Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/01/02 8:21 p.m.•59 views

Security Bulletin: Multiple security vulnerabilities in Redis may affect IBM Robotic Process Automation for Cloud Pak

Summary Redis is used by IBM Robotic Process Automation for Cloud Pak as part of the server component. CVE-2022-35977, CVE-2022-36021, CVE-2023-25155, CVE-2023-28856. Vulnerability Details CVEID:CVE-2022-35977 DESCRIPTION: Redis is vulnerable to a denial of service, caused by an integer overflow...

6.5CVSS6.7AI score0.59706EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/20 7:4 p.m.•59 views

Security Bulletin: AIX is vulnerable to a denial of service due to the AIX SMB client (CVE-2023-45165)

Summary A vulnerability in the AIX SMB client daemon could allow a non-privileged local user to cause a denial of service CVE-2023-45165. AIX uses the SMB client daemon to access files on SMB servers. Vulnerability Details CVEID:CVE-2023-45165 DESCRIPTION: IBM AIX could allow a non-privileged loc...

6.2CVSS5.6AI score0.00171EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/15 1:4 p.m.•59 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. An attacker could exploit these vulnerabilities to escalate privileges, gaining elevated privileges or cause the system to crash, to execute arbitrary management commands on the system and cause a denial...

7.8CVSS8.6AI score0.02154EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/07 11:0 p.m.•59 views

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in OpenSSL

Summary The following vulnerabilites in OpenSSL have been addressed by IBM RackSwitch firmware products. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an...

7.5CVSS7.2AI score0.50732EPSS
Exploits3Affected Software9
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/21 1:18 p.m.•59 views

Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

Summary There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite CVE-2023-26049 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in...

5.3CVSS5.5AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/14 3:29 p.m.•59 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities (CVE-2023-2828, CVE-2023-24329, CVE-2022-4839)

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2023-2828 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a...

8CVSS7.9AI score0.20459EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/26 5:42 p.m.•59 views

Security Bulletin: There are multiple vulnerabilities in jQuery used by IBM Maximo Asset Management (CVE-2020-11022, CVE-2020-7656, CVE-2020-11023, CVE-2015-9251, CVE-2012-6708)

Summary There are multiple vulnerabilities in jQuery used by IBM Maximo Asset Management CVE-2020-11022, CVE-2020-7656, CVE-2020-11023, CVE-2015-9251, CVE-2012-6708 Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation ...

6.9CVSS7.3AI score0.99019EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/25 8:24 p.m.•59 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.2.1 Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of Module.load. By sending a specially crafted request, ...

10CVSS9.7AI score0.95764EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/04 7:29 a.m.•59 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ 8, which is used by IBM Rational ClearQuest v9.0.2. These issues were disclosed in the IBM Java SDK updates including IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU and Oracle April 2023...

9.1CVSS9.2AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/15 1:35 p.m.•59 views

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics

Summary Eclipse Jetty is used in the solution's microservices bis, auth, analytics, cna as the engine of the HTTP server, underpinning APIs and UI. Several CVEs were found in the version used. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jet...

7.8CVSS6.5AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/08 10:37 a.m.•59 views

Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect IBM® MobileFirst Platform

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSS...

7.5CVSS7.2AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/01 5:17 p.m.•59 views

Security Bulletin: IBM TRIRIGA Application Platform discloses use of Apache Xerces (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duratio...

7.1CVSS6.5AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/01 2:54 p.m.•59 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS9.6AI score0.06031EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/17 6:26 a.m.•59 views

Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent

Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...

9.8CVSS9.9AI score0.96032EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/28 10:12 p.m.•59 views

Security Bulletin: Multiple security vulnerabilities have been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.

Summary Oracle MySQL version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about security vulnerabilities affecting Oracle MySQL has been published here. Vulnerability Details CVE-ID: CVE-2019-2534 Description: An...

7.1CVSS6.8AI score0.04457EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/20 4:49 p.m.•59 views

Security Bulletin: Vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux can affect IBM Spectrum Protect Plus.

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux. Vulnerabilities include causing a denial of service, obtaining sensitive information, bypassing protections and restrictions, causing system crashes,...

9.8CVSS9.8AI score0.59501EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/02 2:23 p.m.•59 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by v4.1.0.4 to v4.1.1.0 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in January 2023. Vulnerability Details Refer to the security bulletins...

5.3CVSS6AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/31 5:23 p.m.•59 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.2 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL...

8.1CVSS8.7AI score0.02559EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/30 5:20 p.m.•59 views

Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2180).

Summary IBM b-type SAN switches and directors has addressed Open Source OpenSSL Vulnerabilities. Vulnerability Details CVEID:CVE-2016-2180 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TSOBJprintbio function. A remote attacker could exploit this...

7.5CVSS7.5AI score0.28533EPSS
Exploits1Affected Software12
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/22 11:34 a.m.•59 views

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines (CVE-2023-30441)

Summary The security issue described in CVE-2023-30441 has been identified in IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE...

7.5CVSS7.2AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/23 7:39 p.m.•59 views

Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

Summary IBM API Connect has addressed the following improper access control vulnerability CVE-2023-28522. Vulnerability Details CVEID:CVE-2023-28522 DESCRIPTION: IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. CVSS Base score: 4.3 CVSS...

8.8CVSS6AI score0.00513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/23 6:3 p.m.•59 views

Security Bulletin: TADDM is vulnerable to a denial of service vulnerability in Apache-Log4j (CVE-2023-26464)

Summary Apache-Log4j version 1 is used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2023-26464. Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender...

7.5CVSS7.5AI score0.01905EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/07 4:51 a.m.•59 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Apache Groovy

Summary Vulnerabilities in Apache Groovy such as remote attacker executing arbitrary code on the system, allowing a local authenticated attacker to obtain sensitive information, may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2015-3253...

9.8CVSS9AI score0.42983EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/28 1:48 a.m.•59 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2016-2108)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code ...

10CVSS7.8AI score0.77906EPSS
Exploits1Affected Software12
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/27 2:57 p.m.•59 views

Security Bulletin: A security vulnerability ( CVE-2022-3509, CVE-2022-3171 ) has been identified in IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server Liberty profile is shipped as a component of IBM Operations Analytics Predictive Insights and is used in the UI component of IBM Operations Analytics Predictive Insights. The vulnerability CVE-2022-3509, CVE-2022-3171, and CVE-2022-46364 could be exploited to...

9.8CVSS6.8AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/24 1:14 p.m.•59 views

Security Bulletin: CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Standard

Summary CVE-2018-1099, CVE-2018-1098 related to etcd package may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-1099 DESCRIPTION: etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS...

8.8CVSS6.9AI score0.01266EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/22 6:36 a.m.•59 views

Security Bulletin: Vulnerability in Log4j affects IBM Integrated Analytics System [CVE-2022-23305]

Summary Redhat provided Log4j is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE-2022-23305 Vulnerability Details CVEID:CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted...

9.8CVSS9.5AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•59 views

Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Mozilla Network Security Services NSS to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-2834, CVE-2016-5285, and CVE-2016-8635 could allow a remote attacker to execute arbitrary code, to recov...

9.3CVSS9AI score0.0338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/16 3:56 a.m.•60 views

Security Bulletin: WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2022-46364. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation. Vulnerability...

9.8CVSS8.3AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 8:49 p.m.•59 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details CVEID:CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVS...

8.1CVSS8.1AI score0.04903EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 5:35 p.m.•59 views

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-23943)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-23943 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in modsed. By sending special...

9.8CVSS9.8AI score0.50401EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/13 8:40 a.m.•59 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to webpack loader-utils vulnerability [CVE-2022-37601]

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to webpack loader-utils vulnerability with details below. This vulnerability has been addressed. CVE-2022-37601 Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: webpack loader-utils could allow a remote attacker to execu...

9.8CVSS9.7AI score0.02601EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/09 6:12 p.m.•59 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.9 and earlier

Summary This fix upgrades to socket.io 4.5.4, protobuf-java 3.21.9 and nodejs 14.21.1. Vulnerability Details CVEID:CVE-2022-41940 DESCRIPTION: Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote...

10CVSS8.1AI score0.14024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/09 4:54 p.m.•59 views

Security Bulletin: Cross-Site Request Forgery vulnerability affects IBM Business Automation Workflow - CVE-2022-42435

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site Request Forgery attack. Vulnerability Details CVEID:CVE-2022-42435 DESCRIPTION: IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is...

8.8CVSS6.5AI score0.00257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 5:31 p.m.•59 views

Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

Summary The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to the following remote code execution CVE's: CVE-2021-46143 CVE-2022-25314 CVE-2022-23990 CVE-2022-22825 CVE-2022-23852 CVE-2022-2282...

9.8CVSS9.8AI score0.34174EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/05 9:50 a.m.•59 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process YAML data may be vulnerable to denial of service due to CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752

Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for processing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

6.5CVSS6.7AI score0.02015EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/11 5:25 p.m.•59 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390)

Summary IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. Vulnerability Details CVEID:CVE-2022-22390 DESCRIPTION: IBM Db2 may be vulnerable to an information disclousre caused by improper privilege management when table...

7.5CVSS6.4AI score0.00899EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/09 6:42 p.m.•59 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2022-29154 DESCRIPTION: Rsync could allow a remote attacker to bypass security...

9.8CVSS8.8AI score0.02299EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/10 10:34 p.m.•59 views

Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages

Summary The z/TPF system was updated to address all the vulnerabilities described by the CVEs that are listed in the Vulnerability Details. These vulnerabilities are related to REST services that are implemented in Java. Vulnerability Details CVEID:CVE-2019-12086 DESCRIPTION: FasterXML...

9.8CVSS10AI score0.49727EPSS
Exploits34Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/06 4:10 a.m.•59 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)

Summary Vulnerabilities contained within libcurl a 3rd party component were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module. Vulnerability Details CVEID:CVE-2022-32205 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by an issue with the...

9.8CVSS7.6AI score0.3197EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 10:21 p.m.•59 views

Security Bulletin: Tivoli Storage Productivity Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)

Abstract Multiple security vulnerabilities exist in the IBM Tivoli Integrated Portal component of Tivoli Storage Productivity Center. Content Vulnerability Details: CVEID: CVE-2013-0464 Description: IBM Eclipse Help System, as used in multiple IBM products, is vulnerable to cross-site scripting. ...

6CVSS7.8AI score0.80318EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 5:45 a.m.•59 views

Security Bulletin: Potential security vulnerability in WebSphere Application Server CVE-2013-1768 PM86780

Abstract Potential security vulnerability in WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-1768 PM86780, PM86786, PM86788 and PM86791 DESCRIPTION: Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file syste...

7.5CVSS8.8AI score0.09511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 3:37 a.m.•59 views

Security Bulletin: IBM InfoSphere Guardium Database Activity Monitoring is affected by vulnerabilities in OpenSSL (CVE-2014-0076, CVE-2014-0160)

Abstract Security vulnerabilities have been discovered in OpenSSL that affect a 3rd party Component used by IBM InfoSphere Guardium. Content VULNERABILITY DETAILS: CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the...

7.5CVSS7.1AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 10:39 p.m.•59 views

Security Bulletin: Tivoli Management Framework affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)

Abstract These vulnerabilities are only applicable to Java deployments where untrusted code may be executed under a security manager e.g. Java applets running in a web browser. Tivoli Management Framework does not have functions that allow external attackers to upload and execute Java code...

4.3CVSS5.7AI score0.06903EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/15 6:55 p.m.•59 views

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java Technology Edition affect WebSphere Process Server (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)

Summary There are multiple vulnerabilities in IBM SDK for JavaTechnology Edition that is used by WebSphere Process Server. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues were disclosed as part of the IBM SDK f...

4.3CVSS3.3AI score0.99999EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 12:26 a.m.•59 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.4

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server Full Profile and Liberty Profile 8.5.5.4, IBM WebSphere Application Server Hypervisor 8.5.5.4 and IBM HTTP Server 8.5.5.4. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM...

6.8CVSS5.3AI score0.99999EPSS
Exploits14Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 12:26 a.m.•59 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server Version 7.0.0.37

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.37, IBM WebSphere Application Server Hypervisor 7.0.0.37 and IBM HTTP Server 7.0.0.37 Vulnerability Details CVE ID:CVE-2014-6167 APAR PI23819 DESCRIPTION: IBM WebSphere Application Server may ...

4.3CVSS4.5AI score0.99999EPSS
Exploits7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/23 4:46 p.m.•59 views

Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details Abstract Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in OpenSSL CVE-2014-0160 and CVE-2014-0076 Content Vulnerability Details: CVE-ID : CVE-2014-0160 Description :...

7.5CVSS7.2AI score0.99999EPSS
Exploits88Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/11 8:58 a.m.•59 views

Security Bulletin: IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module (CVE-2022-29078)

Summary IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module. Mitigation steps to disable node.js have been recommended. CVE-2022-29078 Vulnerability Details CVEID: CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary...

9.8CVSS2.9AI score0.32386EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/27 10:57 p.m.•59 views

Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks or execution of arbitrary code to get sensitive information, overflow a buffer causing the application to crash, and other critical problems...

9.8CVSS1.3AI score0.69062EPSS
Exploits45Affected Software1
Total number of security vulnerabilities5000