Lucene search
K
IbmMost viewed

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/16 1:36 p.m.•63 views

Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM DB2 LUW. IBM DB2 LUW has addressed the applicable CVEs. Vulnerability Details CVEID:...

4.3CVSS1AI score0.98685EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/15 7:9 a.m.•63 views

Security Bulletin: IBM API Connect is affected by an Apache HTTP Server vulnerability (CVE-2014-0226)

Summary IBM API Connect has addressed the following vulnerability. Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by a race condition in the modstatus module when handling the scoreboard. By sending a specially-crafted request, a remote attacker could overflow a buffer a...

6.8CVSS7.6AI score0.85744EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/15 7:6 a.m.•63 views

Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time

Summary Java SE issues disclosed in the Oracle January 2017 Critical Patch Update Vulnerability Details CVE IDs: CVE-2017-3289 CVE-2017-3272 CVE-2017-3241 CVE-2016-5546 CVE-2017-3253 CVE-2016-5548 CVE-2016-5549 CVE-2017-3252 CVE-2016-5547 CVE-2016-5552 CVE-2017-3261 CVE-2017-3231 CVE-2017-3259...

9.6CVSS0.8AI score0.95707EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/07/15 4:38 p.m.•62 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.3. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP5 where applicable. Multiple Cross-Site Request Forgery vulnerabilities have been addressed CVE-2020-4301, CVE-2021-20468...

9.8CVSS10AI score0.32386EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 4:11 a.m.•62 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-10977 DESCRIPTION: PostgreSQL could provide weaker than expected security,...

9.5CVSS9.7AI score0.78198EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:52 a.m.•62 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Java, Go, Python, OpenSSL and Node.js Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused b...

9.8CVSS9.8AI score0.03872EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/10/31 4:25 p.m.•62 views

Security Bulletin: Denial of service, DNS poisoning, and information disclosure might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in denial of service, DNS poisoning, and information disclosure. The vulnerabilities have been addressed. CVE-2024-34447, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2024-45296, CVE-2023-44487, CVE-2024-29857...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/17 2:49 p.m.•62 views

Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)

Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...

7.5CVSS7.8AI score0.02945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/31 10:42 a.m.•62 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

7CVSS7.2AI score0.0138EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 7:59 p.m.•62 views

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

9CVSS9.9AI score0.53861EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/05 11:18 a.m.•62 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-24549, CVE-2024-23672)

Summary IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper...

7.5CVSS7AI score0.23072EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/25 5:51 p.m.•62 views

Security Bulletin: Multiple vulnerabilities in IBM's Common Cryptographic Architecture (CCA). CVE-2023-33855, CVE-2023-47150

Summary IBM Common Cryptographic Architecture CCA is used to interface with the IBM Hardware Security Module HSM. CCA could allow a remote user to cause a denial of service attack CVE-2023-47150 or to obtain sensitive information CVE-2023-33855 as described in the vulnerability details section. I...

7.5CVSS5.7AI score0.00648EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/15 6:4 p.m.•62 views

Security Bulletin: Potential vulnerability in Eclipse Jetty used by Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2023-36479)

Summary Eclipse Jetty in Apache Solr could provide weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...

3.5CVSS4.8AI score0.01006EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/13 10:19 a.m.•62 views

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM TXSeries for Multiplatforms is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

Summary IBM WebSphere Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams i...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/01 3:22 p.m.•62 views

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service attacks due to multiple vulnerabilities.

Summary IBM i Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to denial of service attacks due to errors exploitable by remote attacker as described in the vulnerability details section CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50868. This bulletin...

7.5CVSS7.8AI score0.81729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/01/31 7:31 p.m.•62 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By...

7.5CVSS8.6AI score0.01772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/21 4:40 p.m.•62 views

Security Bulletin: IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J (CVE-2022-45787)

Summary IBM Sterling B2B Integrator uses Apache James MIME4J. Vulnerability Details CVEID: CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

5.5CVSS6.1AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/15 2:47 p.m.•62 views

Security Bulletin: Security Vulnerabilities in redisson package affect IBM Voice Gateway

Summary Security Vulnerabilities in redisson package affect the SMS Gateway component of IBM Voice Gateway Vulnerability Details CVEID: CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuadi...

9.6CVSS7.9AI score0.01036EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/26 8:49 p.m.•62 views

Security Bulletin: There is a vulnerability in netty used by IBM Maximo Asset Management (CVE-2023-34462)

Summary There is a vulnerability in netty used by IBM Maximo Asset Management CVE-2023-34462. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the...

6.5CVSS7.1AI score0.02459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/12 5:10 p.m.•62 views

Security Bulletin: IBM Aspera Faspex has addressed an IP address restriction bypass vulnerability

Summary IBM Aspera Faspex could allow a malicious actor to bypass the whitelist IP check at user log in. This is not an unauthorized user access exploit. Vulnerability Details CVEID:CVE-2023-30995 DESCRIPTION: IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor...

7.5CVSS7.5AI score0.00762EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/29 6:56 p.m.•62 views

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

10CVSS9.7AI score0.99615EPSS
Exploits61Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/27 11:7 a.m.•62 views

Security Bulletin: Vulnerability of jython-standalone-2.7.0.jar have affected APM WebSphere Application Server Agent and APM Tomcat Agent

Summary APM WebSphere Application Server Agent and APM Tomcat Agent are vulnerable to jython-standalone-2.7.0.jar CVE-2013-2027. The workaround includes jython-standalone-2.7.0.jar upgraded to jython-standalone-2.7.3.jar. Vulnerability Details CVEID:CVE-2013-2027 DESCRIPTION: Jython could allow a...

4.6CVSS9.4AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/30 10:40 a.m.•62 views

Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2022-41404 found in ini4j-0.5.1.jar

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following ini4j-0.5.1.jar vulnerability and updated ini4j.jar from version 0.5.1 to 0.5.4 Vulnerability Details CVEID:CVE-2022-41404 DESCRIPTION: ini4j is vulnerable to a denial of...

7.5CVSS7.3AI score0.01325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/15 6:49 p.m.•62 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2020-25864 DESCRIPTION: HashiCorp Consul is vulnerable to cross-site scripting, caused by improper validation of user-supplied input of the key-value store by the KV API. A remote attacker cou...

7.5CVSS8.7AI score0.08912EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/09 1:37 p.m.•62 views

Security Bulletin: CVE-2023-24536, CVE-2023-24537 and CVE-2023-24534 may affect IBM CICS TX Standard

Summary CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24536 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw during multipart form parsing. By...

7.5CVSS8.8AI score0.01888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/05 12:39 p.m.•62 views

Security Bulletin: CVE-2023-24998 may affect IBM CICS TX Standard

Summary CVE-2023-24998 may affect IBM WebSphere Application Server Liberty supplied with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service,...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/27 3:23 p.m.•62 views

Security Bulletin:Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to CVE-2023-30441

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM...

7.5CVSS7.5AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/24 7:39 a.m.•62 views

Security Bulletin: Vulnerability in Apache Commons FileUpload (CVE-2023-24998) affects Power HMC

Summary Apache Commons FileUpload is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request...

7.5CVSS7.5AI score0.46836EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/17 1:11 p.m.•62 views

Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)

Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/14 2:32 p.m.•62 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600)

Summary IBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following CVE. Vulnerability Details Summary IBM Flex System FC43171 8Gb SAN Switch and...

8.5CVSS5.3AI score0.09302EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/13 5:42 p.m.•62 views

Security Bulletin: IBM i DNS is affected by denial of service attacks due to flaws in ISC BIND (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).

Summary The IBM i DNS Server implementation uses ISC BIND. ISC BIND is vulnerable to denial of service attacks due to allocating memory before checking access permissions and flaws in the implementation of the stale-answer-client-timeout option as described in the vulnerability details section. I...

7.5CVSS7.6AI score0.5017EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/03 5:3 p.m.•62 views

Security Bulletin: Netty Vulnerabilites 4.0.37

Summary Netty could provide various potential exploitable entry points including weaker than expected security, netty-codec is vulnerable to a denial of service, and HTTP request smuggling Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, cause...

9.1CVSS8.2AI score0.18891EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/02 3:29 p.m.•62 views

Security Bulletin: Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty (CVE-2022-41881 and CVE-2022-41915)

Summary Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty with details below. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...

7.5CVSS7.1AI score0.01466EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/28 1:48 a.m.•62 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors. IBM b-type SAN firmware has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3193DESCRIPTION: OpenSSL could allow a remote...

7.5CVSS7.2AI score0.44016EPSS
Exploits1Affected Software7
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/27 3:9 p.m.•62 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 allowing unauthorized access of unauthenticated attacker with...

6.5CVSS6AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/24 1:19 p.m.•62 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of JSON Web Token. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 5:45 p.m.•62 views

Security Bulletin: IBM Aspera Orchestrator was vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-22720)

Summary Aspera Ochestrator has addressed the following vulnerability that has been remediated in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-22720 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection whe...

9.8CVSS9.2AI score0.28189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 5:18 p.m.•62 views

Security Bulletin: IBM Aspera Orchestrator vulnerable to server-side request forgery due to Apache HTTP Server vulnerability (CVE-2021-40438)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remo...

9CVSS9.1AI score0.99999EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:34 p.m.•62 views

Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in jackson-databind that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...

7.5CVSS7.7AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/30 5:29 p.m.•62 views

Security Bulletin: IBM Sterling Transformation Extender vulnerable to multiple issues due to IBM SDK, Java Technology Edition

Summary There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 - Includes Oracle Apr 2022 CPU minus CVE-2022-21426 vulnerability that affect IBM Sterling Transformation Extender. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability i...

5.3CVSS6.3AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/12 9:59 p.m.•62 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework CVE-2022-22950. This appears in the Java code used by some of our service components. Please read the details for...

6.5CVSS6.8AI score0.35834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 3:9 p.m.•62 views

Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550

Summary Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550 Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated...

5.9CVSS5.5AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/08 8:13 p.m.•62 views

Security Bulletin: IBM Security Guardium is affected by a postgresql-42.0.0.jar vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By sending...

7.7CVSS7.5AI score0.04094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/21 10:10 p.m.•62 views

Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)

Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.9CVSS6.7AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/19 10:54 p.m.•62 views

Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Summary Multiple vulnerabilities in libcurl affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include obtaining sensitive information, man-in-the-middle attacks, denial of service, and bypassing of security restrictions. Vulnerability Details...

9.8CVSS8.2AI score0.3197EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/13 7:36 p.m.•62 views

Security Bulletin: IBM i is vulnerable to denial of service and cache poisoning attacks due to flaws in ISC BIND (CVE-2022-0396, CVE-2021-25220)

Summary ISC BIND on IBM i is vulnerable to a denial of service attack by sending specially created TCP packets and DNS cache poisoning attack by using DNS forwarders as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC BIND with a fix as described in t...

6.8CVSS1.2AI score0.0325EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/07 10:52 a.m.•62 views

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.

Summary IBM QRadar Network Security has addressed following vulnerabilities in kernel. Vulnerability Details CVEID: CVE-2017-17807 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by omitting an access-control check when adding a key to...

8.8CVSS0.6AI score0.0415EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/22 12:3 p.m.•62 views

Security Bulletin: A vulnerability (CVE-2021-35603) in IBM Java Runtime affects CICS Transaction Gateway

Summary IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-35603 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified...

4.3CVSS1.4AI score0.04104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/28 11:28 a.m.•62 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-0778

Summary OpenSSL is used by IBM App Connect Enterprise Certified Container for certificate creation and verification. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service when processing a malicious certificate. This bulletin provides patch information to...

7.5CVSS7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/23 7:48 p.m.•62 views

Security Bulletin: Vulnerability in SSLv3 affects IBM Security Network Intrusion Prevention System (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacke...

4.3CVSS3.9AI score0.99999EPSS
Exploits7Affected Software1
Total number of security vulnerabilities5000