Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 3:42 p.m.68 views

Security Bulletin: February 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should...

9.8CVSS8.9AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/04 9:33 p.m.68 views

Security Bulletin: IBM Security Guardium Insights is affected by multipe vulnerabilities

Summary IBM Security Guardium Insights adreesed the following issues Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class in urllib. By persuading a...

7.5CVSS7.2AI score0.11586EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 6:5 p.m.68 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it.(CVE-2021-40438)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-40438 Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remote attacker...

9CVSS1.1AI score0.99999EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 8:41 a.m.68 views

Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)

Summary Security vulnerabilities identified within the Apache Log4j library CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 used inside the search indexer component by IBM Rational Software Architect RealTime Edition. The fix includes Apache Log4j v2.17.0. Vulnerability Details CVEID:...

10CVSS1.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 1:13 a.m.68 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

8.5CVSS2.1AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 7:37 p.m.68 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)

Summary There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server traditional in the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application...

9CVSS0.6AI score0.99999EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 10:36 p.m.68 views

Security Bulletin: Security Vulnerability in Apache Log4j Affects IBM Sterling Partner Engagement Manager (CVE-2021-44228)

Summary Log4j is used by IBM Sterling Partner Engagement Manager for generating logs in all components and tools. This bulletin provides a remediation for the reported CVE-2021-44228 by upgrading log4j jars to 2.15.0 where fix to Log4j CVE-2021-44228 vulnerability is addressed. Vulnerability...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.68 views

Security Bulletin: IBM Security Guardium Insights is affected by a jQuery vulnerabilitiy (CVE-2019-11358)

Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker...

6.1CVSS0.7AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/31 1:55 a.m.68 views

Security Bulletin: IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx

Summary IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx. IBM Watson Machine Learning Accelerator havs addressed the CVE-2021-23017. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.7CVSS7.5AI score0.52838EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/03 10:8 p.m.68 views

Security Bulletin: Vulnerability in OpenSSL affects Informix Dynamic Server and CSDK (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Informix Dynamic Server uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...

4.3CVSS6.4AI score0.23222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/19 8:6 a.m.68 views

Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics

Summary GNU binutils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs by upgrading GNU binutils to latest version 2.36.1 Vulnerability Details CVEID: CVE-2021-20284 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a heap-based buff...

7.8CVSS7.6AI score0.03412EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/06 6:56 p.m.68 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2021-3177

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2021-3177. Vulnerability Details CVEID: CVE-2021-3177 DESCRIPTION: Python is vulnerable to a buffer overflow, caused by improper bounds checking by the PyCArgrepr function in ctypes/callproc.c. By sending specially-crafted...

9.8CVSS2.3AI score0.23293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/26 9:17 p.m.68 views

Security Bulletin: Vulnerabilities in 64-bit block ciphers affects IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2183, CVE-2016-6329)

Summary The Sweet32 Birthday attack for SSL/TLS connections affects IBM License Metric Tool v7.5 and IBM Tivoli Asset Discovery for Distributed v7.5 Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in...

7.5CVSS6.6AI score0.95707EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/03 2:31 a.m.68 views

Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-2991 DESCRIPTION: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.017 and prior. Easily exploitable...

6.5CVSS1AI score0.03726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.68 views

Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Ty...

9.8CVSS1.6AI score0.57472EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/23 4:58 p.m.68 views

Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes

Summary Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes Vulnerability Details CVEID: CVE-2019-9513 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priori...

7.8CVSS0.7AI score0.87806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:45 a.m.68 views

Security Bulletin: Vulnerabilities in Bash affect multiple products shipped with Intelligent Cluster (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Information about security vulnerabilities affecting multiple products shipped as components of Intelligent Cluster has been published in security bulletins. Vulnerability Details Abstract Information about security vulnerabilities affecting multiple products shipped as components of...

0.1AI score0.99999EPSS
Exploits158Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:42 a.m.68 views

Security Bulletin: Multiple vulnerabilities in apache2 affect IBM Flex System Manager (FSM)

Summary Multiple vulnerabilities have been identified in apache2 that is embedded in the FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3167 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the use of the...

9.8CVSS1.2AI score0.94999EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:41 a.m.68 views

Security Bulletin: IBM PurePower Integrated Manager has released instructions in response to the vulnerabilities known as Spectre and Meltdown

Summary IBM has released the following instructions for IBM PurePower Integrated Manager in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. RHEL Server is shipped as a component of PPIM. Information about a security vulnerability affecting RHEL Server has been published in a Red Hat...

5.6CVSS6.7AI score0.93838EPSS
Exploits13Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:39 a.m.68 views

Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM)

Summary Multiple vulnerabilities have been identified in openssh that is embedded in the FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2016-10011 DESCRIPTION: OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a...

7.8CVSS1AI score0.88944EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:33 a.m.68 views

Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM

Summary PowerKVM is affected by numerous vulnerabilities in OpenSSL. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks...

9.8CVSS0.9AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.68 views

Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND, affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance CVE-2014-9297, CVE-2014-9298, CVE-2014-9273, CVE-2013-7424, CVE-2015-3245, CVE-2015-3246, CVE-2015-5477. Vulnerability Details CVEID: CVE-2014-9297...

7.8CVSS1.4AI score0.91284EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:2 p.m.68 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Security Policy Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by Tivoli Security Policy Manager TSPM. TSPM has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with TSPM. Vulnerability Details If you run your own Ja...

9CVSS0.7AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:43 p.m.68 views

Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available

Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2016-0330 DESCRIPTION: IBM Security Identity Manager Virtual Appliance uses a weak password algorithm which allows users to create...

10CVSS1.7AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:24 a.m.67 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

7.5CVSS10AI score0.46836EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:49 a.m.67 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC

Summary Multiple vulnerabilities in Progress DataDirect Connect for ODBC used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34363 DESCRIPTION: Progress DataDirect Connect for ODBC could allow a remote attacker to obtain sensitive information, caused by...

9.8CVSS9.8AI score0.02195EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/04 10:17 a.m.67 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.22 LTS, 12.0.6 LTS and 12.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

9.8CVSS9.3AI score0.66594EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 7:8 a.m.67 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

8.1CVSS9.1AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/09 5:3 p.m.67 views

Security Bulletin: IBM QRadar Wincollect is using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular...

8.6CVSS8.8AI score0.54026EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/18 4:11 p.m.67 views

Security Bulletin: AIX is vulnerable to privilege escalation and denial of service (CVE-2023-45166, CVE-2023-45174, CVE-2023-45170)

Summary UPDATED Feb 2 2024 New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes new and original resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue describe...

8.4CVSS7.9AI score0.00238EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/22 9:19 a.m.67 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.

Summary Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859,...

8.4CVSS7.5AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 3:50 p.m.67 views

Security Bulletin: Extension script @substitutions@ within quoting allow SQL injection in EDB PostgresSQL

Summary Per CVE-2023-39417, extension script @substitutions@ within quoting allow SQL injection in EDB PostgreSQL with IBM, EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres Enterprise for IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-39417...

8.8CVSS8.6AI score0.01572EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/02 6:15 p.m.67 views

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22067 DESCRIPTION: An unspecified vulnerability in Java SE related to the CORBA component could allow a remo...

5.3CVSS5.8AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:24 p.m.67 views

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)

Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion HCI's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerabili...

9.3CVSS8.8AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 4:21 p.m.67 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes

Summary Multiple issues were identified in Red Hat UBI packages, Kubernetes and go-toolset are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2023-4813 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a...

9.8CVSS9.6AI score0.81422EPSS
Exploits34Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 3:1 p.m.67 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL and Node.js (CVE-2023-4807, CVE-2023-44487)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL and Node.js CVE-2023-4807, CVE-2023-44487 Vulnerability Details CVEID: CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC message...

7.8CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 5:56 p.m.67 views

Security Bulletin: IBM MQ is affected by a denial of service vulnerability in OpenSSL (CVE-2023-2650)

Summary IBM MQ is affected by a denial of service vulnerability in OpenSSL. OpenSSL is used by the IBM MQ Advanced Message Security feature on the IBM i platform. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using...

6.5CVSS7AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 7:46 p.m.67 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2023-25690, CVE-2023-24966, CVE-2023-24998, CVE-2023-27554, CVE-2022-39161, CVE-2023-32342 and CVE-2023-35890. The remediati...

9.8CVSS8.3AI score0.8377EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:0 p.m.67 views

Security Bulletin: protobuf.js component is vulnerable which is used by IBM Maximo Application Suite [CVE-2023-36665]

Summary IBM Maximo Application Suite uses protobuf.js package which is vulnerable to CVE-2023-36665. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototyp...

9.8CVSS9.8AI score0.01422EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:2 p.m.67 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition.

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

7.5CVSS6.5AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 4:40 p.m.67 views

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their January 2023 Vulnerability Advisory, plus CVE-2022-4304. For more information please refer to OpenJDK's January 2023 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerabili...

5.9CVSS6.8AI score0.16195EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/01 2:52 p.m.67 views

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities.

Summary IBM WebSphere Application Server for IBM i is vulnerable to a server-side request forgery due to a flaw in parsing the href attribute CVE-2022-46364, and is affected by an attacker obtaining sensitive information due to improper permissions on a temporary file CVE-2022-45787, attacker...

9.8CVSS8.1AI score0.46836EPSS
Exploits6Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 4:2 p.m.67 views

Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP request splitting when using modproxy or the Web Server Plug-in due to the included Apache HTTP Server. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION...

9.8CVSS9.4AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:12 a.m.67 views

Security Bulletin: Sixteen (16) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems

Summary OpenSSL vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems . These vulnerabilities could allow a remote attacker to execute arbitrary code on the system, to obtain sensitive information, to crash a client, or cause of denial of service. Vulnerability...

7.4CVSS8.4AI score0.99977EPSS
Exploits14Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 1:8 p.m.67 views

Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Advanced

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...

7.5CVSS7.3AI score0.02121EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 3:45 p.m.67 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of servce due to IBM Java (CVE-2022-21626)

Summary IBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by a denial of service issue in IBM Java...

5.3CVSS5.3AI score0.01746EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/09 7:33 p.m.67 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to directory traversal due to AWS SDK for Java (CVE-2022-31159)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability in AWS SDK for Java shipped with the product. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw i...

7.9CVSS6.7AI score0.01193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 2:32 p.m.67 views

Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is affected by arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)

Summary IBM QRadar SIEM is affected by arbitrary code execution due to Apache Log4j CVE-2019-17571, CVE-2021-44832, CVE-2021-4104. Apache Log4j is used by IBM QRadar SIEM as part of its logging infrastructure. The fix includes Apache Log4j 2.17.2 Vulnerability Details CVEID:CVE-2019-17571...

9.8CVSS8.5AI score0.97906EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 10:13 p.m.67 views

Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)

Summary A vulnerable version of JQuery-UI was used by API Connect. The fix includes updated JQuery-UI which addresses CVE-2021-41184, CVE-2021-41183, and CVE-2021-41182. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

6.5CVSS6.4AI score0.44515EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.67 views

Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081)

Abstract Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment JRE allows remote attackers to affect availability via vectors relate...

5CVSS7.5AI score0.45113EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000