Lucene search
K
IbmMost viewed

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.61 views

Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050)

Summary Apache Solr is vulnerable to a denial of service attack. Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header...

7.5CVSS1AI score0.83175EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:12 p.m.62 views

Security Bulletin: Vulnerability in Apache POI affects IBM Emptoris Services Procurement (CVE-2017-5644)

Summary Open Source Apache Poi vulnerability affects IBM Emptoris Services Procurement Vulnerability Details CVE-ID: CVE-2017-5644 Description: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-craft...

7.1CVSS5.9AI score0.04595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:58 p.m.61 views

Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM Smart Analytics System 5600. Vulnerability Details CVE-ID:...

10CVSS1.7AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:39 p.m.61 views

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2016-0603)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 & 7 that are used by IBM ILOG CPLEX Optimization Studio. JRE installation executables on the Windows platform are affected by this vulnerability. Vulnerability Details CVE-ID: CVE-2016-0603 Descriptio...

7.6CVSS8.4AI score0.04066EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:36 p.m.61 views

Security Bulletin: Vulnerability in GSKit affect IBM SPSS Modeler (CVE-2015-1788)

Summary GSKit is an internal component used by IBM SPSS Modeler. The GSKit contains a security vulnerability which may cause infinite loop. The issue is identified by the specified CVE below. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

4.3CVSS2.1AI score0.23222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:6 p.m.61 views

Security Bulletin: Link Injection vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0970)

Summary Link Injection vulnerabilities can allow an attacker to embed links URLs to an external site or to different pages forms within IBM® InfoSphere® Master Data Management - Collaborative Edition. The links can appear to be valid application links. Clicking a link might cause the user to...

3.5CVSS5.3AI score0.00772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.61 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivere...

8.3CVSS1.2AI score0.06905EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.61 views

Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Please consult the...

1.1AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.61 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle April 2017 Critical Patch Update, plus five additional vulnerabilities Vulnerability Details CVE IDs: CVE-2017-3514 CVE-2017-3512 CVE-2017-3511 CVE-2017-3509 CVE-2017-3544 CVE-2017-3533 CVE-2017-3539 CVE-2017-1289 CVE-2016-9840 CVE-2016-9841...

9.8CVSS6.9AI score0.07489EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.61 views

Security vulnerability found in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2014-0114)

Abstract Information about a security vulnerability affecting IBM WebSphere Application Server shipped as a component of IBM PureApplication System has been published in a security bulletin. Content IBM WebSphere Application Server is shipped as a component of IBM PureApplication System...

7.5CVSS1.8AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:31 a.m.60 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js

Summary Vulnerabilities in Node.js such as remote attacker bypass security restrictions may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-30581 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of proto in...

8.8CVSS8AI score0.01817EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:58 a.m.60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory le...

9.8CVSS9.5AI score0.36081EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:56 a.m.60 views

Security Bulletin: Unauthenticated Path Traversal security vulnerability CVE-2023-38366 in IBM Content Navigator in FileNet Content Manager

Summary Unauthenticated Path Traversal security vulnerability CVE-2023-38366 in Administration Console for Content Platform Engine ACCE/IBM Content Navigator ICN in FileNet Content Manager FNCM Vulnerability Details CVEID:CVE-2023-38366 DESCRIPTION: IBM Content Navigator could allow a remote...

5.3CVSS5.3AI score0.00754EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 9:9 p.m.60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

8.1CVSS9.6AI score0.99999EPSS
Exploits23Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 9:47 p.m.60 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

7.4CVSS5.3AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 2:5 a.m.60 views

Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

Summary IBM Aspera Faspex may be vulnerable to exposing data improperly CVE-2022-22497 due to an incorrectly computed security token. Vulnerability Details CVEID:CVE-2022-2497 DESCRIPTION: GitLab Community Edition and GitLab Enterprise Edition could allow a remote authenticated attacker to obtain...

8.5CVSS7.1AI score0.01105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 6:5 p.m.60 views

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd

Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details CVEID:CVE-2023-26604 DESCRIPTION: systemd could allow a local authenticated attacker to gain elevated privileges on the...

7.8CVSS8.9AI score0.01051EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:49 a.m.60 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site...

7.5CVSS8.6AI score0.03397EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:28 p.m.60 views

Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...

5.9CVSS6.5AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/04 6:58 p.m.60 views

Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...

7.5CVSS8AI score0.00937EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 12:11 p.m.60 views

Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input...

6.5CVSS6.6AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:56 p.m.60 views

Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details CVEID:CVE-2024-11...

7.5CVSS7.6AI score0.76875EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/01 9:46 p.m.60 views

Security Bulletin: IBM Controller has addressed multiple vulnerabilities

Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details CVEID:CVE-2023-40695 DESCRIPTION: IBM Cognos Controller...

9.8CVSS9.8AI score0.28839EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/26 7:52 p.m.60 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2023-6237 and CVE-2024-0727)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

5.9CVSS6.1AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 10:39 a.m.60 views

Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483

Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-29483...

7CVSS7.2AI score0.01857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 2:3 a.m.60 views

Security Bulletin: IBM Spectrum Conductor provides upgraded software packages to address known CVEs

IBM Spectrum Conductor 2.5.1 Fix 601861 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601861. IBM Spectrum Conductor 2.5.1 Fix 601861 is a security fix that provides upgraded versions of software packages included with IBM Spectru...

8.1CVSS7.2AI score0.44515EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:55 p.m.60 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)

Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

9.8CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/18 12:4 p.m.60 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

5.3CVSS6.1AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 5:48 p.m.60 views

Security Bulletin: IBM Security Verify Access is vulnerable to Rapid Reset attacks if HTTP2 is enabled (CVE-2023-44487)

Summary The Webseal component of IBM Security Verify Access product is vulnerable to CVE-2023-44487, a flaw in handling multiplexed streams in the HTTP/2 protocol. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 3:21 p.m.60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain...

9.8CVSS9.1AI score0.64509EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/30 8:55 p.m.60 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719, CVE-2023-38740, CVE-2023-30991, CVE-2023-38720,...

9.8CVSS7.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/08 8:47 a.m.60 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to Engine.IO denial of service (CVE-2023-31125)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a denial of service of Engine.IO with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-31125 DESCRIPTION: Engine.IO is vulnerable to a denial of service, caused by an uncaught...

6.5CVSS6.5AI score0.01327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 9:43 a.m.60 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js

Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....

7.5CVSS8.1AI score0.03906EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 1:29 p.m.60 views

Security Bulletin: CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced

Summary CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel ...

7.5CVSS7.3AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:3 p.m.60 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

8.1CVSS7.4AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/19 8:19 a.m.60 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd

Summary Multiple issues were identified in Red Hat UBI packages Kubernetes, curl, systemd that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...

8.2CVSS7.2AI score0.02511EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/13 6:26 p.m.60 views

Security Bulletin: IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability...

7.5CVSS7.8AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 6:12 a.m.60 views

Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center (CVE-2023-29257, CVE-2023-29255, CVE-2023-27555, CVE-2023-26021, CVE-2023-25930, CVE-2023-26022, CV)

Summary IBM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11....

7.5CVSS7.4AI score0.01513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/22 11:42 p.m.60 views

Security Bulletin: Vulnerabilities in Python may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python. Vulnerabilities include denial of service on the system and obtaining sensitive information as described by the CVEs in the "Vulnerability Details" section...

7.5CVSS8AI score0.03213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 2:12 p.m.60 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. This has been addressed in the remediation section. Vulnerability Detail...

5.3CVSS4.9AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/19 3:11 p.m.60 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP response splitting attacks due to a use of malicious backend and a denial of service attack due to an out-of-bounds read or write as described in the vulnerability details section. IBM i has addressed the CVEs by providing...

7.5CVSS7.9AI score0.57941EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.60 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Management Module (IMM) for System x & BladeCenter

Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in OpenSSH. Vulnerability...

7.8CVSS7.4AI score0.58568EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 3:15 p.m.60 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Go, Java and Node.js Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable...

7.5CVSS7.8AI score0.04888EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 10:16 p.m.60 views

Security Bulletin: IBM MQ is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)

Summary IBM MQ Managed File Transfer is affected by a vulnerability in Apache Commons Net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusting the host from PASV...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 6:30 a.m.60 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001 Vulnerability Details Refer to the...

9.8CVSS8AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.60 views

Security Bulletin:A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem models 840 and 900 (CVE-2015-3238)

Summary There is a vulnerability in Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability...

6.5CVSS6.8AI score0.02705EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.60 views

Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in GNU Bash to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2016-0634, CVE-2016-7543, CVE-2016-9401 could make the system susceptible to an attack which could allow an attacker to execute arbitrary co...

8.4CVSS7.8AI score0.06019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.60 views

Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Mozilla Network Security Services NSS to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-2834, CVE-2016-5285, and CVE-2016-8635 could allow a remote attacker to execute arbitrary code, to recov...

9.3CVSS9AI score0.0338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 8:51 p.m.60 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details CVEID:CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacke...

8.3CVSS7.3AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 9:0 p.m.60 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Oracle® MySQL

Summary IBM Security Guardium has addressed these vulnerabilities by updating the affected component. Vulnerability Details CVEID:CVE-2022-21538 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Encryption component could allow an authenticated...

6.5CVSS6.8AI score0.50698EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000