Lucene search
K
IbmMost viewed

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/01/06 4:35 p.m.66 views

Security Bulletin: Multiple vulnerabilities in TLS in Cloud Pak for Automation

Summary There are multiple vulnerabilities in the TLS protocol implementation in Business Automation Insights BAI in Cloud Pak for Automation. These have been addressed. Vulnerability Details CVEID: CVE-2013-0169 DESCRIPTION: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used...

5CVSS1.3AI score0.67703EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/17 6:35 a.m.66 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Enterprise Single Sign-On

Summary These issues were also addressed by IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. Vulnerability Details CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability related to the Java SE RMI component could allow an...

5.9CVSS0.8AI score0.37618EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/10 2:29 p.m.66 views

Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins

Abstract A list of the installation instructions, new features, and resolved issues list for the release of IBM Security QRadar 7.2.8 Patch 4 7.2.8.20170224202650. Content Known issue identified IMPORTANT: A known issue has been identified in QRadar 7.2.8 Patch 4 where QFlow Collector 12xx/13xx...

9.3CVSS0.6AI score0.55724EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/27 12:21 p.m.66 views

Security Bulletin: IBM Security Identity Governance and Intelligence has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown

Summary IBM has released the following fixpack for IBM Security Identity Governance and Intelligence in response to CVE-2017-5753 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacke...

5.6CVSS0.7AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/27 1:22 a.m.66 views

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in php

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php. Vulnerability Details CVEID: CVE-2018-7584 DESCRIPTION: PHP is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the phpstreamurlwraphttpex function in...

9.8CVSS1.3AI score0.87883EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/05 8:6 p.m.66 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server

Summary The following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15...

9.8CVSS0.4AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:38 a.m.66 views

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-11600 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by out-of-bound access in thenet/xfrm/xfrmpolicy.c. By using...

10CVSS0.9AI score0.17827EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:32 a.m.66 views

Security Bulletin: Tomcat apache vulnerability affects IBM Storwize V7000 Unified

Summary Apache Tomcat is used by Storwize V7000 Unified. Storwize V7000 Unified has addressed the applicable CVEs. Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected...

9.1CVSS0.8AI score0.10303EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:22 p.m.66 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Access Manager for Web. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially...

10CVSS0.8AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:22 p.m.66 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Access Manager for Mobile. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially...

10CVSS0.7AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:1 p.m.66 views

Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary Multiple security vulnerabilities in memcached, PCRE, and PHP affect IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. Installation programs for the Windows components of IBM Tealeaf Customer Experience on Cloud Network Capture Add-On are vulnerable to attack under certain...

10CVSS0.9AI score0.89058EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:42 p.m.65 views

Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities

Question Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.65 views

Security Bulletin: Aspera Products and the Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

Question Security Bulletin: Aspera Products and the Meltdown and Spectre vulnerabilities CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.6CVSS7.4AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:34 a.m.65 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for April 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF032 and 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is...

9.8CVSS7.3AI score0.99999EPSS
Exploits26Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/02 8:4 a.m.65 views

Security Bulletin: gunicorn-20.1.0-py3-none-any

Summary Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn'...

7.5CVSS7.4AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 2:2 p.m.65 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details CVEID:CVE-2018-1000134 DESCRIPTION: Ping Identity UnboundID LDAP SDK could allow a remote attacker to...

9.8CVSS9.2AI score0.91896EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/21 3:5 p.m.65 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity XXE injection vulnerability. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are...

7CVSS7.2AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:17 p.m.65 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow a...

7.5CVSS8.2AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.65 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in PHP. Vulnerability Details CVEID: CVE-2019-9641 DESCRIPTION: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an...

9.8CVSS0.3AI score0.10059EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 3:31 p.m.65 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609)

Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary...

9.8CVSS9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/14 9:8 p.m.65 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

3.7CVSS5.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/06 11:23 a.m.65 views

Security Bulletin: Due to use of Netty, IBM® MobileFirst Platform is vulnerable to a denial of service.

Summary Netty is used by IBM® MobileFirst Platform. CVE-2023-34462 Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a...

6.5CVSS6.9AI score0.02459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 7:58 a.m.65 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty

Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...

7.5CVSS6.9AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 8:34 p.m.65 views

Security Bulletin: IBM Spectrum Conductor with Spring Framework is vulnerable to a denial of service

Summary IBM Spectrum Conductor with Spring Framework is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit thi...

6.5CVSS7.1AI score0.01122EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 11:19 a.m.65 views

Security Bulletin: CVE-2023-34149 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2023-34149 reported in Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw wit...

6.5CVSS5.5AI score0.05403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 4:48 p.m.65 views

Security Bulletin: Multiple VMWare Tanzu Spring Vulerabilities Affects IBM OpenPages with Watson (CVE-2022-22968, CVE-2022-22970, CVE-2022-22971)

Summary Spring Framework open source library is used by IBM OpenPages with Watson. Multiple vulnerabilties are being disclosed from Spring Framework within this bulletin. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2022-22968 DESCRIPTION: Spring Framework could provide...

6.5CVSS6.4AI score0.05666EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 10:0 a.m.65 views

Security Bulletin: Multiple Vulnerabilities in Apache Struts Affect IBM eDiscovery Manager

Summary Multiple vulnerabilities in Apache Struts 2.3.x may affect IBM eDiscovery Manager. These are addressed. Vulnerability Details CVEID:CVE-2020-17530 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on...

9.8CVSS9.6AI score0.97399EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 1:46 p.m.65 views

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2023 Vulnerability Advisory, plus CVE-2023-25193 and CVE-2023-2597. For more information please refer to OpenJDK's April 2023 Vulnerability Advisory and the X-Force database entries referenced...

9.1CVSS8.9AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 1:24 p.m.65 views

Security Bulletin: There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705)

Summary There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-40705 DESCRIPTION: Apache SOAP is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a weakly configured XML parser in...

7.5CVSS7.5AI score0.01414EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 6:30 p.m.65 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploi...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/10 4:23 a.m.65 views

Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).

Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-20860, CVE-2023-20861. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service...

7.5CVSS7.5AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/18 6:22 p.m.65 views

Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)

Summary The following security vulnerabilities have been addressed by IBM Integrated Management Module II IMM2 for System x, BladeCenter and Flex Systems. Vulnerability Details Summary The following security vulnerabilities have been addressed by IBM Integrated Management Module II IMM2 for Syste...

7.8CVSS9.9AI score0.07688EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 4:31 p.m.65 views

Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability (CVE-2022-3171, CVE-2022-3510, CVE-2022-3509)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded message...

7.5CVSS6.2AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 11:59 a.m.65 views

Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack

Summary IBM Workload Scheduler is vulnerable to XML External Entity Injection XXE exploitation in "Create Job on Broker" page. Vulnerability Details CVEID:CVE-2022-22486 DESCRIPTION: IBM Tivoli Workload Scheduler is vulnerable to an XML External Entity Injection XXE attack when processing XML dat...

10CVSS9.3AI score0.01365EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/20 11:30 a.m.65 views

Security Bulletin: Vulnerability identified in VMware component affects Cloud Pak System (CVE-2021-21974)

Summary Vulnerability identified in VMware component ESXi that is bundled with Cloud Pak System. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Cloud Pak System| 2.3.x.x...

8.8CVSS9.1AI score0.45063EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 9:44 a.m.65 views

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

7.5CVSS8.5AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:57 p.m.65 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)

Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: Eclipse Jetty i...

5.3CVSS7AI score0.7848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:1 p.m.65 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase [CVE-2022-40674, CVE-2022-43680]

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. CVE-2022-40674, CVE-2022-43680 Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a...

8.1CVSS8.6AI score0.02241EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 9:56 p.m.65 views

Security Bulletin: A vulnerability in kafka affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-34917)

Summary There is a vulnerability in kafka that is used by the IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-craft...

7.5CVSS7.4AI score0.0125EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/21 1:12 p.m.65 views

Security Bulletin: OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation (CVE-2021-41617)

Summary OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation . This has been updated in the latest release and the vulnerability have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak f...

7CVSS7.5AI score0.02367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 1:16 p.m.65 views

Security Bulletin: Apache Commons HttpClient 3.x (and few others) allow Man-In-The-Middle (MITM) attack

Summary Apache Commons HttpClient 3.x and few others used do not verify the server hostname in the subject Common Name CN and allows Man-In-The-Middle MITM attack Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS...

5.8CVSS6.5AI score0.19312EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/09 10:3 a.m.65 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-41854

Summary snakeYAML is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

6.5CVSS6.4AI score0.01476EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.65 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. Vulnerability Details CVEID:CVE-2022-33879 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular expression denial...

9.1CVSS8AI score0.18891EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 2:7 p.m.65 views

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/10 12:6 p.m.65 views

Security Bulletin: Multiple vulnerabilities in IBM Cognos Express (CVE-2013-5443, CVE-2013-5445, CVE-2013-5444, CVE-2013-2407, CVE-2013-2450, CVE-2013-0169, CVE-2013-1478, CVE-2013-1480)

Summary A number of security vulnerabilities in IBM Cognos Express have been identified and addressed in a software update. Vulnerability Details CVE ID: CVE-2013-5443 DESCRIPTION: A Cross Site Request Forgery CSRF vulnerability in IBM Cognos Express allows an attacker that is able to trick an...

10CVSS7.5AI score0.35584EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 7:55 p.m.65 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted...

5.9CVSS5.8AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.65 views

Security Bulletin: IBM Sterling Control Center Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

4.3CVSS7.6AI score0.66817EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 8:45 p.m.65 views

Security Bulletin: GSKit SSL/TLS handshake vulnerability in Tivoli Directory Server (CVE-2012-2190)

Abstract A vulnerability has been identified in the GSKit 7 component utilized by Tivoli Directory Server TDS version 6.0, 6.1 or 6.2. A specifically crafted malformed SSL/TLS data packet can cause a TDS server using GSKit 7 to segmentation fault.. Remediation for the issue consists of updating...

5CVSS8.6AI score0.02371EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 7:3 a.m.65 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related Java SE and Node

Summary Vulnerabilities in Node and Java SE such as HTTP request smuggling, execution of arbitrary code, gain elevated privileges on the system and unauthorized operations may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-32214 DESCRIPTION: Node.js is vulnerable to HTTP reques...

8.1CVSS8.3AI score0.77766EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/16 9:57 a.m.65 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a CRI-O security vulnerability (CVE-2022-1708)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kubernetes API. Vulnerability Details CVEID: CVE-2022-1708 Description: A vulnerability was found in CRI-O that causes memo...

7.8CVSS8AI score0.02827EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000