Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 2:5 a.m.60 views

Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

Summary IBM Aspera Faspex may be vulnerable to exposing data improperly CVE-2022-22497 due to an incorrectly computed security token. Vulnerability Details CVEID:CVE-2022-2497 DESCRIPTION: GitLab Community Edition and GitLab Enterprise Edition could allow a remote authenticated attacker to obtain...

8.5CVSS7.1AI score0.01105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:12 a.m.60 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.1CVSS9.7AI score0.60122EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 5:24 p.m.60 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (3)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediatio...

7.8CVSS8.7AI score0.00655EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 6:5 p.m.60 views

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd

Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details CVEID:CVE-2023-26604 DESCRIPTION: systemd could allow a local authenticated attacker to gain elevated privileges on the...

7.8CVSS8.9AI score0.01051EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:49 a.m.60 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site...

7.5CVSS8.6AI score0.03397EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 3:9 p.m.60 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...

8.8CVSS7.4AI score0.01433EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:28 p.m.60 views

Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...

5.9CVSS6.5AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/04 6:58 p.m.60 views

Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...

7.5CVSS8AI score0.00937EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 12:11 p.m.60 views

Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input...

6.5CVSS6.6AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:56 p.m.60 views

Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details CVEID:CVE-2024-11...

7.5CVSS7.6AI score0.76875EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/01 9:46 p.m.60 views

Security Bulletin: IBM Controller has addressed multiple vulnerabilities

Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details CVEID:CVE-2023-40695 DESCRIPTION: IBM Cognos Controller...

9.8CVSS9.8AI score0.28839EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/26 7:52 p.m.60 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2023-6237 and CVE-2024-0727)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

5.9CVSS6.1AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 10:39 a.m.60 views

Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483

Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-29483...

7CVSS7.2AI score0.01857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 6:38 a.m.60 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been address...

7.5CVSS8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 2:3 a.m.60 views

Security Bulletin: IBM Spectrum Conductor provides upgraded software packages to address known CVEs

IBM Spectrum Conductor 2.5.1 Fix 601861 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601861. IBM Spectrum Conductor 2.5.1 Fix 601861 is a security fix that provides upgraded versions of software packages included with IBM Spectru...

8.1CVSS7.2AI score0.44515EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:55 p.m.60 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)

Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

9.8CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/18 12:4 p.m.60 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

5.3CVSS6.1AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 5:48 p.m.60 views

Security Bulletin: IBM Security Verify Access is vulnerable to Rapid Reset attacks if HTTP2 is enabled (CVE-2023-44487)

Summary The Webseal component of IBM Security Verify Access product is vulnerable to CVE-2023-44487, a flaw in handling multiplexed streams in the HTTP/2 protocol. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 3:21 p.m.60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain...

9.8CVSS9.1AI score0.64509EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/30 8:55 p.m.60 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719, CVE-2023-38740, CVE-2023-30991, CVE-2023-38720,...

9.8CVSS7.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 8:27 a.m.60 views

Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing

Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

6.5CVSS7.1AI score0.44515EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/08 8:47 a.m.60 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to Engine.IO denial of service (CVE-2023-31125)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a denial of service of Engine.IO with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-31125 DESCRIPTION: Engine.IO is vulnerable to a denial of service, caused by an uncaught...

6.5CVSS6.5AI score0.01327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 6:42 a.m.60 views

Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...

7.8CVSS7.7AI score0.00375EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 9:43 a.m.60 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js

Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....

7.5CVSS8.1AI score0.03906EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 1:29 p.m.60 views

Security Bulletin: CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced

Summary CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel ...

7.5CVSS7.3AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:3 p.m.60 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

8.1CVSS7.4AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/19 8:19 a.m.60 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd

Summary Multiple issues were identified in Red Hat UBI packages Kubernetes, curl, systemd that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...

8.2CVSS7.2AI score0.02511EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/13 6:26 p.m.60 views

Security Bulletin: IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability...

7.5CVSS7.8AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 6:12 a.m.60 views

Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center (CVE-2023-29257, CVE-2023-29255, CVE-2023-27555, CVE-2023-26021, CVE-2023-25930, CVE-2023-26022, CV)

Summary IBM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11....

7.5CVSS7.4AI score0.01513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/22 11:42 p.m.60 views

Security Bulletin: Vulnerabilities in Python may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python. Vulnerabilities include denial of service on the system and obtaining sensitive information as described by the CVEs in the "Vulnerability Details" section...

7.5CVSS8AI score0.03213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 6:49 p.m.60 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2020-25864 DESCRIPTION: HashiCorp Consul is vulnerable to cross-site scripting, caused by improper validation of user-supplied input of the key-value store by the KV API. A remote attacker cou...

7.5CVSS8.7AI score0.08519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 2:12 p.m.60 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. This has been addressed in the remediation section. Vulnerability Detail...

5.3CVSS4.9AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/19 3:11 p.m.60 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP response splitting attacks due to a use of malicious backend and a denial of service attack due to an out-of-bounds read or write as described in the vulnerability details section. IBM i has addressed the CVEs by providing...

7.5CVSS7.9AI score0.57941EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.60 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Management Module (IMM) for System x & BladeCenter

Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in OpenSSH. Vulnerability...

7.8CVSS7.4AI score0.58568EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 3:15 p.m.60 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Go, Java and Node.js Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable...

7.5CVSS7.8AI score0.04888EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 10:16 p.m.60 views

Security Bulletin: IBM MQ is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)

Summary IBM MQ Managed File Transfer is affected by a vulnerability in Apache Commons Net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusting the host from PASV...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 6:30 a.m.60 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001 Vulnerability Details Refer to the...

9.8CVSS8AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.60 views

Security Bulletin:A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem models 840 and 900 (CVE-2015-3238)

Summary There is a vulnerability in Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability...

6.5CVSS6.8AI score0.02705EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.60 views

Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in GNU Bash to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2016-0634, CVE-2016-7543, CVE-2016-9401 could make the system susceptible to an attack which could allow an attacker to execute arbitrary co...

8.4CVSS7.8AI score0.06019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 8:51 p.m.60 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details CVEID:CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacke...

8.3CVSS7.3AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 9:0 p.m.60 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Oracle® MySQL

Summary IBM Security Guardium has addressed these vulnerabilities by updating the affected component. Vulnerability Details CVEID:CVE-2022-21538 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Encryption component could allow an authenticated...

6.5CVSS6.8AI score0.50698EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 4:0 p.m.60 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of...

9.8CVSS8.8AI score0.95764EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.60 views

Security Bulletin: Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary Several vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see the vulnerability details and apply the suggested remediation/Fixes listed below. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in...

9.8CVSS8.8AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 3:17 p.m.60 views

Security Bulletin: ITNM is vulnerable to redirect vulnerabilities due to use of nitely/spirit libraries prior to 0.12.3 (CVE-2022-0869)

Summary Vulnerability CVE-2022-0869 found related to Spirit libraries used in IBM Tivoli Network Manager ITNM IP Edition. The fix contains the removal of vulnerable libraries. Vulnerability Details CVEID:CVE-2022-0869 DESCRIPTION: Spirit could allow a remote attacker to conduct phishing attacks,...

6.1CVSS5.2AI score0.0262EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 3:55 p.m.60 views

Security Bulletin: Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM

Summary Multiple vulnerabilities CVE-2009-4521; CVE-2015-0250; CVE-2017-5662; CVE-2018-8013; CVE-2019-17566; CVE-2020-11987; CVE-2009-4269; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2021-41033 found in TCRtoolkit component present in IBM Tivoli Network Manager...

9.8CVSS10AI score0.19523EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.60 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-29736 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to...

8.8CVSS8AI score0.52331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 5:1 p.m.60 views

Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)

Summary Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: PHP allowing remote attacker to execute arbitrary code, obtain sensitive information, local authenticated attacker gain elevated privileges on the system, cross-site request forgery and...

9.8CVSS9.2AI score0.49336EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/13 1:51 p.m.60 views

Security Bulletin: IBM Performance Management is affected by multiple vulnerabilities in IBM Websphere Application Server (CVE-2021-39031, CVE-2022-22393, and CVE-2022-22476)

Summary Multiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote autheticated attacker to conduct an LDAP injection; issue a request to obtain the status of HTTP/HTTPS ports; and/or use a specially crafted request. Details are described in CVE-2021-39031,...

8.8CVSS7.2AI score0.02275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.60 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud October 2021 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

9.8CVSS8.9AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 1:40 p.m.60 views

Security Bulletin: CVE-2021-41041 may affect IBM® Semeru Runtime

Summary CVE-2021-41041 was addressed in Eclipse OpenJ9 version 0.32 Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by failing to throw the exception captured during bytecode verification when verificatio...

5.4AI score0.00985EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000