI score0.1593EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/05 7:0 p.m.•69 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple Node.js vulnerabilities. Vulnerability Details CVEID:CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit...

9.8CVSS9.4AI score0.37286EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/17 8:48 a.m.•69 views

Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)

Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a double-free flaw in the error/cleanup...

9.8CVSS9AI score0.04325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/08 4:44 p.m.•69 views

Security Bulletin: IBM Security Guardium is affected by a Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2021-39072)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-39072 DESCRIPTION: IBM Security Guardium could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could explo...

5.9CVSS5.6AI score0.01233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/08 4:20 p.m.•69 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of...

9.8CVSS7.9AI score0.85315EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/02 12:47 p.m.•69 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8

Summary Multiple vulnerabilities were found with IBM® Runtime Environment Java™ Technology Edition, Version 8 which is shipped with IBM MQ and used for Java & JMS client, AMQP, MQTT, MFT & MQIPT functionality. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in...

5.3CVSS6.2AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 3:31 a.m.•69 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.1

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.5.1 Content The following vulnerabilities have been fixed in IBM WebSphere Application Server Fix Pack 8.5.5.1 VULNERABILITY DETAILS: CVE ID:CVE-2013-0460PM72275 DESCRIPTION: WebSpher...

6.8CVSS8.8AI score0.29484EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 12:26 a.m.•69 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.10

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.10, IBM WebSphere Application Server Hypervisor 8.0.0.10 and IBM HTTP Server 8.0.0.10 Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server coul...

7.1CVSS6.3AI score0.99999EPSS
Exploits15Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/15 5:17 p.m.•69 views

Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects PowerVM

Summary OpenSSL is used by PowerVM to support encrypted Logical Partition Mobility. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-0778 by upgrading PowerVM and thus addressing the exposure to the openssl vulnerability. Vulnerability Details CVEID: CVE-2022-0778...

7.5CVSS1.8AI score0.70561EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/13 5:56 p.m.•69 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2022 CPU plus deferred CVE-2022-21299

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere...

5.3CVSS0.6AI score0.03458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/17 5:53 a.m.•69 views

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By...

7.5CVSS1AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/10 11:16 p.m.•69 views

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 8.0.7.5. Vulnerability Details CVEID: CVE-2021-41035 DESCRIPTION:...

9.8CVSS1.8AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/23 5:14 p.m.•69 views

Security Bulletin: Network Intrusion Prevention System is affected by curl and php5 vulnerabilities (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)

Summary Security vulnerabilities have been discovered in curl and php5 that are used in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-2174 DESCRIPTION: cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

7.5CVSS8.5AI score0.35635EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/22 11:54 a.m.•69 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...

9.8CVSS7.1AI score0.06886EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/06/03 10:8 p.m.•69 views

Security Bulletin: Vulnerability in OpenSSL affects Informix Dynamic Server and CSDK (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Informix Dynamic Server uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...

4.3CVSS6.4AI score0.23222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/05/06 6:56 p.m.•69 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2021-3177

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2021-3177. Vulnerability Details CVEID: CVE-2021-3177 DESCRIPTION: Python is vulnerable to a buffer overflow, caused by improper bounds checking by the PyCArgrepr function in ctypes/callproc.c. By sending specially-crafted...

9.8CVSS2.3AI score0.23293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/04/19 9:45 p.m.•69 views

Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-0232 DESCRIPTION: When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to...

9.8CVSS0.99652EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/04/07 6:20 p.m.•69 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-14803, CVE-2020-27221

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-14803, CVE-2020-27221. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low...

9.8CVSS1.6AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/04/01 8:53 p.m.•69 views

Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server

Summary Muiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server are addressed. Vulnerability Details CVEID: CVE-2020-8557 DESCRIPTION: Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the...

8.8CVSS0.5AI score0.061EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/08/07 11:11 a.m.•69 views

Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities

Summary Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...

9.3CVSS1.5AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/07/24 10:19 p.m.•69 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2018-11775)

Summary Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveM...

7.4CVSS1.7AI score0.0699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2020/04/01 12:35 a.m.•69 views

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-19252 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the...

9.3CVSS1.5AI score0.06236EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/06/03 4:15 p.m.•69 views

Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2018-1111 - Vulnerability in the NetworkManager integration script CVE-2018-2783 - IBM Java Runtime vulnerability CVE-2018-2790 - IBM Java Runtime vulnerability CVE-2018-5391 - Improper handling o...

7.9CVSS1.1AI score0.94457EPSS
Exploits14Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2019/03/06 8:5 p.m.•69 views

Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution o...

7.8CVSS0.9AI score0.60631EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2019/03/04 5:55 a.m.•69 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improper bounds checking in...

5.5CVSS0.6AI score0.00501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/07/10 8:34 a.m.•69 views

Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2016-8624, CVE-2016-8625)

Summary IBM Rational ClearCase is affected by cURL/libcURL access restriction bypass and network host spoofing vulnerabilities. Vulnerability Details CVEID: CVE-2016-8624 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the...

7.5CVSS1.1AI score0.05915EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000