Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 9:16 a.m.64 views

Security Bulletin: Vulnerabilities in Logback may affect the IBM Spectrum Protect Server (CVE-2023-6481)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in Logback such as denial of service caused by a serializaion flaw in the logback receiver component. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused ...

7.5CVSS7.1AI score0.00682EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/08 10:36 p.m.64 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

9.8CVSS9.1AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 5:14 a.m.64 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 packages and cryptographic algorithms

Summary go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTIO...

7.8CVSS9.4AI score0.01614EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 3:45 p.m.64 views

Security Bulletin: IBM DataPower Gateway vulnerable to unauthorized access in Redis

Summary Redis is used in gateway peering, B2B and rate-limiting. IBM has updated Redis to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45145 DESCRIPTION: Redis could allow a local authenticated attacker to bypass security restrictions, caused by a race condition when a permissi...

3.6CVSS3.8AI score0.00444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 3:27 p.m.64 views

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service and disclosure of sensitive information.

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2023-44487 and CVE-2023-44483 Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexe...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 6:40 p.m.64 views

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in the Linux Kernel

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2023-4207 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: clsfw...

7.8CVSS7.2AI score0.00565EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 5:35 p.m.64 views

Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to several open source vulnerabilites. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to...

9.8CVSS9.8AI score0.09501EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 6:7 p.m.64 views

Security Bulletin: IBM Maximo Asset Management is affected by multiple vulnerabilities (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453) in snappy-java.

Summary IBM Maximo Asset Management is affected by multiple vulnerabilities CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 in snappy-java. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in th...

7.5CVSS7.4AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/26 6:24 p.m.65 views

Security Bulletin: semver-6.3.0.tgz is vulnerable to CVE-2022-25883 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses semver which is vulnerable to CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new...

7.5CVSS7.3AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:8 p.m.64 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363)

Summary A security vulnerability has been identified and addressed in Apache CXF shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is...

7.5CVSS8.3AI score0.01193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/19 6:38 p.m.64 views

Security Bulletin: There is a security vulnerability in AWS SDK for Java used by Maximo Asset Management (CVE-2022-31159)

Summary There is a security vulnerability in AWS SDK for Java used by Maximo Asset Management. This only affects systems configured to store attachments in a Simple Storage Service S3 cloud object storage. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remo...

7.9CVSS6.7AI score0.01193EPSS
Exploits1Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/07 4:53 p.m.64 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

10CVSS10AI score0.95764EPSS
Exploits57Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 9:22 p.m.64 views

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a code execution vulnerability in Apache Kafka (CVE-2023-25194)

Summary A code execution vulnerability in Apache Kafka used byIBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

8.8CVSS8.9AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/18 6:22 p.m.64 views

Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)

Summary The following security vulnerabilities have been addressed by IBM Integrated Management Module II IMM2 for System x, BladeCenter and Flex Systems. Vulnerability Details Summary The following security vulnerabilities have been addressed by IBM Integrated Management Module II IMM2 for Syste...

7.8CVSS9.9AI score0.07688EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 4:31 p.m.64 views

Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability (CVE-2022-3171, CVE-2022-3510, CVE-2022-3509)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded message...

7.5CVSS6.2AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.64 views

Security Bulletin: Vulnerabilities in IBM Java and Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition and Apache Tomcat affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java...

7.5CVSS7.6AI score0.87553EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.64 views

Security Bulletin: Vulnerability in OpenSSH affects IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products (CVE-2016-10708)

Summary A vulnerability in the OpenSSH component affects the Command Line Interface of IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products. Vulnerability Details CVEID: CVE-2016-10708 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by a NULL pointer dereference...

7.5CVSS6.7AI score0.15716EPSS
Exploits1Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.64 views

Security Bulletin: Apache Tomcat vulnerabilities on IBM SAN Volume Controller and Storwize Family (CVE-2013-4286 CVE-2013-4322 CVE-2014-0075 CVE-2014-0099)

Summary Security Bulletin: Apache Tomcat vulnerabilities on IBM SAN Volume Controller and Storwize Family CVE-2013-4286 CVE-2013-4332 CVE-2014-0075 CVE-2014-0099 Vulnerability Details Security Bulletin --- Summary --- Apache Tomcat DoS and unauthorized access vulnerabilities Vulnerability Details...

5.8CVSS8.8AI score0.2006EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/28 7:48 a.m.64 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-25690 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

9.8CVSS9.5AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 7:34 p.m.64 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Angular is part of the .NET RHEL infrastructure CVE-2021-4231. Apache UIMA is used by IBM Robotic Process Automation as part of Watson NLP CVE-2022-32287. SnakeYaml is used by IBM Robotic Process...

9.8CVSS8.8AI score0.99615EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 3:55 p.m.64 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor

Summary IBM Sterling B2B Integrator has addressed the CKEditor security vulnerabilities in B2B API. Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used...

8.2CVSS7.3AI score0.02448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 9:53 p.m.64 views

Security Bulletin: Apache Tika security vulnerabilities found during Open Source Scan in IBM Content Collector for email in Content Search Services (affected, not vulnerable)

Summary Apache Tika security vulnerabilities found during Open Source Scan in IBM Content Collector for email in Content Search Services in Apache Tika v1.28.2 and prior Vulnerability Details CVEID:CVE-2022-30126 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular...

5.5CVSS5.5AI score0.02495EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.64 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. CVEs: CVE-2021-23450, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-25315, CVE-2022-25313, CVE-2022-25235, CVE-2022-25236,...

9.8CVSS10AI score0.69803EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/09 10:3 a.m.64 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-41854

Summary snakeYAML is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

6.5CVSS6.4AI score0.01476EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 4:10 a.m.64 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9

Summary IBM Data Risk Manager IDRM 2.0.6.14, which is the only supported version, is impacted by multiple vulnerabilities including Apache Commons Text 1.9 CVE-2022-42889. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.15 which includes Apache Commons Text 1.10. Plea...

9.8CVSS10AI score0.99931EPSS
Exploits69Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 11:37 p.m.64 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Kafka (CVE-2022-34917)

Summary A denial of service vulnerability in Apache Kafka used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request...

7.5CVSS7.3AI score0.0125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/04 12:13 a.m.64 views

Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-33193 and CVE-2021-44224 by upgrading IBM Power Hardware...

8.2CVSS8.4AI score0.82295EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/16 10:3 a.m.64 views

Security Bulletin: Tivoli Business Service Manager is vulnerable to cross-site scripting due to improper validation in Angular (CVE-2022-25869)

Summary Angular is shipped with IBM Tivoli Business Service Manager as a component of it's dashboard interface. Information about a security vulnerability affecting Angular has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-25869 DESCRIPTION: Node.js angular module is...

6.1CVSS5.4AI score0.05276EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 6:30 p.m.64 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager.

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about multiple security vulnerabilitiesCVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556 affecting IBM WebSphere...

9.8CVSS8.2AI score0.19008EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:54 p.m.64 views

Security Bulletin: Apache Log4j vulnerability

Summary Apache Log4j vulnerability Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using...

9.2AI score0.61785EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:2 p.m.64 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple...

7.4AI score0.87806EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/24 9:10 a.m.64 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service due to Linux Kernel (CVE-2020-35513)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2020-35513 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with incorrectly umask during file or directory modification in the NFS network file system function...

4.9CVSS5.5AI score0.01347EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.64 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and Switches (CVE-2016-0701, CVE-2015-3197)

Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cisco MDS Directors and Switches. IBM Cisco MDS Directors and Switches has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0701 DESCRIPTION: OpenSSL could allow a...

5.9CVSS6.3AI score0.83645EPSS
Exploits2Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/27 2:58 p.m.64 views

Security Bulletin: OpenSSL for IBM i is vulnerable to arbitrary command execution (CVE-2022-2068)

Summary OpenSSL is vulnerable to arbitrary command execution due to improper validation of input by creshash script as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section. Vulnerability Details...

10CVSS9.9AI score0.95764EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/15 12:15 p.m.64 views

Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-29788)

Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilites including OpenSSL, cross-site scripting, cross-site request forgery CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-29788 which allowed an attacker or an unauthenticated...

7.5CVSS1.3AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.64 views

Security Bulletin: Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2014-4263, CVE-2014-0075)

Summary The IMS™ Enterprise Suite SOAP Gateway is affected by multiple vulnerabilities in IBM® SDK, Java™ Technology Edition July Update and Apache Tomcat. Vulnerability Details CVE ID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial...

7.8CVSS6.9AI score0.69936EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 8:58 a.m.64 views

Security Bulletin: The IBM® SDK Java Technology Edition, October 2021 CPU affect IBM Common Licensing (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)

Summary There are multiple security vulnerabilities that are addressed in the IBM® SDK Java Technology Edition, October 2021 CPU, found in the IBM® Runtime Environment Java™ used by IBM License Key Server Administration and Reporting Tool and its Agent. Vulnerability Details Refer to the security...

9.8CVSS2AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 5:6 p.m.64 views

Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the DS8000 HMC. Vulnerability Details This update provides details on...

10CVSS9.3AI score0.99999EPSS
Exploits158Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:6 p.m.64 views

Security Bulletin: IBM Security QRadar SOAR is using a component vulnerable to Cross Site Scripting (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)

Summary IBM® Security QRadar SOAR formerly known as Resilient SOAR is using a component with known Cross Site Scripting vulnerabilities. QRadar SOAR uses jQuery-UI, which is vulnerable to several XSS issues as listed below. QRadar SOAR has released an update that addresses these issues...

6.5CVSS0.3AI score0.44515EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/01 7:14 p.m.64 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.35, used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java...

9.8CVSS8.7AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/25 1:6 p.m.64 views

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-44142).

Summary Samba is included in IBM Netezza for Cloud Pak for Data. Samba is not actively used and have limited exposure to CVE-2021-44142. Vulnerability is fixed. Fix includes updated version of samba client. samba-client-libs-4.10.16-18.el79.x8664 Vulnerability Details CVEID: CVE-2021-44142...

9CVSS1.9AI score0.74042EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 10:30 a.m.64 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary OpenSSH used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-41617 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when certa...

7CVSS1.7AI score0.02367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/07 5:23 p.m.64 views

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused b...

10CVSS1.5AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 6:32 p.m.64 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-44224)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-44224 Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service or server-side request forgery. By sending a specially crafted URI to httpd configured as a forward proxy, ...

8.2CVSS1.7AI score0.82295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/12 7:17 p.m.64 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server. This has been addressed. IBM HTTP Server is affected by CVE-2021-44224 for IBM HTTP Server configurations with "ProxyRequests ON" in the IBM HTTP Server configuration file httpd.conf by...

9.8CVSS0.4AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 6:45 p.m.64 views

Security Bulletin: IBM Netcool Agile Service Manager is affected by a vulnerability in Apache Log4j (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Netcool Agile Service Manager. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 2:51 a.m.64 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM SPSS Analytic Server (CVE-2021-45105 and CVE-2021-45046)

Summary There is a vulnerability in the version of Apache Log4j that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

10CVSS0.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/02 4:45 p.m.64 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2021 Critical Patch Update, except for CVE-2021-35550, CVE-2021-35561, and CVE-2021-35603, which will be covered by future bulletins. For more information please refer to Oracle's October 2021 CP...

9.8CVSS6.3AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/18 6:25 a.m.64 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-39275)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.1.1.x and 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

0.9AI score0.36339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/15 1:5 p.m.64 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities with details of each below Vulnerability Details CVEID: CVE-2021-33196 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By...

7.5CVSS8.5AI score0.07032EPSS
Exploits6Affected Software2
Total number of security vulnerabilities5000