Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/14 8:34 p.m.•63 views

Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.

Summary IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters. Vulnerability Details CVEID:CVE-2023-28527 DESCRIPTION: IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a...

8.4CVSS6.7AI score0.00286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/07 10:45 p.m.•63 views

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in curl

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in curl Vulnerability Details CVEID: CVE-2018-1000122 DESCRIPTION: curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attack...

9.8CVSS1.5AI score0.12058EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/17 11:49 p.m.•63 views

Security Bulletin: IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and denial of service due to CVEs in Apache Velocity, Apache Jena, and XStream (woodstox)

Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in Apache Velocity, Apache Jena, and XStream woodstox. The flaws can lead to arbitrary code execution, sensitive information disclosure, and denial of...

9.8CVSS9.7AI score0.22709EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/26 7:33 p.m.•63 views

Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431)

Summary IBM® Db2® db2set is vulnerable to arbitrary code execution. Vulnerability Details CVEID: CVE-2023-30431 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow th...

8.4CVSS7.6AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/19 4:22 p.m.•63 views

Security Bulletin: IBM Rational Build Forge is vulnerable a remote attacker to execute arbitrary code on the system due to the use of Apache HTTP Server (CVE-2022-23943)

Summary IBM Rational Build Forge is affected by CVE-2022-23943. Vulnerability Details CVEID:CVE-2022-23943 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in modsed. By sending specially crafted data, an...

9.8CVSS9.8AI score0.50401EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/16 1:48 p.m.•63 views

Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Jazz Reporting Services.

Summary IBM Jazz Reporting Service Application Suite uses Google Guava package which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation...

7.1CVSS5.9AI score0.00964EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/14 5:3 a.m.•63 views

Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities

Summary There are multiple Security Vulnerabilities that were reported against the IBM Security Verify Access ISVA Appliance. These vulnerabilities have been addressed in the ISVA Appliance. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker ...

7.5CVSS8.2AI score0.59501EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/10 1:51 p.m.•63 views

Security Bulletin: IBM Event Streams is affected by a denial of service due to OpenSSL vulnerabilities

Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4450, CVE-2023-0216. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error relat...

7.5CVSS7.6AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/10 1:33 p.m.•63 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-2142 DESCRIPTION: Mozilla Nunjucks is vulnerable to cross-site scripting, caused by...

9.8CVSS8.5AI score0.24928EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/05 8:12 p.m.•63 views

Security Bulletin: IBM Spectrum Conductor with ISC BIND is vulnerable to a denial of service

Summary IBM Spectrum Conductor with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-3488 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error related to the processing of repeated responses to the same query, where both responses contai...

7.5CVSS7.8AI score0.19045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/03 2:5 p.m.•63 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase.

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. CVE-2023-33850, CVE-2023-32342, CVE-2023-21930, CVE-2023-21967 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker ...

7.5CVSS7.7AI score0.01523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/19 8:4 p.m.•63 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437)

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2023-30437 DESCRIPTION: IBM Security Guardium could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. CVSS Base score: 5.3 CVSS Temporal Score:...

8.9CVSS5.5AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/01 7:47 p.m.•63 views

Security Bulletin: XML External Entity injection vulnerability in jdom may affect custom apps in IBM Business Automation Workflow - CVE-2021-33813

Summary IBM Business Automation Workflow packages jdom. An XML External Entity XXE injection vulnerability was reported for jdom: Due to insecure default settings in jdom, a careless client application may fail to disable XML External Entity expansion features in the XML parser used by the librar...

7.5CVSS7.7AI score0.19442EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/15 3:37 a.m.•63 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Python CVE-2019-20907 Vulnerability Details CVEID:CVE-2019-20907 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the tarfile module in Lib/tarfile.py. By persuading a victim to open a specially-craft a...

7.5CVSS7.5AI score0.06304EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/28 1:39 a.m.•63 views

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities, based on current information, in the following 3rd-party components: Stanford coreNLP, FasterXML jackson-databind, SnakeYAML, Dromera Hutool, jsoup, Node.js vm2 and Node.js http-cache-semantics. These...

10CVSS9.5AI score0.72087EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/09 6:14 p.m.•63 views

Security Bulletin: Loader-utils is vulnerable to CVE-2022-37603 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses loader-utils which is vulnerable to CVE-2022-37603. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

7.5CVSS8.2AI score0.02029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/03 4:27 p.m.•63 views

Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl (CVE-2022-31081)

Summary A vulnerability in libwww-perl could allow an attacker to poison web caches, bypass web application firewall protection, and conduct XSS attacks CVE-2022-31081. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2022-31081 DESCRIPTION: Libwww is vulnerab...

7.3CVSS6.6AI score0.02108EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/24 2:55 p.m.•63 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-32809 DESCRIPTION: CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code...

7.4CVSS6.8AI score0.2241EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•63 views

Security Bulletin: Vulnerability in OpenSSL affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in OpenSSL may cause a denial of service when IBM Spectrum Virtualize is acting as a TLS client when connecting to LDAP servers or key servers. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...

7.5CVSS7.9AI score0.70561EPSS
Exploits2Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•63 views

Security Bulletin: The IBM FlashSystem 840 & IBM FlashSystem V840 products are affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID:CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability ...

7.5CVSS7.4AI score0.99999EPSS
Exploits88Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/19 8:14 p.m.•63 views

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID:CVE-2022-32206 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable "links" in the "chained" HTTP compression algorithms. By persuading a...

9.8CVSS8.5AI score0.3197EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/05 3:14 p.m.•63 views

Security Bulletin: jQuery included in ITNM is vulnerable to Cross-site Scripting (XSS) attacks (multiple vulnerabilities)

Summary Multiple vulnerabilities CVE-2015-9251; CVE-2019-11358; CVE-2020-11022; CVE-2020-11023 found in jQuery that is present in IBM Tivoli Network Manager ITNM IP Edition. jQuery versions before 3.0.0 are vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is perform...

6.9CVSS6.8AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/03 9:5 a.m.•63 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability [CVE-2022-37616]

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability with details below. CVE-2022-37616 This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-37616 DESCRIPTION: xmldom could allow a remote attacker to...

9.8CVSS9.8AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 12:37 p.m.•63 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2022-2068 and CVE-2022-2097 are identified as potential risks for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netco...

9.8CVSS8.4AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/04 12:13 a.m.•63 views

Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-33193 and CVE-2021-44224 by upgrading IBM Power Hardware...

8.2CVSS8.4AI score0.82295EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/28 2:9 p.m.•63 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-40149, CVE-2022-40150 Vulnerability Details CVEID:CVE-2022-40149 DESCRIPTION: jettison-jso...

7.5CVSS7AI score0.01287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/02 6:7 p.m.•63 views

Security Bulletin: Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Process Manager Enterprise Service Bus (July 2022 CPU plus deferred CVE-2021-2163)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager Enterprise Serivce Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the...

5.3CVSS6.1AI score0.03566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/20 6:47 p.m.•63 views

Security Bulletin: IBM Sterling Order Management Netty 4.1.34 vulnerablity

Summary Netty could provide various potential exploitable entry points icnluding weaker than expected security, netty-codec is vulnerable to a denial of service, and HTTP request smuggling Vulnerability Details CVEID:CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security,...

9.1CVSS8.2AI score0.25448EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/06 4:10 a.m.•63 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities

Summary Vulnerabilities contained within libcurl a 3rd party component were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module. Vulnerability Details CVEID:CVE-2022-27780 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused...

8.1CVSS8AI score0.03453EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 11:13 p.m.•63 views

Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0

Abstract OpenSSL versions prior to 1.0.0 do not follow best security practices and need to upgrade. On Linux Intel or z/OS platform, the components of Tivoli Management Framework 4.1.1 include the files in OpenSSL which version is prior to 1.0.0. Content VULNERABILITY DETAILS: CVE IDs:...

7.6CVSS7.1AI score0.48298EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 3:28 p.m.•63 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products Java CPU October 2021

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM...

7.5AI score0.14839EPSS
Exploits0Affected Software7
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 1:19 p.m.•63 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository due to July 2022 CPU plus deferred CVE-2021-2163

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in July 2022. These issues are addressed by WebSphere Application Server shipped with WebSphere Servi...

6.4AI score0.03566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/25 3:1 p.m.•63 views

Security Bulletin: IBM MQ is vulnerable to issues with libcurl (CVE-2022-27780, CVE-2022-30115)

Summary Multiple issues were identified within the libcurl library that affect IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2022-27780 DESCRIPTION: cURL...

7.5CVSS5.8AI score0.02187EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/22 3:14 p.m.•63 views

Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)

Summary IBM Sterling File Gateway has addressed multiple security vulnerabilities in Apache Struts Vulnerability Details CVEID:CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a special...

9.8CVSS9.4AI score0.97399EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/20 1:47 p.m.•63 views

Security Bulletin: IBM DataPower Gateway affected by prototype pollution in DOJO (CVE-2021-23450)

Summary DOJO is used mostly in the deprecated BluePrint GUI, but is also used in a small number of places in the standard Web UI. The vulnerable function is not used, but IBM has addressed the CVE. Vulnerability Details CVEID: CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to...

9.8CVSS1.6AI score0.30367EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/27 5:58 p.m.•63 views

Security Bulletin: IBM Security Guardium is affected by a number of security vulnerabilities in Netty, which is used by Guardium (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-21290 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sending a specially-crafted request, a...

7.5CVSS1AI score0.18891EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/26 1:20 a.m.•63 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSL

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenSSL. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafte...

7.5CVSS1.9AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/17 4:21 p.m.•63 views

Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...

9.8CVSS0.5AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/19 2:56 p.m.•63 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service

Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager TADDM and is vulnerable to a denial of service CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035,...

9.8CVSS1.5AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/01 1:15 p.m.•63 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Integration Bus & IBM App Connect Enterprise. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified...

9.8CVSS1AI score0.14839EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/01 12:23 p.m.•63 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-44790, CVE-2021-44224)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

1.1AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/16 5:38 a.m.•63 views

Security Bulletin: Vulnerability in Polkit affects IBM Integrated Analytics System.

Summary Polkit is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-4034. Vulnerability Details CVEID: CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by...

7.8CVSS1.6AI score0.94921EPSS
Exploits151Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/27 2:1 a.m.•63 views

Security Bulletin: IBM Watson Studio Premium Add On in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM Watson Studio Premium Add On in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/20 12:15 a.m.•63 views

Security Bulletin: IBM Spectrum Fusion HCI is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Multiple vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046 could allow an attacker to execute arbitrary code and denial of service. These vulnerabilities may affect IBM Spectrum Scale Container Native Storage Access and IBM Spectrum Protect Plus, which are part of the IBM...

10CVSS7.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/21 6:13 p.m.•63 views

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2020-35508 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security...

7.8CVSS7.5AI score0.09729EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/14 8:38 p.m.•63 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Remote Server (CVE-2021-39275)

Summary IBM HTTP Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS9AI score0.36339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/10/06 12:37 p.m.•63 views

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-10639 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the use of a weak function to generate IP packet IDs. By sniffing the network, ...

9.8CVSS1AI score0.12651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/10/04 3:52 p.m.•63 views

Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22945)

Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2021-22945 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused ...

9.1CVSS1.1AI score0.06216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/09/23 4:2 a.m.•63 views

Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management

Summary Bind is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-25215 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an assertion failure while answering queries for DNAME records. By...

8.1CVSS9AI score0.64161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/09/23 1:45 a.m.•63 views

Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console

Summary httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypto. By sending specially...

7.5CVSS0.5AI score0.49024EPSS
Exploits4Affected Software1
Total number of security vulnerabilities5000