Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/09/19 6:36 a.m.67 views

Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis

Summary The following security issues have been identified in the log4j-1.2.16.jar included as part of the IBM Operations Analytics - Log Analysis product. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS9.1AI score0.81147EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.67 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. Vulnerability...

5.7AI score0.06868EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:9 a.m.67 views

Security Bulletin: Stack Buffer overflow may affect IBM HTTP Server (CVE-2015-4947)

Summary Stack buffer overflow may affect IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-4947 DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer overflow, caused by improper handling of...

9CVSS9.7AI score0.07915EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 4:32 a.m.67 views

Security Bulletin: There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager.

Summary Apache-storm, used by IBM Tivoli Network Manager, contains many internal libraries which are vulnerable to various types of CVEs. Revealing sensitive information CVE-2021-28169, bypassing ACL validations CVE-2018-17196, heap based buffer overflow CVE-2015-5237, denial of service...

9CVSS9.2AI score0.7848EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/06 2:45 p.m.67 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105)

Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in Openshift Logging. This bulletin provides a remediation for the Apache Log4j vulnerability CVE-2021-45105. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the...

5.9CVSS1.3AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 10:3 a.m.67 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Cloud Pak System

Summary Multple vulnerabilities exist in Apache log4j that could allow someone to execute arbitrary code on the system. Apache Log4j v1 is used by Cloud Pak System in order to generate logs and diagnostic traces in some of its components; IBM DB2 , IBM Tivoli Monitoring, IBM Spectrum Scale and IB...

9.8CVSS0.9AI score0.81147EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 4:10 p.m.67 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server shipped with IBM Security Identity Manager due to Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035

Summary IBM WebSphere Application Server is shipped with IBM Security Identity Manager about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS2.2AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/05 6:28 p.m.67 views

Security Bulletin: Due to use of Apache Log4j, IBM Cloud PAK for Watson AI Ops is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is used by IBM Cloud PAK for Watson AI Ops as part of its logging infrastructure. The CVE numbers are: CVE-2021-45105 and CVE-2021-45046. Vulnerabilities were identified within the Apache Log4j library that is used by IBM Cloud Pak for Watson AIOps. These vulnerabilities have...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 5:29 a.m.67 views

Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Watson Knowledge Catalog InstaScan uses Apache Log4j as part of its logging infrastructure. Hence it is vulnerable to denial of service CVE-2021-45105 and arbitrary code execution CVE-2021-45046. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION...

10CVSS1.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/12 3:21 a.m.67 views

Security Bulletin: Vulnerabilities in Celery, Golang Go, and Python affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift

Summary Vulnerabilities in Celery, Golang Go, and Python such as execution of arbitrary commands, denial of service, and weaker than expected security might affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and Red Hat OpenShift Vulnerability Details CVEID: CVE-2021-237...

9.1CVSS9.9AI score0.08325EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/14 5:33 a.m.67 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to remote code execution due to Apache Log4j (CVE-2021-44832)

Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation for the Apache Log4j vulnerability CVE-2021-44832. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to...

8.5CVSS1.3AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/28 6:5 p.m.67 views

Security Bulletin: IBM Sterling Configure, Price, Quote is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary IBM Sterling Configure, Price, Quote uses Apache Log4j CVE-2021-45105 and CVE-2021-45046 to log messages. The fix includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

10CVSS1.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/12 7:29 p.m.67 views

Security Bulletin:Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager

Summary IBM WebSphere Application Server WAS is shipped with IBM Security Identity Manager ISIM. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9CVSS2.6AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/05 10:38 p.m.67 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-45105) affects the IBM Performance Management product

Summary The APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44228 and fixed in Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to ...

10CVSS0.4AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/29 7:53 a.m.67 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Guardium Data Encryption (GDE) (CVE-2021-45105 and CVE-2021-45046)

Summary Vulnerability in Apache Log4j affects IBM Guardium Data Encryption GDE CVE-2021-45105 and CVE-2021-45046. The patch includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

10CVSS0.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 1:54 p.m.67 views

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for Email (CVE-2021-44228)

Summary Apache Log4j open source library is used by Content Collector for Email. The vulnerability affects the Content Collector AFUKnowledgeCenter component. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apac...

10CVSS1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/08 4:55 p.m.67 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:...

9.8CVSS7.1AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/22 6:16 a.m.67 views

Security Bulletin: Vulnerability in Bash (CVE-2019-18276) affects HMC

Summary GNU Bash is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-18276 DESCRIPTION: GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disableprivmode...

7.8CVSS7.5AI score0.02608EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/22 6:10 a.m.67 views

Security Bulletin: Vulnerability in Apache HTTP (CVE-2018-17199 and CVE-2020-11993) affects HMC

Summary Apache HTTP is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time befor...

7.5CVSS8AI score0.58716EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/18 6:29 a.m.67 views

Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager CVE-2021-2388, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341.

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v3.9, v4.1 and v4.2 which was disclosed in the Oracle July 2021 Critical Patch Update. Vulnerability Details Refer to the security bulletins listed in the...

1.8AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.67 views

Security Bulletin: Vulnerabilities in Bash affect Power Hardware Management Console (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by Power Hardware Management Console. Vulnerability Details CVE-ID:...

10CVSS9.4AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/12 6:25 p.m.67 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-13938, CVE-2021-30641)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

0.6AI score0.52331EPSS
Exploits0Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/12 5:42 p.m.67 views

Security Bulletin: IBM API Connect is impacted by vulnerabilities in node.js and OpenSSL (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability...

7.8CVSS0.8AI score0.77385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/14 9:30 p.m.67 views

Security Bulletin: Vulnerability in SSLv3 affects FileNet Content Manager, FileNet BPM and IBM Content Foundation (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is a configurable option in FileNet Content Manager and FileNet BPM products. If using SSLv3 with these products, please refer to the sections below to...

4.3CVSS4.2AI score0.99999EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/29 10:14 a.m.67 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-13938, CVE-2021-30641)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.2.0.x,4.1.1.x, and 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...

1.2AI score0.52331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 10:59 a.m.67 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-26116

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-26116. Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the...

7.2CVSS1.3AI score0.0642EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/02 5:6 a.m.67 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-14305 DESCRIPTION: Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an out-of-bounds memory write flaw in how the Voice Over IP H.323...

10CVSS1AI score0.87553EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/03 5:0 p.m.67 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in Apr 2020. There are multiple vulnerabilities in IBM SDK Java...

8.3CVSS1.4AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/27 10:36 a.m.67 views

Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0734 and CVE-2019-1559)

Summary IBM MQ Appliance has addressed the following OpenSSL vulnerabilities. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...

5.9CVSS2AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/19 5:22 a.m.67 views

Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF09 + ICAM Synthetic 3.0

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2019-11764, CVEID: CVE-2019-11758 Vulnerability Details CVEID: CVE-2019-11764 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs...

8.8CVSS2.3AI score0.0146EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/11 5:5 a.m.67 views

Security Bulletin: Vulnerability in OpenSSL affects IBM OS Image for Red Hat Linux Systems, AIX and bundling products for IBM PureApplication Systems (CVE-2018-5407)

Summary Open Source OpenSSL is vulnerable to a publicly disclosed vulnerability. Vulnerability Details CVEID: CVE-2018-5407 Description: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on...

4.7CVSS0.2AI score0.03418EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/05 4:18 a.m.67 views

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time before...

7.5CVSS0.9AI score0.19994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/06 7:55 p.m.67 views

Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2019-2434 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resultin...

6.5CVSS2.1AI score0.04457EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/03 2:30 p.m.67 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2017-16939 Description: Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an...

8CVSS0.6AI score0.7354EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/31 8:10 p.m.67 views

Security Bulletin: IBM API Connect is affected by multiple third-party vulnerabilities (Node.js, nghttp2, Linux, Intel CPU, Android)

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-13094 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the xfsdashrinkinode function in fs/xfs/libxfs/xfsattrleaf.c. By persuading a victim to open a...

8.8CVSS0.7AI score0.7354EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:39 p.m.67 views

Security Bulletin: Security vulnerabilities have been identified in OpenSSL shipped with IBM Tivoli Network Manager IP Edition(CVE-2016-7055, CVE-2017-3731, CVE-2017-3732)

Summary OpenSSL is shipped with Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting OpenSSL have been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-3731 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...

7.5CVSS1AI score0.57595EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:56 p.m.67 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2014-3570 DESCRIPTION: An unspecified error in...

5CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.67 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196)

Summary Security vulnerabilities have been discovered in OpenSSL used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when verifying certificates via a malformed routin...

7.5CVSS0.8AI score0.44016EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.67 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in July 2017 Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An...

9.8CVSS0.8AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.67 views

Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)

Summary Security vulnerabilities in Mozilla Network Security Services NSS affect IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2834 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote...

9.3CVSS1.4AI score0.0338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.66 views

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

10CVSS8.4AI score0.6773EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:12 a.m.66 views

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2023-1387)

Summary Grafana is used by IBM Storage Ceph in the dashboard. CVE-2023-1387 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1387 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive informatio...

7.5CVSS5.4AI score0.01504EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:1 a.m.66 views

Security Bulletin: IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service

Summary IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-3488 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error related to the processing of repeated responses to the same query, where both responses contain...

7.5CVSS7.8AI score0.19045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.66 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573...

9.8CVSS6.8AI score0.99957EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 11:52 p.m.66 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in t...

7.5CVSS7.6AI score0.91327EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/10 9:17 p.m.66 views

Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...

9.1CVSS9.1AI score0.13474EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 11:37 p.m.66 views

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2023-2650. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is...

6.5CVSS7AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 9:44 p.m.66 views

Security Bulletin: Vulnerabilities in OpenSSH, Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in OpenSSL and Linux Kernel. A remote or local authenticated attacker could exploit these vulnerabilities to break SSH extension negotiation and downgrading the client connection security, to cause the system to crash, to...

7.8CVSS9.2AI score0.9378EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 9:59 p.m.66 views

Security Bulletin: IBM MQ is vulnerable to denial of service (CVE-2024-25016)

Summary IBM MQ has addressed a denial of service vulnerability due to incorrect buffering logic. Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. CVSS Ba...

7.5CVSS7.3AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 1:43 p.m.66 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to TensorFlow denial of service vulnerabilitiy [CVE-2023-25661]

Summary Potential TensorFlow denial of service, caused by improper input validation by the Convolution3DTranspose function have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information...

6.5CVSS6.7AI score0.00432EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000