Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.60 views

Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send withou...

9.1CVSS1.1AI score0.81466EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/16 4:1 p.m.60 views

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Performance Tester

Summary Eclipse Jetty contains vulnerabilities that may allow a remote attacker to obtain sensitive information, cause execution of scripts without their knowledge and experience denial of service attacks. Vulnerability Details CVEID: CVE-2019-10241 DESCRIPTION: Eclipse Jetty is vulnerable to...

6.1CVSS0.7AI score0.09591EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/05 12:59 p.m.60 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Personal Communications (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Personal Communications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

5CVSS6.5AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.60 views

Security Bulletin: Vulnerability in Linux Kernel affects IBM Flex System Networking Switch Products (CVE-2017-6214)

Summary IBM Flex System Networking Switch Products have addressed the following vulnerability in Linux Kernel. Vulnerability Details Summary IBM Flex System Networking Switch Products have addressed the following vulnerability in Linux Kernel. Vulnerability Details: CVEID: CVE-2017-6214...

7.5CVSS0.4AI score0.04666EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/08 4:15 p.m.60 views

Security Bulletins for Emptoris Program Management

Question Security Bulletins for Emptoris Program Management Answer This article tracks all Security Bulletins for Emptoris Program Management. IBM's Product Security Incident Response Team PSIRT follows the NIST guidelines for determining the severity rating of the reported vulnerability - see "N...

10CVSS1.4AI score0.99999EPSS
Exploits23
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/07 2:45 a.m.60 views

Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620)

Summary IBM QRadar Network Security has addressed the following CPU vulnerability. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution featur...

5.6CVSS0.7AI score0.05577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/04 1:50 a.m.60 views

Security Bulletin: Public disclosed vulnerability from Apache Poi

Summary Public disclosed vulnerability from Apache Poi Vulnerability Details CVEID: CVE-2017-12626 Description: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to op...

7.5CVSS1AI score0.10248EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/15 4:37 p.m.60 views

Security Bulletin: Multiple Vulnerabilities found in products bundled with IBM Security Access Manager for Enterprise Single-Sign On

Summary IBM HTTP Server is shipped as a component of IBM Security Access Manager for Enterprise Single-Sign On. Information about Security vulnerabilities affecting IBM HTTP Server Vulnerability Details Security Bulletin: Information disclosure in IBM HTTP Server CVE-2017-12613 Security Bulletin:...

8.1CVSS1AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 5:8 a.m.60 views

Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher affects Communications Server for Data Center Deployment, Communications Server for AIX, Linux, Linux on System z, and Windows (CVE-2016-2183)

Summary Sweet32 exposes a problem in the Triple DES algothorim for sessions that receive more than 2 GBytes of data on an encrypted session. Once beyond that amount of data, the algorithm allows for a intrusion that can be more easily decrypted. Vulnerability Details CVEID: CVE-2016-2183...

7.5CVSS0.9AI score0.95707EPSS
Exploits7Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/24 4:27 p.m.60 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0.16.60 and earlier, 6.1.8.60 and earlier, 7.0.10.20 and earlier, 7.1.4.20 and earlier, 8.0.5.10 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2018...

7.7CVSS1AI score0.03966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/25 5:54 a.m.60 views

Security Bulletin: A security vulnerability has been identified in IBM Cognos Business Intelligence shipped with IBM Cognos Planning (CVE-2016-5388).

Summary IBM Cognos Business Intelligence is shipped with IBM Cognos Planning. Information about a security vulnerability affecting IBM Cognos Business Intelligence has been published in a security bulletin. Vulnerability Details Refer to the security bulletin listed in the Remediation/Fixes...

2.1AI score0.50896EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:37 a.m.60 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-6074 DESCRIPTION: Linux kernel is vulnerable to a denial of service, caused by improper handling of DCCPPKTREQUEST packet data structures in the...

10CVSS1.4AI score0.24299EPSS
Exploits34Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.60 views

Security Bulletin: Vulnerabilities in Qemu affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in Qemu. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-6835 DESCRIPTION: QEMU is vulnerable to a denial of service, caused by a buffer-over-read issue in vmxnettxpktparseheaders function in hw/net/vmxnettxpkt.c. ...

7.1CVSS0.5AI score0.01214EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:51 a.m.60 views

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840

Summary There are vulnerabilities in OpenSSH which the IBM FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-6515 and CVE-2016-6210 could make the system susceptible to attacks which could allow an attacker to consume all available CPU resources or to enumerate users ...

7.8CVSS0.4AI score0.88944EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.60 views

Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2015-0240)

Summary A fix is available for IBM Storwize V7000 Unified, for the security issue that an attacker could execute arbitrary code on the system by exploiting a vulnerability in Samba Vulnerability Details CVEID: CVE-2015-0240 DESCRIPTION: Samba is used in IBM Storwize V7000 Unified to enable file...

10CVSS1.2AI score0.87636EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:9 p.m.60 views

Security Bulletin: Vulnerability in SSLv3 affects IBM Content Navigator (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the Knowledge Center for IBM Content Navigator V2.0.3. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote...

4.3CVSS0.8AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.60 views

Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities

Summary IBM Security Guardium Big Data Intelligence SonarG has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2016-8735 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener...

9.8CVSS1.1AI score0.91354EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:2 p.m.60 views

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump

Summary IBM QRadar Network Security has addressed vulnerabilities in tcpdump. Vulnerability Details CVEID: CVE-2016-7986 DESCRIPTION: tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the GeoNetworking parser in the print-geonet.c and other functions. By sending an...

9.8CVSS1.4AI score0.19028EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:1 p.m.60 views

Security Bulletin: IBM Security Access Manager is affected by an OpenSSL vulnerability (CVE-2016-8610)

Summary IBM Security Access Manager has addressed the following OpenSSL vulnerability known as "SSL-Death-Alert". Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL...

7.5CVSS2AI score0.39657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:59 p.m.60 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by IBM Security Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details CVEID: CVE-2017-3272 DESCRIPTION: An unspecified vulnerabilit...

9.6CVSS1AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:47 p.m.60 views

Security Bulletin: IBM Security Guardium is affected by OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016] vulnerabilities (multiple CVEs)

Summary IBM Security Guardium is affected by OpenSSL Security Advisory 22 Sep 2016 and 26 Sep 2016 vulnerabilities. IBM Security Guardium has fixed these issues. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to consider...

9.8CVSS0.9AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:40 p.m.60 views

Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available

Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2016-0402 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no...

7.1CVSS1AI score0.38709EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:40 p.m.60 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM QRadar SIEM and QRadar Incident Forensics.

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM QRadar SIEM and Incident Forensics. IBM QRadar SIEM and Incident Forensics has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened encryption"...

10CVSS1.3AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.60 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM PureApplication System (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM PureApplication System. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but...

10CVSS0.7AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.60 views

Security Bulletin: Vulnerability in SSLv3 affects IBM MQ Light (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM MQ Light. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information,...

4.3CVSS1.1AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:0 a.m.59 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.1 Vulnerability Details CVEID:CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

9.8CVSS10AI score0.03168EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:58 a.m.59 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory le...

9.8CVSS9.5AI score0.36081EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:27 a.m.59 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to access control issue (CVE-2022-43920)

Summary IBM Sterling B2B Integrator has addressed the access control security vulnerability. Vulnerability Details CVEID:CVE-2022-43920 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an authenticated user to gain privileges in a different group due to an access control...

8.8CVSS8.7AI score0.00549EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:18 a.m.59 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to authentication bypass (CVE-2022-40616)

Summary IBM Maximo Asset Management is vulnerable to authentication bypass. Vulnerability Details CVEID:CVE-2022-40616 DESCRIPTION: IBM Maximo Asset Management could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. CVSS Base...

8.1CVSS7.2AI score0.00479EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:3 a.m.59 views

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-35714)

Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2022-35714 DESCRIPTION: IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows...

5.4CVSS5.2AI score0.00398EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 11:4 p.m.59 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.

Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...

8.2CVSS9.2AI score0.8496EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/19 4:32 p.m.59 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect v10.0.9.0 Vulnerability Details CVEID:CVE-2024-5535 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the SSLselectnextproto API function when calling with an empty supported client...

9.8CVSS9.6AI score0.27018EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 10:3 p.m.59 views

Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2023-36328) due to tcl

Summary Vulnerability in tcl could allow a remote attacker to execute arbitrary code or cause a denial of service CVE-2023-36328. Vulnerability Details CVEID:CVE-2023-36328 DESCRIPTION: libtom libtommath is vulnerable to an integer buffer overflow, caused by improper bounds checking by mpgrow. By...

9.8CVSS8.2AI score0.01254EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/30 4:56 p.m.59 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

10CVSS10AI score0.29179EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 10:4 p.m.59 views

Security Bulletin: AIX is affected by information disclosure (CVE-2023-45803) and arbitrary code execution (CVE-2024-6345) due to Python

Summary Vulnerabilities in Python could allow a remote attacker to obtain sensitive information CVE-2023-45803 or execute arbitrary code CVE-2024-6345. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow ...

8.8CVSS7.9AI score0.01939EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 8:24 a.m.59 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

8.1CVSS8.2AI score0.03967EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/12 3:44 p.m.59 views

Security Bulletin: Vulnerability with Perl, Snappy, Psf Request, spring-web-5.3.33.jar , Apache HTTP Server, OpenJDK, affect IBM Cloud Object Storage Systems (July 2024v1)

Summary Vulnerability with Perl CVE-2023-47038, Snappy CVE-2024-36124, Psf Request CVE-2024-35195, spring-web-5.3.33.jar CVE-2024-22262 , Apache HTTP Server, CVE-2024-24795, CVE-2023-38709 OpenJDK CVE-2024-21094, CVE-2024-21011, CVE-2024-21085, CVE-2024-21068, CVE-2024-21012,. This vulnerability...

8.1CVSS8.1AI score0.03914EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 2:1 p.m.59 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a fl...

9.8CVSS10AI score0.99931EPSS
Exploits51Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 3:19 p.m.59 views

Security Bulletin: EDB Postgres Advanced Server (EPAS)

Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain...

9.8CVSS7.5AI score0.00772EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/11 9:52 a.m.59 views

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597...

9.1CVSS8.8AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 6:39 p.m.59 views

Security Bulletin: IBM Storage Fusion is vulnerable to denial of server, and security bypass due to Golang vulnerabilities.

Summary Golang Go and Golang packages are used by IBM Storage Fusion and thus IBM Storage Fusion may be vulnerable to the vulnerabilities listed below. CVE-2022-29526, CVE-2022-21698, CVE-2021-41190, CVE-2018-20699, CVE-2024-24786, CVE-2023-39325, CVE-2023-48795. Vulnerability Details...

7.5CVSS8.5AI score0.9378EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 8:6 p.m.59 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unspecified vulnerabilities and sensitive information exposure due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by unspecified vulnerabilities and sensitive information exposure due to IBM Java 8. IBM Sterling Connect:Direct for UNI...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 11:20 p.m.59 views

Security Bulletin: IBM InfoSphere Information Server is affected by OpenSSL Vulnerability (CVE-2023-2650)

Summary A vulnerability in OpenSSL used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CM...

6.5CVSS7AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/18 2:14 p.m.59 views

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities

Summary Ansible-operator and opm are used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduling-operator and ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities...

9.8CVSS9.3AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 2:17 p.m.59 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service.

Summary IBM Db2 Web Query for i is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-34034 and CVE-2023-44981 and denia...

9.8CVSS8.1AI score0.03465EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 6:47 a.m.59 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. CVE-2023-28322, CVE-2023-28320, CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caus...

5.9CVSS7.1AI score0.02658EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 4:13 p.m.59 views

Security Bulletin: Axios is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Axios which is vulnerable to CVE-2023-45857. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/26 9:53 p.m.59 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Grafana (CVE-2023-1410)

Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-1410 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1410 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper...

6.2CVSS5.5AI score0.00954EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/19 6:1 p.m.59 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier

Summary This fix upgrades to node 18.19.0. Vulnerability Details CVEID:CVE-2023-39332 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass using non-Buffer Uint8Array objects. By sending a specially crafted request, an attacker coul...

9.8CVSS7AI score0.01819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 2:54 a.m.59 views

Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-50164)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.33. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the...

9.8CVSS9.8AI score0.80819EPSS
Exploits15Affected Software1
Total number of security vulnerabilities5000