Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 5:53 p.m.62 views

Security Bulletin: Vulnerabilities in Linux components affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a...

7.5CVSS8.3AI score0.99999EPSS
Exploits21Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/31 10:42 a.m.62 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

7CVSS7.2AI score0.0138EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 5:51 p.m.62 views

Security Bulletin: Multiple vulnerabilities in IBM's Common Cryptographic Architecture (CCA). CVE-2023-33855, CVE-2023-47150

Summary IBM Common Cryptographic Architecture CCA is used to interface with the IBM Hardware Security Module HSM. CCA could allow a remote user to cause a denial of service attack CVE-2023-47150 or to obtain sensitive information CVE-2023-33855 as described in the vulnerability details section. I...

7.5CVSS5.7AI score0.00648EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:4 p.m.62 views

Security Bulletin: Potential vulnerability in Eclipse Jetty used by Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2023-36479)

Summary Eclipse Jetty in Apache Solr could provide weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...

3.5CVSS4.8AI score0.01006EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 10:19 a.m.62 views

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM TXSeries for Multiplatforms is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

Summary IBM WebSphere Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams i...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 3:22 p.m.62 views

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service attacks due to multiple vulnerabilities.

Summary IBM i Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to denial of service attacks due to errors exploitable by remote attacker as described in the vulnerability details section CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50868. This bulletin...

7.5CVSS7.8AI score0.81729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 7:31 p.m.62 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By...

7.5CVSS8.6AI score0.01772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:40 p.m.62 views

Security Bulletin: IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J (CVE-2022-45787)

Summary IBM Sterling B2B Integrator uses Apache James MIME4J. Vulnerability Details CVEID: CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

5.5CVSS6.1AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 2:47 p.m.62 views

Security Bulletin: Security Vulnerabilities in redisson package affect IBM Voice Gateway

Summary Security Vulnerabilities in redisson package affect the SMS Gateway component of IBM Voice Gateway Vulnerability Details CVEID: CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuadi...

9.6CVSS7.9AI score0.01036EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 5:30 p.m.62 views

Security Bulletin: IBM MQ is affected by a denial-of-service vulnerability

Summary IBM MQ has addressed an error within the IBM MQ clustering logic, in which a specially crafted message could cause a denial-of-service. Vulnerability Details CVEID: CVE-2023-45177 DESCRIPTION: IBM MQ is vulnerable to a denial-of-service attack due to an error within the IBM MQ clustering...

5.3CVSS6.2AI score0.00599EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 8:49 p.m.62 views

Security Bulletin: There is a vulnerability in netty used by IBM Maximo Asset Management (CVE-2023-34462)

Summary There is a vulnerability in netty used by IBM Maximo Asset Management CVE-2023-34462. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the...

6.5CVSS7.1AI score0.02459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/14 5:1 a.m.62 views

Security Bulletin: Security Vulnerabilities have been identifed in the IBM WebSphere Liberty product as shipped with the IBM Security Verify Access products.

Summary There are multiple Security vulnerabilities affecting IBM WebSphere Liberty have been fixed in the IBM Security Verify Access ISVA Appliance and Container images. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and...

8.8CVSS6.9AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/12 5:10 p.m.62 views

Security Bulletin: IBM Aspera Faspex has addressed an IP address restriction bypass vulnerability

Summary IBM Aspera Faspex could allow a malicious actor to bypass the whitelist IP check at user log in. This is not an unauthorized user access exploit. Vulnerability Details CVEID:CVE-2023-30995 DESCRIPTION: IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor...

7.5CVSS7.5AI score0.00762EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 6:56 p.m.62 views

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

10CVSS9.7AI score0.99615EPSS
Exploits61Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 11:7 a.m.62 views

Security Bulletin: Vulnerability of jython-standalone-2.7.0.jar have affected APM WebSphere Application Server Agent and APM Tomcat Agent

Summary APM WebSphere Application Server Agent and APM Tomcat Agent are vulnerable to jython-standalone-2.7.0.jar CVE-2013-2027. The workaround includes jython-standalone-2.7.0.jar upgraded to jython-standalone-2.7.3.jar. Vulnerability Details CVEID:CVE-2013-2027 DESCRIPTION: Jython could allow a...

4.6CVSS9.4AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/09 1:37 p.m.62 views

Security Bulletin: CVE-2023-24536, CVE-2023-24537 and CVE-2023-24534 may affect IBM CICS TX Standard

Summary CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24536 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw during multipart form parsing. By...

7.5CVSS8.8AI score0.01888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 12:39 p.m.62 views

Security Bulletin: CVE-2023-24998 may affect IBM CICS TX Standard

Summary CVE-2023-24998 may affect IBM WebSphere Application Server Liberty supplied with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service,...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/27 3:23 p.m.62 views

Security Bulletin:Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to CVE-2023-30441

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM...

7.5CVSS7.5AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 7:39 a.m.62 views

Security Bulletin: Vulnerability in Apache Commons FileUpload (CVE-2023-24998) affects Power HMC

Summary Apache Commons FileUpload is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request...

7.5CVSS7.5AI score0.46836EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 1:11 p.m.62 views

Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)

Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/13 5:42 p.m.62 views

Security Bulletin: IBM i DNS is affected by denial of service attacks due to flaws in ISC BIND (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).

Summary The IBM i DNS Server implementation uses ISC BIND. ISC BIND is vulnerable to denial of service attacks due to allocating memory before checking access permissions and flaws in the implementation of the stale-answer-client-timeout option as described in the vulnerability details section. I...

7.5CVSS7.6AI score0.5017EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/03 5:3 p.m.62 views

Security Bulletin: Netty Vulnerabilites 4.0.37

Summary Netty could provide various potential exploitable entry points including weaker than expected security, netty-codec is vulnerable to a denial of service, and HTTP request smuggling Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, cause...

9.1CVSS8.2AI score0.18891EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/17 9:26 a.m.62 views

Security Bulletin: Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517)

Summary IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management can be affected by vulnerabilities in moment, ansi-regex, Node.js, and minimatch. Vulnerabilities include denial of service attacks, obtaining sensitive information, and directory traversal, as described by the CVEs...

7.8CVSS8.9AI score0.05664EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 3:29 p.m.62 views

Security Bulletin: Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty (CVE-2022-41881 and CVE-2022-41915)

Summary Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty with details below. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...

7.5CVSS7.1AI score0.01466EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:48 a.m.62 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors. IBM b-type SAN firmware has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3193DESCRIPTION: OpenSSL could allow a remote...

7.5CVSS7.2AI score0.44016EPSS
Exploits1Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 3:9 p.m.62 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 allowing unauthorized access of unauthenticated attacker with...

6.5CVSS6AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 1:19 p.m.62 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of JSON Web Token. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:45 p.m.62 views

Security Bulletin: IBM Aspera Orchestrator was vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-22720)

Summary Aspera Ochestrator has addressed the following vulnerability that has been remediated in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-22720 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection whe...

9.8CVSS9.2AI score0.28189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:18 p.m.62 views

Security Bulletin: IBM Aspera Orchestrator vulnerable to server-side request forgery due to Apache HTTP Server vulnerability (CVE-2021-40438)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remo...

9CVSS9.1AI score0.99999EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:34 p.m.62 views

Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in jackson-databind that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...

7.5CVSS7.7AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:29 p.m.62 views

Security Bulletin: IBM Sterling Transformation Extender vulnerable to multiple issues due to IBM SDK, Java Technology Edition

Summary There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 - Includes Oracle Apr 2022 CPU minus CVE-2022-21426 vulnerability that affect IBM Sterling Transformation Extender. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability i...

5.3CVSS6.3AI score0.03028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.62 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework CVE-2022-22950. This appears in the Java code used by some of our service components. Please read the details for...

6.5CVSS6.8AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.62 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server

Summary The following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2020-4578 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable t...

8.8CVSS9.6AI score0.13227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 3:9 p.m.62 views

Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550

Summary Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550 Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated...

5.9CVSS5.5AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 8:13 p.m.62 views

Security Bulletin: IBM Security Guardium is affected by a postgresql-42.0.0.jar vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By sending...

7.7CVSS7.5AI score0.04094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 10:10 p.m.62 views

Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)

Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.9CVSS6.7AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/19 10:54 p.m.62 views

Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Summary Multiple vulnerabilities in libcurl affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include obtaining sensitive information, man-in-the-middle attacks, denial of service, and bypassing of security restrictions. Vulnerability Details...

9.8CVSS8.2AI score0.3197EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 7:36 p.m.62 views

Security Bulletin: IBM i is vulnerable to denial of service and cache poisoning attacks due to flaws in ISC BIND (CVE-2022-0396, CVE-2021-25220)

Summary ISC BIND on IBM i is vulnerable to a denial of service attack by sending specially created TCP packets and DNS cache poisoning attack by using DNS forwarders as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC BIND with a fix as described in t...

6.8CVSS1.2AI score0.0325EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/07 10:52 a.m.62 views

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.

Summary IBM QRadar Network Security has addressed following vulnerabilities in kernel. Vulnerability Details CVEID: CVE-2017-17807 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by omitting an access-control check when adding a key to...

8.8CVSS0.6AI score0.0415EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/22 12:3 p.m.62 views

Security Bulletin: A vulnerability (CVE-2021-35603) in IBM Java Runtime affects CICS Transaction Gateway

Summary IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-35603 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified...

4.3CVSS1.4AI score0.04104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/28 11:28 a.m.62 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-0778

Summary OpenSSL is used by IBM App Connect Enterprise Certified Container for certificate creation and verification. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service when processing a malicious certificate. This bulletin provides patch information to...

7.5CVSS7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.62 views

Security Bulletin: Vulnerability in SSLv3 affects IBM Security Network Intrusion Prevention System (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacke...

4.3CVSS3.9AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:21 p.m.62 views

Security Bulletin: Network Intrusion Prevention System is affected by multiple Apache web server vulnerabilities (CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231)

Summary Security vulnerabilities have been discovered in the Apache web server component bundled with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-6438 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modda...

6.8CVSS8.2AI score0.85744EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 5:30 a.m.62 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to SQL injection due to Apache Log4j (CVE-2022-23305)

Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JDBCAppender in Apache Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The fix includes Apache Log4j...

9.8CVSS7AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 10:9 p.m.62 views

Security Bulletin: Multiple vulnerabilities in Samba – including Badlock – affect ProtecTIER

Summary Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by ProtecTIER. ProtecTIER has addressed the applicable CVEs including the vulnerability commonly referred to as “Badlock”. Vulnerability Details CVEID: CVE-2016-2118 DESCRIPTION: Samba could allow a remote attacker to...

7.5CVSS7.9AI score0.3693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/01 11:37 a.m.62 views

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-44832)

Summary A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum...

8.5CVSS0.8AI score0.97906EPSS
Exploits9Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 6:38 p.m.62 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-42013)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-42013 Vulnerability Details CVEID: CVE-2021-42013 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system caused by a path traversal vulnerability related to an incomplete fix for...

9.8CVSS1.8AI score0.99992EPSS
Exploits173Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/26 8:58 p.m.62 views

Security Bulletin: Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Desktop

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics Desktop which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

10CVSS1.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 3:4 p.m.62 views

Security Bulletin: Vulnerabilities in Apache Log4j affects SPSS Collaboration and Deployment Services

Summary There are vulnerabilities in the Apache Log4j open source library which is used by SPSS Collaboration and Deployment Services for logging of messages and traces. These issues have been addressed. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a deni...

10CVSS0.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:29 p.m.62 views

Security Bulletin: Apache Log4j vulnerability affects IBM Integrated Analytics System (CVE-2021-44228)

Summary Apache Log4j is used by IBM Integrated Analytics System in the Db2 warehouse container. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.3AI score0.99999EPSS
Exploits351Affected Software1
Total number of security vulnerabilities5000