Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/04/29 4:43 a.m.65 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

Summary CVE-2022-28282, CVE-2021-38503, CVE-2022-22760, CVE-2021-38509, CVE-2022-22739, CVE-2022-26381, CVE-2022-22754, CVE-2021-43538, CVE-2022-22747, CVE-2021-38504, CVE-2022-22746, CVE-2022-26383, CVE-2022-22741, CVE-2022-26384, CVE-2022-22759, CVE-2022-22748, CVE-2021-43543, CVE-2022-1196,...

10CVSS1.7AI score0.1446EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.65 views

Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length...

4.3CVSS0.5AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.65 views

Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary The vulnerability in CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote...

7.5CVSS0.8AI score0.50732EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/15 9:36 p.m.65 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2019-12528 DESCRIPTION: Squid could allow a remote attacker to obtain sensitive information, caused by incorrect data management when translating FTP server listings into HTTP responses. By sending a...

9.9CVSS10AI score0.99295EPSS
Exploits90Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 1:39 p.m.65 views

Security Bulletin: OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-3712)

Summary OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially...

7.4CVSS7.4AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/26 4:33 p.m.65 views

Security Bulletin: IBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104, CVE-2021-45046)

Summary IBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to multiple Apache Log4j CVE-2021-4104, CVE-2021-45046 vulnerabilities in Webssphere Application Server. The remediation addresses the vulnerabilities by removing Apache Log4j. Vulnerability...

9CVSS2.7AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 4:16 a.m.65 views

Security Bulletin: Due to use of Apache Log4j, IBM StoredIQ for Legal is vulnerable to arbitrary code execution (CVE-2021-44228, CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is included in WebSphere Application Server WAS, which is distributed with IBM Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 impacting IBM StoredIQ for Legal application. IBM StoredIQ for Legal uses Apache...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 7:3 a.m.65 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

8.5CVSS1.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 6:57 p.m.65 views

Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus

Summary Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX such as directory traversal, execution of arbitrary commands, obtaining sensitive information, elevated privileges, bypassing security restrictions, and denial of service, may affect IBM Spectrum Protect Plus. Vulnerability...

8.3CVSS8.6AI score0.78684EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/01 8:13 p.m.65 views

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID: CVE-2021-22897 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the...

9.1CVSS9AI score0.60122EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.65 views

Security Bulletin: IBM Security Guardium Insights is affected by a Components with known vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-7656 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.65 views

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2021-3538, CVE-2021-33502, CVE-2021-3450, CVE-2021-3449)

Summary IBM Security Guardium Insights has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

9.8CVSS1AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:45 a.m.65 views

Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console

Summary httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka...

9.8CVSS0.8AI score0.94999EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/23 5:41 a.m.65 views

Security Bulletin: XStream (Publicly disclosed vulnerability)

Summary Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a allowlist limited to the minimal...

8.8CVSS2.2AI score0.77735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.65 views

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. IBM DataPower Gateway has addressed the corresponding applicable CVEs. Vulnerability Details CVEID: CVE-2015-0287 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system,...

7.5CVSS8.2AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/04 1:9 a.m.65 views

Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)

Summary The cURL libcurl vulnerabilities CVE-2020-8284, CVE-2020-8286 and CVE-2020-8285 impacts Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, and Aspera Desktop Client 4.0.0 and earlier. The fix is delivered in Aspera High-Speed Transfer Server, Aspera High-Speed Transfe...

7.5CVSS1.1AI score0.09917EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/12 9:24 p.m.65 views

Security Bulletin: A security vulnerability has been idenfied in jQuery which affects DataQuant for z/OS (CVE-2019-11358)

Summary A security vulnerability has been identified in jQuery that could affect DataQuant for z/OS. Vulnerability Details CVEID: CVE-2019-11358 CVSS Base Score: 6.1 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

6.1CVSS0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/02 8:40 a.m.65 views

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE Vulnerability Details CVEID: CVE-2020-25643 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory corruption and a read overflow flaws in the pppcpparsecr...

7.5CVSS0.2AI score0.03292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/10 10:27 p.m.65 views

Security Bulletin: cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier

Summary cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0...

9.8CVSS1.4AI score0.17939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/13 7:10 p.m.65 views

Security Bulletin: Multiple Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed multiple security vulnerabilities from Bouncy Castle. Vulnerability Details CVEID: CVE-2016-1000338 DESCRIPTION: Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature i...

7.5CVSS0.2AI score0.24282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.65 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated...

5.3CVSS0.5AI score0.06232EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/04 4:40 p.m.65 views

Security Bulletin: A security vulnerability in GSKit affects IBM Rational ClearQuest (CVE-2016-2183)

Summary The GSKit that is shipped with IBM Rational ClearQuest contains a security vulnerability. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...

7.5CVSS0.6AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.65 views

Security Bulletin: Vulnerability in OSPFv2 Routing Protocol Used in IBM i Operating System (CVE-2013-0149 and CVE-2013-5385)

Problem : The OSPFv2 routing protocol specified in RFC 2328 has an ambiguity that can be exploited and allow for traffic to be black-holed and/or redirected. A PTF is provided. Resolving The Problem VULNERABILITY DETAILS: DESCRIPTION: A potential protocol vulnerability has been identified in the...

8.5CVSS0.8AI score0.03468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.65 views

Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in...

9.8CVSS0.8AI score0.39341EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/23 3:15 p.m.65 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.40 and earlier, 7.1.4.40 and earlier, 8.0.5.31 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2019. Vulnerability Details If you run your own Java...

8.1CVSS0.8AI score0.37618EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:55 a.m.65 views

Security Bulletin: Integrated Management Module II (IMM2) affected by vulnerabilities in libxml2 (CVE-2014-0191, CVE-2014-3660)

Summary Integrated Management Module II IMM2 is affected by vulnerabilities in libxml2 reported in 2014. Vulnerability Details Summary Integrated Management Module II IMM2 is affected by vulnerabilities in libxml2 reported in 2014. Vulnerability Details: CVE-ID: CVE-2014-0191 Description: Libxml2...

5CVSS0.081EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:30 a.m.65 views

Security Bulletin: Vulnerabilities in curl affect IBM Flex System Manager (FSM): (CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-013)

Summary Abstract Security vulnerabilities have been discovered in php5 that is included in IBM FSM. Content Vulnerability Details: CVE-ID: CVE-2013-2174 DESCRIPTION: cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improperb Vulnerability Details Abstract Security...

6.8CVSS0.8AI score0.11118EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/12 12:16 a.m.65 views

Security Bulletin: Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Jackson-databind were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2018-5968 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by deserialization flaws. By...

9.8CVSS2AI score0.49727EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:41 a.m.65 views

Security Bulletin: PowerKVM has released updates in response to the vulnerabilities known as Spectre and Meltdown.

Summary PowerKVM may be affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. IBM has released the following updates for PowerKVM in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715...

5.6CVSS1.5AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:37 a.m.65 views

Security Bulletin: Apache Struts Vulnerability CVE-2017-9791 will not affect PSS products

Summary The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Among all the PSS products LSF, PPM, RTM, PWS, only PWS 9.1 and 9.1.3 have Struts libs in the package. However, PWS will not use the libs...

9.8CVSS0.5AI score0.98931EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.65 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3400 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects TS3400. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPO...

4.3CVSS0.9AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:13 p.m.65 views

Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager Agent for WebSphere Applications (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Composite Application Manager Agent for WebSphere Applications. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker...

10CVSS1.7AI score0.97655EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:17 p.m.65 views

Security Bulletin:IBM WebSphere deserialization of untrusted data in IBM eDiscovery Manager

Summary IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java cod...

7.5CVSS3.3AI score0.04116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:19 a.m.65 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735)

Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, cause...

9.8CVSS0.6AI score0.90338EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:6 p.m.65 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server shipped with IBM Tivoli Security Policy Manager (CVE-2018-1301, CVE-2017-15715, CVE-2017-15710)

Summary IBM HTTP Server is shipped as a component of IBM Tivoli Security Policy Manager. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Multiple...

8.1CVSS0.7AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:44 p.m.65 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Identity Governance

Summary Vulnerabilities in Open Source openssl that is used by IBM Security Identity Governance Vulnerability Details CVEID: CVE-2016-2105 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the EVPEncodeUpdate function. By sending an overly...

10CVSS1.5AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:42 p.m.65 views

Security Bulletin: : Vulnerabilities in OpenSSL affect IBM Security Guardium (CVE-2015-3197)

Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Guardium. IBM Security Guardium has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct...

5.9CVSS0.7AI score0.10731EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:41 p.m.65 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Controller

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability...

10CVSS1AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.65 views

Security Bulletin: Multiple vulnerabilities in OpenSource Oracle Mysql affect IBM Security Guardium Database Activity Monitor

Summary Several unspecified vulnerability in Oracle MySQL Server could allow a remote attacker to cause a denial of service, obtain information, and have partial confidentiality, integrity, and availability impact. Vulnerability Details CVEID: CVE-2015-4815 DESCRIPTION: An unspecified vulnerabili...

7.2CVSS1.4AI score0.30146EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:43 p.m.65 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah Attack" for SSL/TLS affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive informatio...

5CVSS1AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.65 views

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM Java SDK shipped with WebSphere Application Server Community Edition(CVE-2016-3427 CVE-2016-3426)

Summary IBM Java SDK is shipped as a component of WebSphere Application Server Community Edition 3.0.0.4. Information about multiple security vulnerabilities affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM Java SDK...

3AI score0.92334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.65 views

Security Bulletin:A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM PureApplication System (CVE-2015-1283)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Denial of service...

6.8CVSS1AI score0.19069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:56 a.m.65 views

IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6

Abstract Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR12 and earlier. Content VULNERABILITY DETAILS There are multiple security vulnerabilities in the IBM Java Runtime Environment used in WebSphere Cast Iron. CVE ID:...

10CVSS4.1AI score0.35584EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:4 a.m.64 views

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...

9.8CVSS9.5AI score0.17673EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:30 a.m.64 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

9.8CVSS10AI score0.10539EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:15 a.m.64 views

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356)

Summary UPDATED Oct 10 Added iFixes with the correct prereqs for VIOS 3.1.2.30 and 3.1.2.40: A vulnerability in the AIX kernel could allow a non-privileged local user to obtain root privileges CVE-2022-34356. Vulnerability Details CVEID:CVE-2022-34356 DESCRIPTION: IBM AIX could allow a...

8.4CVSS7.5AI score0.00214EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 7:35 p.m.64 views

Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.

Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...

9.8CVSS9.2AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 4:29 p.m.64 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Sept 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF002 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing...

8.1CVSS9.5AI score0.02421EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 6:16 a.m.64 views

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/29 5:0 p.m.64 views

Security Bulletin: Multiple Vulnerabilities affect Db2 shipped with Cloud Pak System

Summary Vulnerabilities affect Db2 shipped with Platform System Manager PSM and Db2 pattern type PType in IBM Cloud Pak System and IBM Cloud Pak System Software. IBM Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and...

7.5CVSS7.3AI score0.01513EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000