Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.62 views

Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities

Summary Multiple security vulnerabilities have been identified in bash that is embedded in IBM FSM. This bulletin addresses these issues. Vulnerability Details CVEID: CVE-2014-6277 DESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete...

10CVSS1.5AI score0.99621EPSS
Exploits36Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:46 p.m.62 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID: CVE-2017-10125 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment...

9.8CVSS0.8AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:31 p.m.62 views

Security Bulletin: Potential Security Vulnerability With Maximo Asset Management

Summary Smarter Infrastructure Products - Potential cross-site scripting vulnerability when using Maximo Asset Management and SmartCloud Control Desk products. Vulnerability Details CVE IDs: CVE-2013-5402 DESCRIPTION: CVE ID| DESCRIPTION ---|--- CVE-2013-5402 CVSS Base Score: 3.5 CVSS Temporal...

6.4CVSS7.8AI score0.03932EPSS
Exploits0Affected Software12
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:17 a.m.62 views

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

10CVSS1.1AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:40 a.m.62 views

Security Bulletin: IBM Rational ClearQuest security vulnerability fixes for CVE-2012-2203

Summary IBM Rational ClearQuest uses the IBM GSKit component to establish SSL connections to an LDAP directory server for LDAP authentication. ClearQuest 7.1.2.8 and 8.0.0.4 install updated versions of GSKit which contain corrections for security vulnerability CVE-2012-2203 Vulnerability Details ...

7.5CVSS0.2AI score0.01576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:3 p.m.62 views

Security Bulletin: IBM Security Access Manager Appliance is affected by a kernel vulnerability (CVE-2016-10229)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2016-10229 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets...

10CVSS3.1AI score0.12791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:9 p.m.62 views

Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2017-5638)

Summary IBM Sterling Order Management use Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error wh...

10CVSS1AI score0.99999EPSS
Exploits44Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:58 p.m.62 views

Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Smart Analytics System 5600. Vulnerability Details CVE-ID:...

10CVSS1.7AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:48 p.m.61 views

Security Bulletin: Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527

Summary IBM customers who use the IBM 4769 Developer's Toolkit to create custom firmware images may be affected by one or more vulnerabilities that were announced against the Linux kernel. Vulnerability Details CVEID:CVE-2019-20811 DESCRIPTION: Linux Kernel could provide weaker than expected...

7.8CVSS6.8AI score0.03784EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:13 a.m.61 views

Security Bulletin: Apache Log4j vulnerability (CVE-2021-4422) addressed in IBM Watson Machine Learning Accelerator

Summary Apache Log4j, which is used by and included with IBM Watson Machine Learning Accelerator , contains security vulnerability issue CVE-2021-44228. This bulletin provides mitigations for the Log4Shell vulnaribility CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning...

10CVSS8.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:49 a.m.61 views

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9

Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...

9.8CVSS10AI score0.43346EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:4 a.m.61 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.15014EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:34 a.m.61 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2022-22307 DESCRIPTION: IBM Security Guardium could allow a local user to obtain elevated privileges due to incorrect authorization checks. CVSS Base score: 4.4 CVSS Temporal Score: See:...

9.8CVSS9.3AI score0.11334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 9:9 p.m.61 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

8.1CVSS9.6AI score0.99999EPSS
Exploits23Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.61 views

Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.1CVSS6.5AI score0.04134EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:12 a.m.61 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.1CVSS9.7AI score0.60122EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:49 a.m.61 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site...

7.5CVSS8.6AI score0.03397EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 3:9 p.m.61 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...

8.8CVSS7.4AI score0.01433EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/02 12:46 p.m.61 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX...

9.8CVSS9.8AI score0.98518EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 10:39 a.m.61 views

Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483

Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-29483...

7CVSS7.2AI score0.01857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 6:38 a.m.61 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been address...

7.5CVSS8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 4:13 p.m.61 views

Security Bulletin: Axios is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Axios which is vulnerable to CVE-2023-45857. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 8:27 p.m.61 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based...

9.8CVSS10AI score0.99615EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:55 p.m.61 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)

Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

9.8CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 1:44 p.m.61 views

Security Bulletin: IBM Financial Transaction Manager v3.2.x is vulnerable to XML External Entity Injection (XXE)

Summary An XML External Entity Injection XXE vulnerability in Java based XML parsers within IBM Financial Transaction Manager was addressed. Vulnerability Details CVEID:CVE-2023-35892 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity...

9.1CVSS8AI score0.00816EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 8:27 a.m.61 views

Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing

Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

6.5CVSS7.1AI score0.44515EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 6:42 a.m.61 views

Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...

7.8CVSS7.7AI score0.00375EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/08 10:22 p.m.61 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.12 and earlier

Summary This fix upgrades to node 18.16.1. Vulnerability Details CVEID:CVE-2023-30584 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could...

7.7CVSS7.8AI score0.03906EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/04 3:19 p.m.61 views

Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query

Summary IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted...

7.5CVSS6.8AI score0.01141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 7:57 p.m.62 views

Security Bulletin: IBM TRIRIGA Application Platform is vulneraible to multiple vunerabilities [CVE-2016-0003], [CVE-2016-1000031] and [CVE-2016-0248]

Summary IBM TRIRIGA Application Platform updated the apache commons open source to latest version to fix the fulnerabilities in CVE-2016-0003, CVE-2016-1000031 and CVE-2016-0248. Vulnerability Details CVEID:CVE-2016-0003 DESCRIPTION: Microsoft Edge could allow a remote attacker to execute arbitra...

9.8CVSS8.1AI score0.39413EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 3:29 p.m.61 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)

Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to t...

5.5CVSS5.5AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 8:58 p.m.61 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple OpenSSl denial of service vulnerabilities.

Summary Potential multiple OpenSSl denial of service vulnerabilities has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to...

7.5CVSS7.9AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/09 1:41 p.m.61 views

Security Bulletin: CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced

Summary CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24536 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw during multipart form parsing. By...

7.5CVSS8.8AI score0.01888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 8:56 p.m.61 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in F5 NGINX

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of F5 NGINX . Vulnerability Details CVEID:CVE-2022-41743 DESCRIPTION: F5 NGINX products are vulnerable to a denial of service, caused by a flaw in the ngxhttphlsmodule module. By using a...

7.8CVSS6.9AI score0.00756EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/11 5:14 p.m.61 views

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting...

5.3CVSS6AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 1:48 p.m.61 views

Security Bulletin: Vulnerability in Apache Kafka may affect IBM Business Automation Workflow - CVE-2023-25194

Summary IBM Business Automation Workflow packages a copy Apache Kafka client library. A security vulnerability has been reported for the same version of Apache Kafka. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute...

8.8CVSS8.9AI score0.95302EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/23 8:19 p.m.61 views

Security Bulletin: Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remo...

10CVSS9.7AI score0.59501EPSS
Exploits45Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.61 views

Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Mozilla Network Security Services NSS to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-2834, CVE-2016-5285, and CVE-2016-8635 could allow a remote attacker to execute arbitrary code, to recov...

9.3CVSS9AI score0.0338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.61 views

Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 ( CVE-2016-0705, CVE-2016-0797 )

Summary There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to corrupt memory and/or cause a denial of service. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION:...

10CVSS8.2AI score0.27022EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 11:24 a.m.61 views

Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to PostgreSQL

Summary IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to vulnerabilities in PostgreSQL JAR CVE-2022-26520, CVE-2022-21724, CVE-2020-13692, CVE-2022-31197, 220313. The fix involves upgrading the PostgreSQL JAR t...

9.8CVSS9AI score0.04094EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.61 views

Security Bulletin: Vulnerabilites CVE-2018-25031 and CVE-2021-46708 in WebSphere Application Server Liberty affect IBM CICS TX Standard

Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console and to provide web services support. The fix removes vulnerabilities CVE-2018-25031 that allows a remote attacker to conduct spoofing attacks and CVE-2021-46708 that allows a...

6.1CVSS5.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/13 5:14 a.m.61 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system

Summary IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequence...

5.8CVSS6.6AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 12:36 p.m.61 views

Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-31744)

Summary IBM MQ Appliance has resolved a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2022-31774 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This...

6.5CVSS6.9AI score0.0058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.61 views

Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)

Summary A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2019-20916. Please see the details below on how to remediate this issue. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker ...

7.5CVSS7.4AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.61 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-29736 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to...

8.8CVSS8AI score0.52331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 1:44 p.m.61 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-24999

Summary Node.js module qs is used by IBM App Connect Enterprise Certified Container for parsing query parameters on URLS. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

7.5CVSS8.2AI score0.14663EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 8:55 a.m.61 views

Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]

Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...

9.8CVSS10AI score0.99931EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/10 12:6 p.m.61 views

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.

Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The...

5.5CVSS6.6AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.61 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to April 2022 CPU (minus CVE-2022-21426)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.3CVSS6.7AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/30 9:33 p.m.61 views

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2022-21496)

Summary IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat CVE-2022-21496 due to the use of IBM® SDK Java™ Technology Edition, Version 8. The SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud Tiering...

5.3CVSS6.5AI score0.02805EPSS
Exploits0Affected Software5
Total number of security vulnerabilities5000