Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/28 7:48 a.m.65 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-25690 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

9.8CVSS9.5AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/20 11:30 a.m.65 views

Security Bulletin: Vulnerability identified in VMware component affects Cloud Pak System (CVE-2021-21974)

Summary Vulnerability identified in VMware component ESXi that is bundled with Cloud Pak System. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Cloud Pak System| 2.3.x.x...

8.8CVSS9.1AI score0.45063EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 9:44 a.m.65 views

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

7.5CVSS8.5AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:57 p.m.65 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)

Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: Eclipse Jetty i...

5.3CVSS7AI score0.7848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 9:56 p.m.65 views

Security Bulletin: A vulnerability in kafka affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-34917)

Summary There is a vulnerability in kafka that is used by the IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-craft...

7.5CVSS7.4AI score0.0125EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 3:55 p.m.65 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor

Summary IBM Sterling B2B Integrator has addressed the CKEditor security vulnerabilities in B2B API. Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used...

8.2CVSS7.3AI score0.02448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 1:16 p.m.65 views

Security Bulletin: Apache Commons HttpClient 3.x (and few others) allow Man-In-The-Middle (MITM) attack

Summary Apache Commons HttpClient 3.x and few others used do not verify the server hostname in the subject Common Name CN and allows Man-In-The-Middle MITM attack Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS...

5.8CVSS6.5AI score0.19312EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/09 10:3 a.m.65 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-41854

Summary snakeYAML is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

6.5CVSS6.4AI score0.01476EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 4:10 a.m.65 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9

Summary IBM Data Risk Manager IDRM 2.0.6.14, which is the only supported version, is impacted by multiple vulnerabilities including Apache Commons Text 1.9 CVE-2022-42889. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.15 which includes Apache Commons Text 1.10. Plea...

9.8CVSS10AI score0.99931EPSS
Exploits69Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.65 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. Vulnerability Details CVEID:CVE-2022-33879 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular expression denial...

9.1CVSS8AI score0.18891EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 2:7 p.m.65 views

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 7:55 p.m.65 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted...

5.9CVSS5.8AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 8:45 p.m.65 views

Security Bulletin: GSKit SSL/TLS handshake vulnerability in Tivoli Directory Server (CVE-2012-2190)

Abstract A vulnerability has been identified in the GSKit 7 component utilized by Tivoli Directory Server TDS version 6.0, 6.1 or 6.2. A specifically crafted malformed SSL/TLS data packet can cause a TDS server using GSKit 7 to segmentation fault.. Remediation for the issue consists of updating...

5CVSS8.6AI score0.02371EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 7:3 a.m.65 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related Java SE and Node

Summary Vulnerabilities in Node and Java SE such as HTTP request smuggling, execution of arbitrary code, gain elevated privileges on the system and unauthorized operations may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-32214 DESCRIPTION: Node.js is vulnerable to HTTP reques...

8.1CVSS8.3AI score0.77766EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/16 9:57 a.m.65 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a CRI-O security vulnerability (CVE-2022-1708)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kubernetes API. Vulnerability Details CVEID: CVE-2022-1708 Description: A vulnerability was found in CRI-O that causes memo...

7.8CVSS8AI score0.02827EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:2 p.m.65 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple...

7.4AI score0.87806EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 1:21 p.m.65 views

Security Bulletin: A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center(CVE-2021-36373)

Summary A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-36373...

6.7AI score0.02511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:9 a.m.65 views

Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server. Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM HTTP Server could allow a remote...

4.3CVSS4AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/15 12:15 p.m.65 views

Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-29788)

Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilites including OpenSSL, cross-site scripting, cross-site request forgery CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-29788 which allowed an attacker or an unauthenticated...

7.5CVSS1.3AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 2:34 p.m.65 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)

Summary IBM® Db2® is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. Vulnerability Details CVEID: CVE-2022-22389 DESCRIPTION: IBM Db2 is vulnerable to a denial of service as the server may terminate...

6.5CVSS0.7AI score0.01453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 1:19 p.m.65 views

Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2022-22721)

Summary IBM Rational Build Forge is affected by CVE-2022-22721. Vulnerability Details CVEID: CVE-2022-22721 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by an integer overflow. By sending an overly large LimitXMLRequestBody, a remote attacker could overflow a buffer...

9.1CVSS1.6AI score0.41861EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 4:52 p.m.65 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)

Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 4:35 p.m.65 views

Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to...

7.5CVSS7.5AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/11 10:11 p.m.65 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped with IBM WebSphere Application Server Pattern (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published...

9.8CVSS7.3AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/29 4:43 a.m.65 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

Summary CVE-2022-28282, CVE-2021-38503, CVE-2022-22760, CVE-2021-38509, CVE-2022-22739, CVE-2022-26381, CVE-2022-22754, CVE-2021-43538, CVE-2022-22747, CVE-2021-38504, CVE-2022-22746, CVE-2022-26383, CVE-2022-22741, CVE-2022-26384, CVE-2022-22759, CVE-2022-22748, CVE-2021-43543, CVE-2022-1196,...

10CVSS1.7AI score0.1446EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.65 views

Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length...

4.3CVSS0.5AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.65 views

Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary The vulnerability in CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote...

7.5CVSS0.8AI score0.50732EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 1:39 p.m.65 views

Security Bulletin: OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-3712)

Summary OpenSSL as used by IBM QRadar SIEM is vulnerable to information disclosure. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially...

7.4CVSS7.4AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 10:30 a.m.65 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary OpenSSH used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-41617 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when certa...

7CVSS1.7AI score0.02367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/26 4:33 p.m.65 views

Security Bulletin: IBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104, CVE-2021-45046)

Summary IBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to multiple Apache Log4j CVE-2021-4104, CVE-2021-45046 vulnerabilities in Webssphere Application Server. The remediation addresses the vulnerabilities by removing Apache Log4j. Vulnerability...

9CVSS2.7AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 6:32 p.m.65 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-44224)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-44224 Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service or server-side request forgery. By sending a specially crafted URI to httpd configured as a forward proxy, ...

8.2CVSS1.7AI score0.82295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 4:16 a.m.65 views

Security Bulletin: Due to use of Apache Log4j, IBM StoredIQ for Legal is vulnerable to arbitrary code execution (CVE-2021-44228, CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is included in WebSphere Application Server WAS, which is distributed with IBM Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 impacting IBM StoredIQ for Legal application. IBM StoredIQ for Legal uses Apache...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 7:3 a.m.65 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

8.5CVSS1.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 6:57 p.m.65 views

Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus

Summary Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX such as directory traversal, execution of arbitrary commands, obtaining sensitive information, elevated privileges, bypassing security restrictions, and denial of service, may affect IBM Spectrum Protect Plus. Vulnerability...

8.3CVSS8.6AI score0.78684EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/01 8:13 p.m.65 views

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID: CVE-2021-22897 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the...

9.1CVSS9AI score0.60122EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.65 views

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2021-3538, CVE-2021-33502, CVE-2021-3450, CVE-2021-3449)

Summary IBM Security Guardium Insights has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

9.8CVSS1AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.65 views

Security Bulletin: IBM Security Guardium Insights is affected by a Components with known vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-7656 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:45 a.m.65 views

Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console

Summary httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka...

9.8CVSS0.8AI score0.94999EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.65 views

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. IBM DataPower Gateway has addressed the corresponding applicable CVEs. Vulnerability Details CVEID: CVE-2015-0287 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system,...

7.5CVSS8.2AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/03 4:41 p.m.65 views

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Informix Genero (CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792 & CVE-2015-4000)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Informix Genero. Informix Genero has addressed the applicable CVEs...

7.5CVSS5.6AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/30 10:43 a.m.65 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the...

5.9CVSS5.8AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/12 9:24 p.m.65 views

Security Bulletin: A security vulnerability has been idenfied in jQuery which affects DataQuant for z/OS (CVE-2019-11358)

Summary A security vulnerability has been identified in jQuery that could affect DataQuant for z/OS. Vulnerability Details CVEID: CVE-2019-11358 CVSS Base Score: 6.1 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

6.1CVSS0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/10 10:27 p.m.65 views

Security Bulletin: cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier

Summary cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0...

9.8CVSS1.4AI score0.17939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.65 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated...

5.3CVSS0.5AI score0.06232EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/25 2:35 p.m.66 views

Security Bulletin: A vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1551)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive informatio...

5.3CVSS1.2AI score0.14298EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/04 4:40 p.m.65 views

Security Bulletin: A security vulnerability in GSKit affects IBM Rational ClearQuest (CVE-2016-2183)

Summary The GSKit that is shipped with IBM Rational ClearQuest contains a security vulnerability. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...

7.5CVSS0.6AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/04 4:40 p.m.65 views

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2017-9798, CVE-2017-12618)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products an...

7.5CVSS1.3AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.65 views

Security Bulletin: Vulnerability in OSPFv2 Routing Protocol Used in IBM i Operating System (CVE-2013-0149 and CVE-2013-5385)

Problem : The OSPFv2 routing protocol specified in RFC 2328 has an ambiguity that can be exploited and allow for traffic to be black-holed and/or redirected. A PTF is provided. Resolving The Problem VULNERABILITY DETAILS: DESCRIPTION: A potential protocol vulnerability has been identified in the...

8.5CVSS0.8AI score0.03468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.65 views

Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in...

9.8CVSS0.8AI score0.39341EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/02 10:3 p.m.66 views

Security Bulletin: IBM MQ Appliance affected by an OpenSSH vulnerability (CVE-2019-6110)

Summary IBM MQ Appliance has addressed the following OpenSSH vulnerability. Vulnerability Details CVEID: CVE-2019-6110 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by accepting and displaying arbitrary stderr output from the scp server. A man-in-the-middl...

6.8CVSS1.9AI score0.20906EPSS
Exploits8Affected Software1
Total number of security vulnerabilities5000