Lucene search
K
IbmMost viewed

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/04/19 9:45 p.m.69 views

Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-0232 DESCRIPTION: When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to...

9.8CVSS0.99652EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/07 6:20 p.m.69 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-14803, CVE-2020-27221

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-14803, CVE-2020-27221. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low...

9.8CVSS1.6AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/01 8:53 p.m.69 views

Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server

Summary Muiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server are addressed. Vulnerability Details CVEID: CVE-2020-8557 DESCRIPTION: Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the...

8.8CVSS0.5AI score0.061EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/07 11:11 a.m.69 views

Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities

Summary Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...

9.3CVSS1.5AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.69 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2018-11775)

Summary Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveM...

7.4CVSS1.7AI score0.0699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/01 12:35 a.m.69 views

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-19252 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the...

9.3CVSS1.5AI score0.06236EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/03 4:15 p.m.69 views

Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2018-1111 - Vulnerability in the NetworkManager integration script CVE-2018-2783 - IBM Java Runtime vulnerability CVE-2018-2790 - IBM Java Runtime vulnerability CVE-2018-5391 - Improper handling o...

7.9CVSS1.1AI score0.94457EPSS
Exploits14Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/06 8:5 p.m.69 views

Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution o...

7.8CVSS0.9AI score0.60631EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/04 5:55 a.m.69 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improper bounds checking in...

5.5CVSS0.6AI score0.00501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/10 8:34 a.m.69 views

Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2016-8624, CVE-2016-8625)

Summary IBM Rational ClearCase is affected by cURL/libcURL access restriction bypass and network host spoofing vulnerabilities. Vulnerability Details CVEID: CVE-2016-8624 DESCRIPTION: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the...

7.5CVSS1.1AI score0.05915EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.69 views

Security Bulletin: OpenSSL vulnerability in IBM Storwize V7000 Unified (CVE-2014-0224)

Summary Security vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2014-0224 DESCRIPTION: SSL/TLS MITM vulnerability An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a...

7.4CVSS1.2AI score0.95326EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:15 p.m.69 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NUL...

7.5CVSS1.2AI score0.44016EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:12 p.m.69 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM MessageSight (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM MessageSight. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid...

10CVSS1AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 2:17 p.m.68 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by ...

8.4CVSS9.7AI score0.00887EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:23 a.m.68 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure (CVE-2022-22334)

Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure CVE-2022-22334 Vulnerability Details CVEID:CVE-2022-22334 DESCRIPTION: IBM Robotic Process Automation could allow a user to access information from a tenant of which they should not have access...

4.3CVSS4.3AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:1 a.m.68 views

Security Bulletin: IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service

Summary IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-3488 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error related to the processing of repeated responses to the same query, where both responses contain...

7.5CVSS7.8AI score0.19045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/11 6:44 p.m.68 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-23454 DESCRIPTION: Apache Hadoop could allow a local authenticated attacker t...

9.8CVSS9AI score0.99999EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 7:8 a.m.68 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

8.1CVSS9.1AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:30 p.m.68 views

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086. Vulnerability Details CVEID:CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...

7.8CVSS8.6AI score0.28058EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/05 4:4 p.m.68 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND

Summary UPDATED: Corrected the affected fileset levels to reflect that bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details...

7.5CVSS8.1AI score0.99995EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 4:21 p.m.68 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes

Summary Multiple issues were identified in Red Hat UBI packages, Kubernetes and go-toolset are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2023-4813 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a...

9.8CVSS9.6AI score0.81422EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/12 7:10 p.m.68 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty CVE-2020-10735, CVE-2022-45061. LibTiff is used by IBM Robotic Process Automation for Cloud Pak as part of .NET Core and Watson NLP CVE-2022-3627, CVE-2022-3970. cURL libcurl is used...

9.8CVSS9.3AI score0.03776EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 12:55 p.m.68 views

Security Bulletin: Vulnerabilities found in poi-3.9.jar, poi-scratchpad-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-12626, CVE-2014-9527)

Summary Multiple vulnerabilities have been identified in poi-3.9.jar, poi-scratchpad-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

7.5CVSS7AI score0.10248EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 11:15 a.m.68 views

Security Bulletin: Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1

Summary CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2023-1667, CVE-2023-2283, CVE-2020-11080, CVE-2023-31484, CVE-2023-24329 may affect Ubuntu Operating System packages shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the...

8.1CVSS9.1AI score0.20459EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/25 2:21 a.m.68 views

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to a memory usage flaw (CVE-2023-2828)

Summary Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to a denial of service attack due to memory usage exceeding the configured cache size limit as seen in the vulnerability details section. IBM i has addressed the vulnerability in ISC BIND with a fix as described in the...

7.5CVSS7.6AI score0.03776EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/23 10:52 a.m.68 views

Security Bulletin: CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced

Summary CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary cod...

9.8CVSS9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/22 2:18 p.m.68 views

Security Bulletin: Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Linux kernel, libssh, and Java. Vulnerabilities include denial of service, elevated privileges, crashes, execute arbitrary code on the system, obtaining sensitive kernel information, network attacks, bypassing authentication,...

8.8CVSS9.8AI score0.12966EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/09 1:54 p.m.68 views

Security Bulletin: IBM App Connect Enterprise toolkit and IBM Integration Bus toolkit are vulnerable to a local authenticated attacker and a denial of service due to Guava and JDOM (CVE-2023-2976, CVE-2021-33813).

Summary IBM App Connect Enterprise toolkit and IBM Integration Bus toolkit are vulnerable to a local authenticated attacker and a denial of service due to Guava and JDOM CVE-2023-2976, CVE-2021-33813. The resolving fixes include Guava version =32.1.1 & JDOM version =2.0.6.1 Vulnerability Details...

7.5CVSS7AI score0.19442EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 1:36 p.m.68 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities

Summary OpenSSL is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenSSL is vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in OpenSSL. CVE-2023-0217, CVE-2023-1255...

7.5CVSS7.2AI score0.02846EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 9:26 a.m.68 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and Google protobuf-java. (CVE-2022-42915, CVE-2021-22569, CVE-2022-3509, CVE-2022-3171, CVE-2022-3510)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and protobuf-java. IBM App Connect Enterprise v12 OpenTelemetry trace is affected by cURL libcurl CVE-2022-42915. IBM App Connect Enterprise v11 and v12 DFDL is affected by protobuf-java CVE-2021-25569,...

8.1CVSS6.5AI score0.02927EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 4:40 p.m.68 views

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their January 2023 Vulnerability Advisory, plus CVE-2022-4304. For more information please refer to OpenJDK's January 2023 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerabili...

5.9CVSS6.8AI score0.16195EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 2:15 p.m.68 views

Security Bulletin: IBM Safer Payments is vulnerable to OpenSSL Information Disclosure Problem (CVE-2021-3712)

Summary IBM Safer Payments versions uses OpenSSL. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially...

7.4CVSS7.6AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.68 views

Security Bulletin: Several System x and Flex Systems products are affected by vulnerabilities in OpenSSL (CVE-2013-6449, CVE-2013-4353 and CVE-2013-6450)

Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been fix...

5.8CVSS8AI score0.21174EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/05 10:10 p.m.68 views

Security Bulletin: AIX is vulnerable to denial of service vulnerabilities

Summary UPDATED Apr 5 See 'Change History' for full update history. Current update corrected the affected upper fileset levels for VIOS to show that VIOS 3.1.2.50 and 3.1.3.30 are affected. Added iFixes for VIOS 3.1.2.50 and 3.1.3.30. This update applies to the kernel, perfstat, and pfcdd portion...

6.2CVSS6.3AI score0.00185EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 4:41 p.m.68 views

Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)

Summary Denial of service vulnerability in moddav module of Apache HTTP Server affects Cloud Pak System. Vulnerability Details CVEID:CVE-2006-20001 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in moddav. By sending a...

7.5CVSS8.3AI score0.03546EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.68 views

Security Bulletin: Vulnerability in SSLv3 and OpenSSL affect SAN Volume Controller and Storwize Family (CVE-2014-3566 CVE-2014-3567)

Summary Security Bulletin: Vulnerabilities in Bash affect SAN Volume Controller and Storwize Family CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278 Vulnerability Details Security Bulletin --- Summary --- There are security vulnerabilities in SSLv3 that is...

10CVSS5.3AI score0.99999EPSS
Exploits165
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.68 views

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)

Summary Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system vi...

9.8CVSS9.1AI score0.99998EPSS
Exploits33
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.68 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Multiple vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Th...

9.8CVSS9AI score0.03392EPSS
Exploits1Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 8:13 p.m.68 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution from Apache Commons Net (CVE-2021-37533)

Summary Apache Common Net is used by IBM Tivoli Netcool Impact to provide telnet connectivity for the CommandResponse service. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to...

6.5CVSS6.3AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/20 1:16 a.m.68 views

Security Bulletin: Vulnerabilities in IBM Db2, IBM Java Runtime, and Golang Go may affect IBM Spectrum Protect Server (CVE-2022-21626, CVE-2022-41717, CVE-2022-43929, CVE-2022-43927, CVE-2022-43930)

Summary IBM Spectrum Protect Server may be affected by vulnerabilities in Java SE, Golang Go and IBM Db2 such as denial of service or information disclosure, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified...

7.5CVSS6.9AI score0.05623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:48 a.m.68 views

Security Bulletin: Vulnerabilities in Bash affect IBM SAN b-type Switches (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SAN b-type Switches. Vulnerability Details CVE-ID : CVE-2014-6271...

10CVSS9.3AI score0.99999EPSS
Exploits158Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:48 a.m.68 views

Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2177, CVE-2016-2178).

Summary IBM b-type SAN switches and directors addressing Open Source OpenSSL Vulnerabilities CVE-2016-2177, CVE-2016-2178. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer...

9.8CVSS8.3AI score0.44505EPSS
Exploits1Affected Software12
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 8:15 p.m.68 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to http header injection due to IBM WebSphere Application Server (CVE-2022-34165)

Summary IBM Sterling B2B Integrator has addressed http header injection security vulnerability in IBM WebSphere Application Server shipped with the product. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Applicatio...

5.4CVSS5.6AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/09 6:2 p.m.68 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)

Summary IBM Sterling Connect:Direct for UNIX Install Agent component is vulnerable to denial of service due to FasterXML jackson-databind. FasterXML jackson-databind has been upgraded to version 2.14.1 in IBM Sterling Connect:Direct for UNIX Install Agent component . Vulnerability Details...

7.5CVSS7.3AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:48 p.m.68 views

Security Bulletin: IBM Workload Scheduler potentially affected by multiple vulnerabilities in Java package org.yaml:snakeyaml

Summary Denial of Service vulnerabilities CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752 have been found in org.yaml:snakeyaml component and potentially affects IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-25857...

7.5CVSS7.2AI score0.02191EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.68 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2020-11022).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method CVE-2020-11022. jQuery is used by the runtime components included in IBM Watson Speech...

6.9CVSS6.5AI score0.99019EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 3:58 p.m.68 views

Security Bulletin: Multiple Vulnerabilities discovered in libraries used by Apache Zookeeper that is included in ITNM (CVE-2020-36518, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823)

Summary Multiple vulnerabilities CVE-2020-36518; CVE-2022-2047; CVE-2022-2048; CVE-2022-24823 found in apache zookeeper used by IBM Tivoli Network Manager ITNM IP Edition. The fix contains the updated versions of corresponding libraries. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION:...

7.5CVSS7.2AI score0.0486EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/29 9:17 p.m.68 views

Security Bulletin: Vulnerability in Fabric OS firmware used by IBM b-type SAN directors and switches [CVE-2022-33186]

Summary Public disclosed vulnerability in the Fabric OS FOS used by IBM b-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying one of the FOS code levels listed below. CVE-2022-33186 Vulnerability Details CVEID:CVE-2022-33186 DESCRIPTION: Broadcom...

9.8CVSS9.7AI score0.01546EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 3:56 p.m.68 views

Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2022-1552)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX,...

8.8CVSS9AI score0.12403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 6:6 p.m.68 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27776

Summary cURL is used by IBM App Connect Enterprise Certified Container for internal communication and status checking. IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerabili...

6.5CVSS7.2AI score0.03425EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000