Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.181 views

Security Bulletin: Apache Log4j vulnerability may affect IBM Sterling B2B Integrator (CVE-2021-44228)

Summary IBM Sterling B2B Integrator is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...

10CVSS2.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 3:48 p.m.181 views

Security Bulletin: Apache Log4j vulnerability (CVE-2021-44228) has been identified in IBM Tivoli Netcool Impact and IBM WebSphere Application Server bundled with Tivoli Business Service Manager

Summary IBM Tivoli Netcool Impact and IBM WebSphere Application Server are bundled as components of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM Tivoli Netcool Impact and IBM WebSphere Application Server have been published in security bulletins...

10CVSS1.1AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 3:8 a.m.181 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) impacts IBM Watson Machine Learning Accelerator

Summary Log4j is used by IBM Watson Machine Learning Accelerator for generating logs in some of its components. This bulletin provides mitigations for the Log4j vulnerability CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning Accelerator. Vulnerability Details Refer to the...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 2:0 p.m.181 views

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for IBM Connections (CVE-2021-44228)

Summary Apache Log4j open source library is used by Content Collector for IBM Connections. The vulnerability affects the Content Collector AFUKnowledgeCenter component. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228...

10CVSS1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 1:59 p.m.181 views

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for Microsoft SharePoint(CVE-2021-44228)

Summary Apache Log4j open source library is used by Content Collector for Microsoft SharePoint. The vulnerability affects the Content Collector AFUKnowledgeCenter component. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/25 1:15 p.m.181 views

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center

Summary Public disclosed vulnerability CVE-2018-11776 from Apache Struts affects IBM Platform Application Center. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts namespace code execution CVSS Base Score: 9.8 CVSS Temporal Score: See for the current score CVSS Environmental...

9.3CVSS0.5AI score0.99993EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 9:24 p.m.180 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to urllib3 for python man-in-the-middle and security bypass vulnerabilities( CVE-2021-3572,CVE-2021-28363,)

Summary Potential urllib3 for python man-in-the-middle and security bypass vulnerabilities CVE-2021-28363, CVE-2021-3572 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-28363...

6.5CVSS6.6AI score0.02109EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 6:57 p.m.179 views

Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an attacker could exploit this...

7.4CVSS7.5AI score0.06692EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 7:30 p.m.179 views

Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228)

Summary IBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-44228 vulnerability. Please note that this Security Bulletin has been...

10CVSS0.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 7:42 p.m.179 views

Security Bulletin: IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data are affected by critical vulnerability in Log4j (CVE-2021-44228)

Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/09 6:38 p.m.177 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

8.1CVSS8.1AI score0.0714EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 10:36 a.m.177 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2021-4104, CVE-2021-45046)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a...

10CVSS1.2AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 4:22 a.m.177 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j

Summary Log4j is used by IBM Watson Discovery for IBM Cloud Pak for Data to log system events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading Watson Discovery and thus addressing the exposure to the log4j vulnerability. Vulnerability Detail...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.176 views

Security Bulletin: Vulnerabilities in SSH affect IBM DataPower Gateways (CVE-2016-10009, CVE-2016-10012)

Summary SSH vulnerabilities were disclosed by the OpenSSH Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-10009 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading ...

7.8CVSS2AI score0.37431EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.174 views

Security Bulletin: A Vulnerability with jackson-databind before 2.13.0 affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary A Vulnerability with jackson-databind before 2.13.0 affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a...

7.5CVSS7.4AI score0.0486EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/24 1:11 p.m.173 views

Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go

Summary IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . CVE-2024-24783 Vulnerability Details CVEID:CVE-2024-24783 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 packag...

5.9CVSS6.5AI score0.00667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:12 p.m.173 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.0. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerab...

10CVSS9.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 11:47 a.m.173 views

Security Bulletin: IBM SDK Java 8.0.7.0 Update for IBM DataQuant

Summary Security Bulletin provides IBM DataQuant users with instructions for updating to Java 8.0.7.0 Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the...

9.8CVSS6.8AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/24 2:35 p.m.170 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Studio Client (CVE-2021-4104)

Summary Apache Log4j open source library is used by IBM Data Studio Client. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caus...

7.5CVSS1.6AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 4:12 p.m.169 views

Security Bulletin: nginx is vulnerable to CVE-2021-23017 used in IBM Maximo Application Suite - Edge Data Collector Component

Summary IBM Maximo Application Suite - Edge Data Collector Component uses nginx which is vulnerable to CVE-2021-23017. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute...

7.7CVSS7.1AI score0.52838EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 1:44 p.m.169 views

Security Bulletin: Vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634, CVE-2022-35919, CVE-2022-31028)

Summary Multiple vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift. Vulnerabilities include bypassing of security restrictions, execution of arbitrary code, obtaining sensitive information, denial of...

7.8CVSS9.2AI score0.52334EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/19 8:40 a.m.169 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager

Summary Apache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...

9.8CVSS10.2AI score0.81147EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/02 3:6 p.m.167 views

Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)

Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway and MaaS360 Cloud Extender Configuration Utility module. Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling...

6.5CVSS1.2AI score0.02682EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 9:37 p.m.166 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerabilitiy due to improper privilege management when a specially crafted table access is used. (CVE-2022-43927)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to improper privilege management when a specially crafted table access is used. Vulnerability Details CVEID:CVE-2022-43927 DESCRIPTION: IBM Db2 is vulnerable to information Disclosure due to improper privilege manageme...

7.5CVSS6.2AI score0.00641EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 3:37 a.m.166 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2015-20107. GNOME libxml2 is used by IBM Robotic Process Automation as part of container base images,...

9.8CVSS9.5AI score0.19653EPSS
Exploits38Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/09 10:3 p.m.165 views

Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-6387) due to OpenSSH

Summary Vulnerability in AIX's OpenSSH could allow a remote attacker to execute arbitrary code CVE-2024-6387. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a...

8.1CVSS8.5AI score0.99506EPSS
Exploits68Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/05 10:43 p.m.165 views

Security Bulletin: Multiple vulnerabilities in Jquery-Ui, highcharts, and datatables are affecting QRadar User Behavior Analytics (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-23445, CVE-2021-29489)

Summary There are vulnerabilities in third party packages JQuery-UI, Highcharts, datatables.net affecting User Behavior AnayticsUBA. UBA has been updated to the latest versions of these packages to address these vulnerabilities. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery...

7.6CVSS6.5AI score0.44515EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 5:5 p.m.165 views

Security Bulletin: Apache Log4j vulnerability affects IBM Sterling Secure Proxy (CVE-2021-44832)

Summary IBM Sterling Secure Proxy is vulnerable to arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to...

10CVSS1AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 4:37 p.m.165 views

Security Bulletin: There are multiple vulnerabilities in the Apache Log4j used in IBM® QRadar Risk Manager that may allow for remote code execution (RCE).

Summary Apache Log4j is used by IBM® QRadar Risk Manager to log system events. This bulletin provides a remediation to address the multiple Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 by upgrading IBM® QRadar Risk Manager. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION...

10CVSS1.4AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/05 6:42 p.m.164 views

Security Bulletin: Node.js passport is vulnerable to CVE-2022-25896 used in IBM Maximo Application Suite

Summary There is one vulnerability in passport-0.4.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-25896 DESCRIPTION: Node.js passport module could allow a remote attacker to hijack a user's session, caused by a session fixation vulnerability. An attacker could...

5.8CVSS5AI score0.00985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.163 views

Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring installed WebSphere Application Server (CVE-2021-44228)

Summary The following security issue has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Note that log4j 2.x is not actually used by ITM but is present as part of the Tivoli Portal Server component installation as it prereqs and...

10CVSS9.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 3:33 p.m.162 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/31 2:6 p.m.161 views

Security Bulletin: IBM DataPower Gateway vulnerable to a flaw in OpenSSL (CVE-2017-3732)

Summary A carry propagating bug in the OpenSSL x8664 Montgomery squaring procedure may impact DH-based ciphersuites. This issue has been addressed in DataPower v2018.4.1.23. Vulnerability Details CVEID:CVE-2017-3732 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive informatio...

5.9CVSS6.6AI score0.15934EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 1:47 a.m.161 views

Security Bulletin: Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson such as denial of service, bypassing security restrictions, obtaining sensitive information, cross-site scripting, and execution of arbitrary code may affect IBM Spectrum Copy Data Management. Vulnerability Details...

8.8CVSS9.7AI score0.12403EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 4:43 p.m.161 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...

9.8CVSS10AI score0.81147EPSS
Exploits34Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:20 a.m.161 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2022-29210 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the TensorKey hash function. A local authenticat...

7.8CVSS0.9AI score0.00536EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 8:32 p.m.161 views

Security Bulletin: IBM Security Guardium Insights is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. (CVE-2021-44228)

Summary IBM Security Guardium Insights is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. IBM Security Guardium Insights has addressed the vulnerability CVE-2021-44228 with an upgrade. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could all...

10CVSS1.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 4:50 a.m.161 views

Security Bulletin: A security vulnerability has been identified in Log4j 2 used in IBM Guardium Data Encryption (GDE) (CVE-2021-44228)

Summary Log4j 2 is a logging package used by IBM Security Guardium Data Encryption GDE. That package has a security vulnerability. Consult the bulletin listed below for details. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...

10CVSS0.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 5:5 p.m.161 views

Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692)

Summary PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure caused by an XML external entity XXE Vulnerability Details CVEID: CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caus...

7.7CVSS0.9AI score0.04094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.160 views

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 is susceptible. An exploit of this vulnerability CVE-2017-5638 could allow a remote attacker to execute arbitrary code on the system Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...

10CVSS9.9AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/18 5:28 p.m.160 views

Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363

Summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificat...

7.5CVSS7.1AI score0.03273EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 3:36 p.m.159 views

Security Bulletin: CMIS is affected since it uses Spring Framework, but not vulnerable to [CVE-2022-22965] and [CVE-2022-22963]

Summary CMIS is affected since it uses SpringFramework, but not vulnerable to CVE-2022-22965 and CVE-2022-22963. Vulnerability Details CVEID:CVE-2022-22965 DESCRIPTION: Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of...

9.8CVSS9AI score0.99939EPSS
Exploits132Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/31 1:51 p.m.158 views

Security Bulletin: IBM TRIRIGA Indoor Maps, a component of IBM TRIRIGA Portfolio Data Manager is vulnerable to arbitrary code execution due to Apache Log4j library vulnerability (CVE-2021-44228)

Summary IBM TRIRIGA Indoor Maps, a component of IBM TRIRIGA Portfolio Data Manager is vulnerable to Apache Log4j library vulnerability CVE-2021-44228 as it is used as a common logging tool. Apache Log4j is used by IBM TRIRIGA Indoors Maps as part of its logging infrastructure. This bulletin...

10CVSS1.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:34 p.m.157 views

Security Bulletin: Vulnerability in Node.js lodash affects IBM Process Mining (CVE-2021-23337,CVE-2020-28500)

Summary There is a vulnerability in Node.js lodash that could allow remote execution of arbitrary commands. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Node.js...

7.2CVSS7.4AI score0.2241EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 8:34 p.m.157 views

Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Service Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)

Summary There are vulnerabilities in Eclipse Jetty that affect Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw ...

7.8CVSS6.4AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 6:33 a.m.157 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j ( CVE-2021-45046)

Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation and workaround for the Apache Log4j vulnerability CVE-2021-45046. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code executio...

10CVSS0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 7:9 a.m.157 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-4104, CVE-2021-45046)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow...

10CVSS1AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/24 11:46 a.m.156 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7

Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, CVE-2022-35260, CVE-2022-42915,...

9.8CVSS10AI score0.99677EPSS
Exploits129Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:2 p.m.156 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-45046)

Summary Apache Log4j Vulnerability Affects IBM Sterling Control Center CVE-2021-45046. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of...

10CVSS0.7AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 8:53 p.m.156 views

Security Bulletin: The Apache Log4j (CVE-2021-44228) vulnerability affects z/TPF and TPF Operations Server

Summary The Apache Log4j vulnerability CVE-2021-44228 affects the z/Transaction Processing Facility z/TPF system and TPF Operations Server. Several Java applications on the z/TPF system depend on Apache Log4j capabilities. Additionally, the 64-bit Java support in TPF Operations Server uses Apache...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software1
Total number of security vulnerabilities5000