Lucene search
K
IbmMost viewed

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/02/17 5:1 p.m.61 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)

Summary Multiple vulnerabilities exist in the Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application. The same Apache library is also used by the IBM WebSphere Application Server Liberty for...

9.8CVSS10.1AI score0.99977EPSS
Exploits42Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/17 12:30 p.m.61 views

Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.

Summary Linux Kernel used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-37576. Vulnerability Details CVEID: CVE-2021-37576 DESCRIPTION: Linux Kernel for PowerPC could allow a local authenticated attacker to execute arbitrary code on...

7.8CVSS8.2AI score0.00575EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/25 7:37 a.m.61 views

Security Bulletin: IBM UrbanCode Release is affected by CVE-2020-13935

Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.4 are affected by CVE-2020-13935 Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests...

7.5CVSS7.6AI score0.87553EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 5:9 p.m.61 views

Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker...

10CVSS1.7AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 4:32 p.m.61 views

Security Bulletin: Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix Dynamic Server in Cloud Pak for Data

Summary This Security Alert addresses CVE-2021-44228, a vulnerability in Apache Log4j. Versions Affected: All Apache Log4j2 =2.14.1 on IBM Informix Dynamic Server in Cloud Pak for Data Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 9:16 a.m.61 views

Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to log4j CVE-2021-44228

Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to log4j CVE-2021-44228 Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker...

10CVSS1.1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 12:12 a.m.61 views

Security Bulletin: Log4jShell Vulnerability affects Decision Optimization for Cloud Pak for Data (CVE-2021-44228)

Summary The Apache Log4j vulnerability used by Decision Optimization for Cloud Pak for Data has been addressed. IBM strongly recommends addressing the Log4j vulnerability CVE-2021-44228 now by upgrading. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote...

10CVSS1.3AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 7:48 p.m.61 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component cou...

5.3CVSS6.5AI score0.06886EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.61 views

Security Bulletin: Vulnerability in SSLv3 Affects Power Hardware Management Console (CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-

Summary OpenSSL included in Power Hardware Management Console contains multiple vulnerabilities including POODLE Padding Oracle On Downgraded Legacy Encryption. Vulnerability Details CVE-ID: CVE-2014-3513 Description: OpenSSL is vulnerable to a denial of service, caused by a memory leak in the DT...

7.5CVSS5.5AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 6:3 a.m.61 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2020-13938, CVE-2021-30641, CVE-2021-26690, CVE-2021-26691)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS0.9AI score0.68067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/15 12:14 p.m.61 views

Security Bulletin: UPDATE: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187)

Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is optionally available via the AIX Toolbox for Linux Applications web download: http://www.ibm.com/systems/power/software/aix/linux/ If you have bash...

10CVSS9.3AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/16 7:1 a.m.61 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)

Summary IBM Security Privileged Identity Manager has addressed several security issues as follows. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an...

9.8CVSS8.2AI score0.5063EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/27 4:25 p.m.61 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending...

7.5CVSS8.5AI score0.24622EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 8:36 p.m.61 views

Security Bulletin: A Vulnerability in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement

Summary There is a vulnerabilitiy in IBM® Runtime Environment Java™ Version 6 and IBM® Runtime Environment Java™ Version 8 used by Optim Data Growth, Test Data Management and Application Retirement. This issue was disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Detail...

6.2CVSS0.1AI score0.00754EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/02 1:49 p.m.61 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2.0.x Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins list...

1AI score0.68067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/25 5:34 p.m.61 views

Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS

Summary Multiple vulnerabilities have been found in jQuery, Bootstrap and AngularJS libraries that are used by IBM License Key Server LKS Administration and Reporting Tool ART. Mitigations have been identified and a fix has been published. Vulnerability Details CVEID: CVE-2019-14863 DESCRIPTION:...

7.1CVSS0.4AI score0.99019EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/19 10:6 a.m.61 views

Security Bulletin: IBM Elastic Storage System systems are affected by vulnerabilities in OpenSSL

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509VFLAGX509STRI...

7.4CVSS1.5AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/12 4:9 p.m.61 views

Security Bulletin: Multiple OpenSSL Vulnerabilities Affect IBM Connect:Direct for HP NonStop

Summary IBM Connect:Direct for HP NonStop is affected by OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841. OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this...

7.5CVSS7.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/12 1:59 p.m.61 views

Security Bulletin: A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager.

Summary A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection fla...

7.2CVSS2.5AI score0.2241EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/29 10:27 a.m.61 views

Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2020-14781)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

4.3CVSS2.2AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/20 6:41 a.m.61 views

Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0

Summary This interim fix provides instructions on upgrading third parity libraries in IBM Spectrum Conductor 2.5.0 in order to address security vulnerabilities CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2019-17359, CVE-2019-8331, CVE-2018-1000632, CVE-2018-10237,...

9.8CVSS1.1AI score0.99019EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/18 9:6 p.m.61 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to improper access control (CVE-2020-4485, CVE-2020-4486)

Summary IBM QRadar Wincollect agents could allow authenticated users to bypass restrictions to delete arbitrary files or disable the Wincollect service. Vulnerability Details CVEID: CVE-2020-4485 DESCRIPTION: IBM QRadar could allow an authenticated user to disable the Wincollect service which cou...

8.1CVSS1.2AI score0.01506EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/11 4:57 p.m.61 views

Security Bulletin: Vulnerabilities in OpenSSL affect DataQuant for Workstation (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM DataQuant for Workstation. IBM DataQuant for Workstation has addressed the applicabl...

4.3CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/16 7:51 a.m.61 views

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management Vulnerability Details CVEID: CVE-2020-2968 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to take...

8CVSS6.7AI score0.02031EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/27 7:17 a.m.61 views

Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2020-1927, CVE-2020-1934)

Summary There are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the modrewrite...

6.1CVSS1.3AI score0.56691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/03 8:30 a.m.61 views

Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor

Summary There are three vulnerabilities in Nimbus JOSE+JWT 3.1.2 used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3 have addressed the applicable CVEs...

7.5CVSS1AI score0.01256EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/07 4:23 p.m.61 views

Security Bulletin: IBM Security Information Queue uses components with known vulnerabilities (CVE-2019-8331, CVE-2019-11358)

Summary The IBM Security Information Queue ISIQ web server utilizes a Node.js runtime environment. The environment includes several open source packages with known vulnerabilities. As of ISIQ v1.0.6, the open source packages have been upgraded to the recommended secure versions. Vulnerability...

6.1CVSS0.6AI score0.87218EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/17 5:16 p.m.61 views

Security Bulletin: Security vulnerabilities affect IBM Cloud Object Storage SDK Java (November 2019 Bulletin)

Summary Security vulnerabilities affect IBM Cloud Object Storage SDK Java. These vulnerabilities have been addressed in the latest SDK 2.5.5 release. Vulnerability Details CVEID: CVE-2019-16335 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It ...

9.8CVSS0.5AI score0.10676EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/08 6:55 p.m.61 views

Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision

Summary Multiple vulnerabilities CVE-2019-9516, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-9511, CVE-2019-9513 in nginx Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The...

7.8CVSS0.2AI score0.87806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.61 views

Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948)

Summary The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. Vulnerability Details CVEID: CVE-2019-9947 DESCRIPTION: An issue was discovered in urllib2 in Python 2.x...

9.1CVSS0.9AI score0.11844EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.61 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Netezza Host Management

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability...

10CVSS1.4AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/15 6:53 p.m.61 views

Security Bulletin: Aspera Shares application is affected by multiple NGINX Vulnerabilities (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-13617, CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)

Summary IBM Aspera Shares has addressed the following NGINX vulnerabilities. Vulnerability Details CVEID: CVE-2019-7401 DESCRIPTION: NGINX Unit is vulnerable to a denial of service, caused by a heap-based buffer overflow in the router process. By sending a specially-crafted request, a remote...

9.8CVSS1.3AI score0.47057EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/24 8:50 p.m.61 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Business Intelligence

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence 10.2.2 and 10.2.1.1. IBM Cognos Business Intelligence has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2018...

10CVSS1AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/02 4:35 p.m.61 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2018-17199)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products an...

7.5CVSS0.9AI score0.19994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/30 8:35 a.m.61 views

Security Bulletin: Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details Abstract Security vulnerabilities have been discovered in OpenSSL. Content Vulnerability Details: CVE ID: CVE-2014-0160 Description: OpenSSL could allow a remote attacker to obtain sensitive information, cause...

7.5CVSS0.3AI score0.99999EPSS
Exploits89
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/30 8:20 a.m.61 views

Security Bulletin: Flex System Manager (FSM) Denial of Service (CVE-2011-3188)

Summary Denial of service due to weaknesses in the linux kernel. Vulnerability Details Abstract Denial of service due to weaknesses in the linux kernel. Content Vulnerability Details: CVE ID: CVE-2011-3188 Description: The FSM embedded linux kernel is susceptible to denial of service attacks...

9.1CVSS0.5AI score0.05689EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/16 8:5 p.m.61 views

Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability

Summary Security vulnerability may affect Apache HttpClient used by IBM FileNet Content Manager. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname...

5.8CVSS0.5AI score0.09254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/09 10:10 p.m.61 views

Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only mode. A remote authenticated attacker...

10CVSS0.9AI score0.83645EPSS
Exploits9Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/04 11:10 p.m.61 views

Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114)

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attack...

7.5CVSS1.6AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/17 3:0 p.m.61 views

Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in OpenSSL. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server duri...

7.5CVSS1.1AI score0.49268EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.61 views

Security Bulletin: Multiple Vulnerabilities in Current Release of IBM® SDK for Node.js™

Summary Multiple vulnerabilities in OpenSSL disclosed on August 6, 2014 by the OpenSSL Project, plus a vulnerability in the V8 JavaScript engine Vulnerability Details CVE-ID: CVE-2014-3512 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an internal buffer overrun. A remote...

7.5CVSS1.2AI score0.7408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:36 a.m.61 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-9604 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the built-in keyrings for...

10CVSS1AI score0.14281EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.61 views

Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2015-0240)

Summary A fix is available for IBM Storwize V7000 Unified, for the security issue that an attacker could execute arbitrary code on the system by exploiting a vulnerability in Samba Vulnerability Details CVEID: CVE-2015-0240 DESCRIPTION: Samba is used in IBM Storwize V7000 Unified to enable file...

10CVSS1.2AI score0.87636EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:7 a.m.61 views

Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.

Summary Storage HMC included in releases prior to R7.2 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service memory corruption. Vulnerability Details CVE ID: CVE-2012-2131 CVE-2012-2110...

7.6CVSS0.4AI score0.48298EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.61 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning.

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0076. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is...

7.4CVSS1.2AI score0.99977EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:17 p.m.61 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Enterprise Content Management System Monitor (CVE-2016-6304, CVE-2016-2177)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Enterprise Content Management System Monitor. IBM Enterprise Content Management System Monitor has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304...

9.8CVSS1.1AI score0.63029EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:23 a.m.61 views

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2017-10115, CVE-2017-10116, CVE-2017-10053)

Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecifi...

8.3CVSS0.9AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:18 a.m.61 views

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)

Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat...

9.8CVSS0.6AI score0.90338EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:57 a.m.61 views

Security Bulletin: Rational Directory Server and Rational Directory Administrator can be affected by vulnerabilities (CVE-2014-4263, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119)

Summary This security bulletin is a notice of security vulnerabilities in IBM Runtime Environment, Java Technology Edition and Apache Tomcat server which impacts IBM Rational Directory Server 5.2.x, 5.1.1.x and Rational Directory Administrator 6.x. Vulnerability Details | Subscribe to My...

5CVSS0.4AI score0.2006EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.61 views

Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities

Summary IBM Security Guardium Big Data Intelligence SonarG has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2016-8735 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener...

9.8CVSS1.1AI score0.91354EPSS
Exploits26Affected Software1
Total number of security vulnerabilities5000