Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 6:38 p.m.62 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-42013)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-42013 Vulnerability Details CVEID: CVE-2021-42013 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system caused by a path traversal vulnerability related to an incomplete fix for...

9.8CVSS1.8AI score0.99992EPSS
Exploits173Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/26 8:58 p.m.62 views

Security Bulletin: Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Desktop

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics Desktop which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

10CVSS1.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 3:4 p.m.62 views

Security Bulletin: Vulnerabilities in Apache Log4j affects SPSS Collaboration and Deployment Services

Summary There are vulnerabilities in the Apache Log4j open source library which is used by SPSS Collaboration and Deployment Services for logging of messages and traces. These issues have been addressed. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a deni...

10CVSS0.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:29 p.m.62 views

Security Bulletin: Apache Log4j vulnerability affects IBM Integrated Analytics System (CVE-2021-44228)

Summary Apache Log4j is used by IBM Integrated Analytics System in the Db2 warehouse container. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.3AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/06 10:35 a.m.62 views

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs. Vulnerability Details CVEID: CVE-2021-3772 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper validation of integrity check value by the Linux SCTP stack...

6.5CVSS6.4AI score0.0124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/11 6:12 p.m.62 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2021-20227 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a use-after-free flaw in the SELECT query function in src/select.c. By sending a specially-crafted request, a...

8.8CVSS10AI score0.78684EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/27 5:6 p.m.62 views

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...

5.9CVSS1.2AI score0.03125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 4:56 p.m.62 views

Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover

Summary Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover Vulnerability Details CVEID: CVE-2020-8566 DESCRIPTION:...

8.8CVSS8.1AI score0.0642EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.62 views

Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology July 2018 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational...

10CVSS0.3AI score0.26335EPSS
Exploits1Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/23 6:40 a.m.62 views

Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.8 and V5.1.0.9

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Application Discovery and Delivery Intelligence V5.1.0.8 and V5.1.0.9 respectively. These issues were disclosed as part of the IBM Java SDK updates in October 2020. Vulnerability...

4.3CVSS1.3AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/20 11:30 p.m.62 views

Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server

Summary Multiple vulnerabilities in IBM Db2 and IBM Runtime Environment Java affect the IBM Spectrum Protect Server. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in January, April, and July 2020. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendo...

8.4CVSS0.8AI score0.96121EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/02 8:22 p.m.62 views

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details: CVE-ID: CVE-2013-2207 Description: The GNU C Library...

10CVSS1.1AI score0.50129EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.62 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2107 DESCRIPTION: OpenSSL could allow a...

8.2CVSS1.4AI score0.89058EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 10:52 p.m.62 views

Security Bulletin: WML CE: WML CE: SQLite through 3.32.0 has various security issues.

Summary TensorFlow in WML CE uses SQLite as its embedded SQL database engine. SQLite through 3.32.0 has various security issues. Vulnerability Details CVEID: CVE-2020-13631 DESCRIPTION: SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw in the alter.c and...

7CVSS0.9AI score0.0103EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 1:53 p.m.62 views

Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root...

9.8CVSS0.9AI score0.9857EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.62 views

Security Bulletin: A vulnerability in IBM Java SDK affects WebSphere Cast Iron (CVE-2017-3511)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 SR9 FP60 and Version 6 SR16 FP35 used by WebSphere Cast Iron. This issue was disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details CVEID: CVE-2017-3511 DESCRIPTION: An unspecified...

7.7CVSS0.9AI score0.00759EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/10 7:56 p.m.62 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018 Vulnerability Details CVEID: CVE-2018-2579 DESCRIPTION: An unspecified...

8.3CVSS1.1AI score0.06905EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/30 9:15 p.m.62 views

Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance

Summary Multiple Security vulnerabilities have been fixed and delivered in IBM Security Access Manager Appliance. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused ...

10CVSS0.8AI score0.98745EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/21 8:5 p.m.62 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance

Summary Multiple Security vulnerabilities have been fixed in the 9.0.7 IBM Security Access Manager ISAM appliance. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious...

9.8CVSS0.6AI score0.61566EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:45 a.m.62 views

Security Bulletin: GNU C library (glibc) vulnerability affects the Intel MPSS for use on the Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A and Intel Xeon Phi 7120P PCI-Express add-in cards sold by IBM/Lenovo

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects the Intel Manycore Platform Software Stack for use on the Intel Xeon Phi PCI-Express add-in cards. The Intel Manycore Platform Software Stack is available for free on Intel's website. This is not something...

10CVSS0.5AI score0.94859EPSS
Exploits29
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/21 3:35 p.m.62 views

Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities

Summary IBM MessageSight has addressed the following Java vulnerabilities: CVE-2018-3183: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Scripting CVE-2018-3169: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE...

9CVSS0.7AI score0.07215EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/26 9:15 p.m.62 views

Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow

Summary PowerKVM is affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. Note that, although the CVE descriptions do not reference POWER, POWER CPUs are afftected. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU''s could allow a...

5.6CVSS6.5AI score0.05577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 4:23 a.m.62 views

Security Bulletin:: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.10, used by IBM Host On-Demand. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details CVEID: CVE-2018-2677 DESCRIPTION: An unspecified vulnerability in Oracl...

8.3CVSS1.2AI score0.0565EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/23 2:53 a.m.62 views

Security Bulletin: WebSphere Process Server Hypervisor Edition Bash vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary WebSphere Process Server Hypervisor Edition might be vulnerable to CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278 shellshock vulnerabilities in bash delivered by UNIX-based platforms. Vulnerability Details CVE-ID: CVE-2014-6271 DESCRIPTION: GNU...

10CVSS1.7AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.62 views

Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities

Summary Multiple security vulnerabilities have been identified in bash that is embedded in IBM FSM. This bulletin addresses these issues. Vulnerability Details CVEID: CVE-2014-6277 DESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete...

10CVSS1.5AI score0.99621EPSS
Exploits36Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:46 p.m.62 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID: CVE-2017-10125 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment...

9.8CVSS0.8AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:31 p.m.62 views

Security Bulletin: Potential Security Vulnerability With Maximo Asset Management

Summary Smarter Infrastructure Products - Potential cross-site scripting vulnerability when using Maximo Asset Management and SmartCloud Control Desk products. Vulnerability Details CVE IDs: CVE-2013-5402 DESCRIPTION: CVE ID| DESCRIPTION ---|--- CVE-2013-5402 CVSS Base Score: 3.5 CVSS Temporal...

6.4CVSS7.8AI score0.03932EPSS
Exploits0Affected Software12
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:23 a.m.62 views

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)

Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-12617 DESCRIPTION...

8.1CVSS0.9AI score0.99988EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:17 a.m.62 views

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

10CVSS1.1AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:17 a.m.62 views

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence RRDI. RRDI has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a...

10CVSS0.9AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:40 a.m.62 views

Security Bulletin: IBM Rational ClearQuest security vulnerability fixes for CVE-2012-2203

Summary IBM Rational ClearQuest uses the IBM GSKit component to establish SSL connections to an LDAP directory server for LDAP authentication. ClearQuest 7.1.2.8 and 8.0.0.4 install updated versions of GSKit which contain corrections for security vulnerability CVE-2012-2203 Vulnerability Details ...

7.5CVSS0.2AI score0.01576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:3 p.m.62 views

Security Bulletin: IBM Security Access Manager Appliance is affected by a kernel vulnerability (CVE-2016-10229)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2016-10229 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets...

10CVSS3.1AI score0.12791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:9 p.m.62 views

Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2017-5638)

Summary IBM Sterling Order Management use Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error wh...

10CVSS1AI score0.99999EPSS
Exploits44Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:48 p.m.61 views

Security Bulletin: Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527

Summary IBM customers who use the IBM 4769 Developer's Toolkit to create custom firmware images may be affected by one or more vulnerabilities that were announced against the Linux kernel. Vulnerability Details CVEID:CVE-2019-20811 DESCRIPTION: Linux Kernel could provide weaker than expected...

7.8CVSS6.8AI score0.03784EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/20 9:21 a.m.61 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish) [CVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617].

Summary The OpenSSH package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617. Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a...

9.8CVSS8.9AI score0.9378EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:13 a.m.61 views

Security Bulletin: Apache Log4j vulnerability (CVE-2021-4422) addressed in IBM Watson Machine Learning Accelerator

Summary Apache Log4j, which is used by and included with IBM Watson Machine Learning Accelerator , contains security vulnerability issue CVE-2021-44228. This bulletin provides mitigations for the Log4Shell vulnaribility CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning...

10CVSS8.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:49 a.m.61 views

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9

Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...

9.8CVSS10AI score0.43346EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:4 a.m.61 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.15014EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:34 a.m.61 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2022-22307 DESCRIPTION: IBM Security Guardium could allow a local user to obtain elevated privileges due to incorrect authorization checks. CVSS Base score: 4.4 CVSS Temporal Score: See:...

9.8CVSS9.3AI score0.11334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.61 views

Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.1CVSS6.5AI score0.04134EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 5:24 p.m.61 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (3)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediatio...

7.8CVSS8.7AI score0.00655EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:59 p.m.61 views

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

9CVSS9.9AI score0.53861EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/02 12:46 p.m.61 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX...

9.8CVSS9.8AI score0.98518EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 7:27 p.m.61 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.27392EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 8:27 p.m.61 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based...

9.8CVSS10AI score0.99615EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:59 p.m.61 views

Security Bulletin: Vulnerability in PyArrow affects IBM Process Mining CVE-2023-47248

Summary There is a vulnerability in PyArrow that could allow an attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION:...

9.8CVSS9.7AI score0.14414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 1:44 p.m.61 views

Security Bulletin: IBM Financial Transaction Manager v3.2.x is vulnerable to XML External Entity Injection (XXE)

Summary An XML External Entity Injection XXE vulnerability in Java based XML parsers within IBM Financial Transaction Manager was addressed. Vulnerability Details CVEID:CVE-2023-35892 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity...

9.1CVSS8AI score0.00816EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 8:27 a.m.61 views

Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing

Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

6.5CVSS7.1AI score0.44515EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 8:8 p.m.61 views

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID:CVE-2023-28320 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a race condition flaw in the siglongjmp function. By sending a specially crafted request, a remote attacker...

7.5CVSS7.7AI score0.02658EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:23 p.m.61 views

Security Bulletin: CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Standard 11.1

Summary CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Standard 11.1. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerable...

9.8CVSS9.4AI score0.01837EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000