Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/18 12:32 a.m.•66 views

Security Bulletin: Tomcat apache vulnerability affects IBM Storwize V7000 Unified

Summary Apache Tomcat is used by Storwize V7000 Unified. Storwize V7000 Unified has addressed the applicable CVEs. Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected...

9.1CVSS0.8AI score0.10303EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/16 9:22 p.m.•66 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Access Manager for Web. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially...

10CVSS0.8AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/16 9:22 p.m.•66 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Access Manager for Mobile. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially...

10CVSS0.7AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/16 8:1 p.m.•66 views

Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary Multiple security vulnerabilities in memcached, PCRE, and PHP affect IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. Installation programs for the Windows components of IBM Tealeaf Customer Experience on Cloud Network Capture Add-On are vulnerable to attack under certain...

10CVSS0.9AI score0.89058EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/06/18 7:42 p.m.•65 views

Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities

Question Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/06/18 5:57 p.m.•65 views

Security Bulletin: Aspera Products and the Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

Question Security Bulletin: Aspera Products and the Meltdown and Spectre vulnerabilities CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.6CVSS7.4AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/29 2:34 a.m.•65 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for April 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF032 and 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is...

9.8CVSS7.3AI score0.99999EPSS
Exploits26Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/02 8:4 a.m.•65 views

Security Bulletin: gunicorn-20.1.0-py3-none-any

Summary Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn'...

7.5CVSS7.4AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/18 2:2 p.m.•65 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details CVEID:CVE-2018-1000134 DESCRIPTION: Ping Identity UnboundID LDAP SDK could allow a remote attacker to...

9.8CVSS9.2AI score0.91896EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/21 3:5 p.m.•65 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity XXE injection vulnerability. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are...

7CVSS7.2AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/19 8:32 p.m.•65 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.15 and earlier

Summary This fix upgrades to Node.js 18.19.1. Node.js is used by all IBM Answer Retrieval for Watson Discovery user interfaces. There are two categories of vulnerabilities addressed. The first allows remote attackers to gain access to the system, bypassing security restrictions. The second makes...

9.8CVSS8AI score0.03168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/21 5:17 p.m.•65 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow a...

7.5CVSS8.2AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/07 10:45 p.m.•65 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in PHP. Vulnerability Details CVEID: CVE-2019-9641 DESCRIPTION: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an...

9.8CVSS0.3AI score0.10059EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/29 3:31 p.m.•65 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609)

Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary...

9.8CVSS9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/14 9:8 p.m.•65 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

3.7CVSS5.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/06 11:23 a.m.•65 views

Security Bulletin: Due to use of Netty, IBM® MobileFirst Platform is vulnerable to a denial of service.

Summary Netty is used by IBM® MobileFirst Platform. CVE-2023-34462 Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a...

6.5CVSS6.9AI score0.02459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/06 7:58 a.m.•65 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty

Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...

7.5CVSS6.9AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/05 8:34 p.m.•65 views

Security Bulletin: IBM Spectrum Conductor with Spring Framework is vulnerable to a denial of service

Summary IBM Spectrum Conductor with Spring Framework is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit thi...

6.5CVSS7.1AI score0.01122EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/28 3:14 a.m.•65 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-30428, CVE-2023-30429, CVE-2023-37579 and CVE-2023-31007 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30428 DESCRIPTION: Apache Pulsar could allow a...

9.6CVSS6.9AI score0.00733EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/04 11:19 a.m.•65 views

Security Bulletin: CVE-2023-34149 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2023-34149 reported in Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw wit...

6.5CVSS5.5AI score0.05403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/28 4:48 p.m.•65 views

Security Bulletin: Multiple VMWare Tanzu Spring Vulerabilities Affects IBM OpenPages with Watson (CVE-2022-22968, CVE-2022-22970, CVE-2022-22971)

Summary Spring Framework open source library is used by IBM OpenPages with Watson. Multiple vulnerabilties are being disclosed from Spring Framework within this bulletin. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2022-22968 DESCRIPTION: Spring Framework could provide...

6.5CVSS6.4AI score0.05666EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/12 10:0 a.m.•65 views

Security Bulletin: Multiple Vulnerabilities in Apache Struts Affect IBM eDiscovery Manager

Summary Multiple vulnerabilities in Apache Struts 2.3.x may affect IBM eDiscovery Manager. These are addressed. Vulnerability Details CVEID:CVE-2020-17530 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on...

9.8CVSS9.6AI score0.97399EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/05 1:46 p.m.•65 views

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2023 Vulnerability Advisory, plus CVE-2023-25193 and CVE-2023-2597. For more information please refer to OpenJDK's April 2023 Vulnerability Advisory and the X-Force database entries referenced...

9.1CVSS8.9AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/05 1:24 p.m.•65 views

Security Bulletin: There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705)

Summary There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-40705 DESCRIPTION: Apache SOAP is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a weakly configured XML parser in...

7.5CVSS7.5AI score0.01414EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/15 6:30 p.m.•65 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploi...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/10 4:23 a.m.•65 views

Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).

Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-20860, CVE-2023-20861. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service...

7.5CVSS7.5AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/14 8:50 p.m.•65 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)

Summary There is a vulnerability in the RESTEasy library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 or restfulWS-3.1 is enabled. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a...

5.5CVSS5.6AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/20 11:30 a.m.•65 views

Security Bulletin: Vulnerability identified in VMware component affects Cloud Pak System (CVE-2021-21974)

Summary Vulnerability identified in VMware component ESXi that is bundled with Cloud Pak System. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Cloud Pak System| 2.3.x.x...

8.8CVSS9.1AI score0.45063EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/07 9:44 a.m.•65 views

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

7.5CVSS8.5AI score0.91153EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:57 p.m.•65 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)

Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: Eclipse Jetty i...

5.3CVSS7AI score0.7848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/31 2:1 p.m.•65 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase [CVE-2022-40674, CVE-2022-43680]

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. CVE-2022-40674, CVE-2022-43680 Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a...

8.1CVSS8.6AI score0.02241EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/05 9:56 p.m.•65 views

Security Bulletin: A vulnerability in kafka affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-34917)

Summary There is a vulnerability in kafka that is used by the IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-craft...

7.5CVSS7.4AI score0.0125EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/21 1:12 p.m.•65 views

Security Bulletin: OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation (CVE-2021-41617)

Summary OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation . This has been updated in the latest release and the vulnerability have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak f...

7CVSS7.5AI score0.02367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/12 1:16 p.m.•65 views

Security Bulletin: Apache Commons HttpClient 3.x (and few others) allow Man-In-The-Middle (MITM) attack

Summary Apache Commons HttpClient 3.x and few others used do not verify the server hostname in the subject Common Name CN and allows Man-In-The-Middle MITM attack Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS...

5.8CVSS6.5AI score0.19312EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/05 7:0 p.m.•65 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. Vulnerability Details CVEID:CVE-2022-33879 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular expression denial...

9.1CVSS8AI score0.18891EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/28 2:7 p.m.•65 views

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/10 12:6 p.m.•65 views

Security Bulletin: Multiple vulnerabilities in IBM Cognos Express (CVE-2013-5443, CVE-2013-5445, CVE-2013-5444, CVE-2013-2407, CVE-2013-2450, CVE-2013-0169, CVE-2013-1478, CVE-2013-1480)

Summary A number of security vulnerabilities in IBM Cognos Express have been identified and addressed in a software update. Vulnerability Details CVE ID: CVE-2013-5443 DESCRIPTION: A Cross Site Request Forgery CSRF vulnerability in IBM Cognos Express allows an attacker that is able to trick an...

10CVSS7.5AI score0.35584EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/08 7:55 p.m.•65 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted...

5.9CVSS5.8AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 11:13 p.m.•65 views

Security Bulletin: IBM Sterling Control Center Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

4.3CVSS7.6AI score0.66817EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 8:45 p.m.•65 views

Security Bulletin: GSKit SSL/TLS handshake vulnerability in Tivoli Directory Server (CVE-2012-2190)

Abstract A vulnerability has been identified in the GSKit 7 component utilized by Tivoli Directory Server TDS version 6.0, 6.1 or 6.2. A specifically crafted malformed SSL/TLS data packet can cause a TDS server using GSKit 7 to segmentation fault.. Remediation for the issue consists of updating...

5CVSS8.6AI score0.02371EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/22 7:3 a.m.•65 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related Java SE and Node

Summary Vulnerabilities in Node and Java SE such as HTTP request smuggling, execution of arbitrary code, gain elevated privileges on the system and unauthorized operations may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-32214 DESCRIPTION: Node.js is vulnerable to HTTP reques...

8.1CVSS8.3AI score0.77766EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/16 9:57 a.m.•65 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a CRI-O security vulnerability (CVE-2022-1708)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kubernetes API. Vulnerability Details CVEID: CVE-2022-1708 Description: A vulnerability was found in CRI-O that causes memo...

7.8CVSS8AI score0.02827EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 1:21 p.m.•65 views

Security Bulletin: A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center(CVE-2021-36373)

Summary A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-36373...

6.7AI score0.02511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 12:9 a.m.•65 views

Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server. Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM HTTP Server could allow a remote...

4.3CVSS4AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/13 2:34 p.m.•65 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)

Summary IBM® Db2® is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. Vulnerability Details CVEID: CVE-2022-22389 DESCRIPTION: IBM Db2 is vulnerable to a denial of service as the server may terminate...

6.5CVSS0.7AI score0.01453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/12 1:19 p.m.•65 views

Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2022-22721)

Summary IBM Rational Build Forge is affected by CVE-2022-22721. Vulnerability Details CVEID: CVE-2022-22721 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by an integer overflow. By sending an overly large LimitXMLRequestBody, a remote attacker could overflow a buffer...

9.1CVSS1.6AI score0.41861EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/10 4:52 p.m.•65 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)

Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/01 4:35 p.m.•65 views

Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to...

7.5CVSS7.5AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/11 10:11 p.m.•65 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped with IBM WebSphere Application Server Pattern (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published...

9.8CVSS7.3AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/29 4:43 a.m.•65 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

Summary CVE-2022-28282, CVE-2021-38503, CVE-2022-22760, CVE-2021-38509, CVE-2022-22739, CVE-2022-26381, CVE-2022-22754, CVE-2021-43538, CVE-2022-22747, CVE-2021-38504, CVE-2022-22746, CVE-2022-26383, CVE-2022-22741, CVE-2022-26384, CVE-2022-22759, CVE-2022-22748, CVE-2021-43543, CVE-2022-1196,...

10CVSS1.7AI score0.1446EPSS
Exploits21Affected Software1
Total number of security vulnerabilities5000