Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/10/31 8:10 p.m.67 views

Security Bulletin: IBM API Connect is affected by multiple third-party vulnerabilities (Node.js, nghttp2, Linux, Intel CPU, Android)

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-13094 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the xfsdashrinkinode function in fs/xfs/libxfs/xfsattrleaf.c. By persuading a victim to open a...

8.8CVSS0.7AI score0.7354EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:34 a.m.67 views

Security Bulletin: A vulnerability in OpenSSL affects IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2016-8610)

Summary An OpenSSL vulnerability was disclosed on Sep 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM FSM SMIA configuration tool commonly known as Network Advisor. This bulletin addresses this CVE. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to ...

7.5CVSS1.4AI score0.39657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:39 p.m.67 views

Security Bulletin: Security vulnerabilities have been identified in OpenSSL shipped with IBM Tivoli Network Manager IP Edition(CVE-2016-7055, CVE-2017-3731, CVE-2017-3732)

Summary OpenSSL is shipped with Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting OpenSSL have been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-3731 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...

7.5CVSS1AI score0.57595EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:56 p.m.67 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2014-3570 DESCRIPTION: An unspecified error in...

5CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.67 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196)

Summary Security vulnerabilities have been discovered in OpenSSL used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when verifying certificates via a malformed routin...

7.5CVSS0.8AI score0.44016EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.67 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in July 2017 Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An...

9.8CVSS0.8AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.67 views

Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)

Summary Security vulnerabilities in Mozilla Network Security Services NSS affect IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2834 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote...

9.3CVSS1.4AI score0.0338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.66 views

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

10CVSS8.4AI score0.6773EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:12 a.m.66 views

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2023-1387)

Summary Grafana is used by IBM Storage Ceph in the dashboard. CVE-2023-1387 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1387 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive informatio...

7.5CVSS5.4AI score0.01504EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 4:18 p.m.66 views

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: When deserializing untrusted...

10CVSS9.9AI score0.93305EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:30 a.m.66 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

9.8CVSS10AI score0.10539EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/02 8:4 a.m.66 views

Security Bulletin: gunicorn-20.1.0-py3-none-any

Summary Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn'...

7.5CVSS7.4AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 11:52 p.m.66 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in t...

7.5CVSS7.6AI score0.91327EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/10 9:17 p.m.66 views

Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...

9.1CVSS9.1AI score0.13474EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 11:37 p.m.66 views

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2023-2650. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is...

6.5CVSS7AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 9:44 p.m.66 views

Security Bulletin: Vulnerabilities in OpenSSH, Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in OpenSSL and Linux Kernel. A remote or local authenticated attacker could exploit these vulnerabilities to break SSH extension negotiation and downgrading the client connection security, to cause the system to crash, to...

7.8CVSS9.2AI score0.93305EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 9:16 a.m.66 views

Security Bulletin: Vulnerabilities in Logback may affect the IBM Spectrum Protect Server (CVE-2023-6481)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in Logback such as denial of service caused by a serializaion flaw in the logback receiver component. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused ...

7.5CVSS7.1AI score0.00682EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 9:59 p.m.66 views

Security Bulletin: IBM MQ is vulnerable to denial of service (CVE-2024-25016)

Summary IBM MQ has addressed a denial of service vulnerability due to incorrect buffering logic. Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. CVSS Ba...

7.5CVSS7.3AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 1:43 p.m.66 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to TensorFlow denial of service vulnerabilitiy [CVE-2023-25661]

Summary Potential TensorFlow denial of service, caused by improper input validation by the Convolution3DTranspose function have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information...

6.5CVSS6.7AI score0.00432EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/04 10:25 a.m.66 views

Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System

Summary There are some vulnerabilities in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Fixes for these vulnerabilities are available. Vulnerability Details CVEID:CVE-2023-32233 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to...

7.8CVSS7.6AI score0.12966EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 8:20 p.m.66 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001. Vulnerability Details CVEID:CVE-2023-22025 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM...

8.1CVSS9.5AI score0.99999EPSS
Exploits50Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/22 8:50 p.m.66 views

Security Bulletin: Multiple security vulnerabilities in Java affect IBM Robotic Process Automation

Summary Java is used by IBM Robotic Process Autoamtion as part of the ILMT, NLP, UMS and Containers CVE-2023-22006, CVE-2023-22036, CVE-2023-22045, CVE-22049. Vulnerability Details CVEID: CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could...

3.7CVSS7.4AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 8:45 p.m.66 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to denial of service due to HTTP/2 Rapid Reset vulnerability (CVE-2023-44487)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details Refer to the security bulleti...

7.5CVSS6.9AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/14 9:8 p.m.66 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

3.7CVSS5.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 4:44 p.m.66 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium uses components with the vulnerabilies listed below. Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID: CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the...

9.1CVSS8.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 7:52 p.m.66 views

Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)

Summary IBM Security Guardium has fixed this vulnerability by upgrading the version of MIT krb5 that it uses. Vulnerability Details CVEID:CVE-2022-42898 DESCRIPTION: MIT krb5 is vulnerable to a denial of service, caused by an integer overflow in PAC parsing in the krb5parsepac function. By sendin...

8.8CVSS8.8AI score0.06419EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/10 4:23 a.m.66 views

Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).

Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-20860, CVE-2023-20861. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service...

7.5CVSS7.5AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/26 4:24 p.m.66 views

Security Bulletin: Docker based datastores for IBM Instana do not currently require authentication

Summary Docker based datastores for IBM Instana do not currently require authentication. Due to this, an attacker with network or system access to the datastores could interrogate the datastores with read/write privileges CVE-2023-27290. Vulnerability Details CVEID:CVE-2023-27290 DESCRIPTION:...

9.1CVSS9.1AI score0.08573EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 8:50 p.m.66 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)

Summary There is a vulnerability in the RESTEasy library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 or restfulWS-3.1 is enabled. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a...

5.5CVSS5.6AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.66 views

Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)

Summary Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family CVE-2011-3188 Vulnerability Details Security Bulletin --- Summary --- Potential DOS due to weak IPv4 and IPv6 sequence numbers Vulnerability Details --- CVEID:...

9.1CVSS8.8AI score0.05689EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.66 views

Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5647)

Summary A vulnerability in the Apache Tomcat component affects the Management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5647 DESCRIPTION: Apache Tomcat could allow a remote attacker...

7.5CVSS8.5AI score0.1684EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/09 7:13 p.m.66 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to IBM MQ.

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in IBM MQ packaged with the product. Vulnerability Details CVEID:CVE-2020-4375 DESCRIPTION: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service...

10CVSS8.9AI score0.0769EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 2:27 p.m.66 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2022 CPU (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:1 p.m.66 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase [CVE-2022-40674, CVE-2022-43680]

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. CVE-2022-40674, CVE-2022-43680 Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a...

8.1CVSS8.6AI score0.02241EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/17 5:34 p.m.66 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-2783)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in April 2018. There are multiple vulnerabilities in IBM® SDK Java...

7.4CVSS7.3AI score0.03966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 9:46 p.m.66 views

Security Bulletin: IBM MQ Blockchain bridge is vulnerable to a denial of service issue within protobuf-java core (CVE-2022-3171)

Summary An issue was identified within protobuf-java core, which is used by fabric gateway, which in turn is used by IBM MQ Blockchain bridge to provide IBM MQ Blockchain functionality. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial o...

7.5CVSS6.1AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 10:16 a.m.66 views

Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System [CVE-2022-38177]

Summary Redhat provided bind package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-38177 Vulnerability Details CVEID:CVE-2022-38177 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a small memory leak in...

7.5CVSS7.6AI score0.02299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/21 1:12 p.m.66 views

Security Bulletin: OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation (CVE-2021-41617)

Summary OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation . This has been updated in the latest release and the vulnerability have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak f...

7CVSS7.5AI score0.02367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/29 12:50 p.m.66 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty profile affects IBM Operations Analytics Predictive Insights(CVE-2022-22393 CVE-2022-22476 CVE-2022-22475)

Summary Websphere Application Server Liberty profile is used in the UI component of IBM Operations Analytics Predictive Insights. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and...

8.8CVSS6.9AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/10 12:6 p.m.66 views

Security Bulletin: Multiple vulnerabilities in IBM Cognos Express (CVE-2013-5443, CVE-2013-5445, CVE-2013-5444, CVE-2013-2407, CVE-2013-2450, CVE-2013-0169, CVE-2013-1478, CVE-2013-1480)

Summary A number of security vulnerabilities in IBM Cognos Express have been identified and addressed in a software update. Vulnerability Details CVE ID: CVE-2013-5443 DESCRIPTION: A Cross Site Request Forgery CSRF vulnerability in IBM Cognos Express allows an attacker that is able to trick an...

10CVSS7.5AI score0.35584EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:37 a.m.66 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (CVE-2015-4000)

Abstract IBM WebSphere Application Server v7.0 is shipped as a component of IBM Integrated Information Core. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Content Vulnerability Details Please consult the security...

3.7CVSS4.8AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.66 views

Security Bulletin: IBM Sterling Control Center Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

4.3CVSS7.6AI score0.66817EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 6:13 p.m.66 views

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU October 2013

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The products that are listed in the Affected product section are shipped with a versio...

4.3CVSS7.7AI score0.03864EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/22 4:9 a.m.66 views

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary A vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to th...

7.1CVSS1.1AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/16 5:12 p.m.66 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin -- CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813,...

9.8CVSS0.6AI score0.19008EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.66 views

Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVEs Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsa...

9.8CVSS2AI score0.6906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 8:51 p.m.66 views

Security Bulletin: Sterling Order Management and vulnerability in Apache Log4j2 Library (CVE-2021-44228)

Abstract Is Sterling Order Management affected by CVE-2021-44228? Content IBM is aware of a recently surfaced vulnerability CVE-2021-44228 in Apache log4j 2.0 to 2.14.1 and determined that some of Sterling Order Management components are impacted. Following is a summary of impacted OMS Components...

10CVSS0.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/15 9:36 p.m.66 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2019-12528 DESCRIPTION: Squid could allow a remote attacker to obtain sensitive information, caused by incorrect data management when translating FTP server listings into HTTP responses. By sending a...

9.9CVSS10AI score0.99295EPSS
Exploits90Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/15 4:37 a.m.66 views

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities (CVE-2021-40438, CVE-2021-34798)

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Core XPU: Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request...

9CVSS1.1AI score0.99999EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/04 4:23 p.m.66 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)

Summary The Apache Log4j library used by IBM Tivoli Netcool Impact is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105, CVE-2021-45046. The library is used by IBM Tivoli Netcool Impact to provide logging functionality. The fix includes Apache Log4j...

10CVSS1.2AI score0.99999EPSS
Exploits355Affected Software1
Total number of security vulnerabilities5000