Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 11:51 a.m.156 views

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-45046)

Summary A Remote Code Execution issue was identified within the Log4j fix for CVE-2021-44228 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers a...

10CVSS0.7AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/02 9:41 p.m.156 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 Fix Pack 4 and IBM Cognos Analytics 11.2.1. Vulnerability Details CVEID: CVE-2015-2156 DESCRIPTION: Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in a...

9.8CVSS10.3AI score0.99019EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:45 a.m.155 views

Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]

Summary IBM Cloud Pak for Business Automation is affected but not classified as vulnerable to a remote code execution in Spring Framework as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Bo...

9.8CVSS9.2AI score0.99677EPSS
Exploits101Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 2:56 p.m.155 views

Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2017-5645 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS10.9AI score0.8904EPSS
Exploits50Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/02 5:31 p.m.154 views

Security Bulletin: AIX is vulnerable to sensitive information exposure due to Perl (CVE-2023-31484 and CVE-2023-31486)

Summary UPDATED Nov 2: iFixes are now available for Perl 5.28.1 and 5.34.1. Perl version 5.28.1.7 and higher, and Perl version 5.34.1.4 and higher, have a dependency on OpenSSL 3.0. The iFixes are offered in lieu of updating to OpenSSL 3.0 and Perl 5.28.1.8 and 5.34.1.4. The iFixes may be...

8.1CVSS7.2AI score0.01742EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/18 2:3 p.m.154 views

Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2021-41617)

Summary There is a vulnerability in OpenSSH used by AIX. Vulnerability Details CVEID: CVE-2021-41617 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when certain non-default configurations are used. By executing an...

7CVSS0.9AI score0.02367EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 12:20 p.m.154 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-44228. Vulnerabili...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/10 6:18 a.m.154 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228)

Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-44228. However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are used in the...

10CVSS1.3AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:53 p.m.154 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Event Streams (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by the IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:50 p.m.153 views

Security Bulletin: Sweet32 vulnerability affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-2183)

Summary Sweet32 vulnerability affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to...

7.5CVSS0.6AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/20 9:6 a.m.153 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Operational Decision Manager (CVE-2021-44228)

Summary Rule Designer, shipped with IBM Operational Decision Manager since version 8.10.4 includes log4j-core.jar that contains the vulnerable code. The fix includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

10CVSS1.5AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 4:32 a.m.152 views

Security Bulletin: Log4JShell Vulnerability affects IBM SPSS Modeler (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that was included in IBM SPSS Modeler. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure...

10CVSS2.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/01 11:47 a.m.151 views

Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)

Summary The Netcool/Omnibus 'Administrator GUI' and 'Operator GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache...

10CVSS1.6AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/18 8:39 a.m.150 views

Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability)

Summary There is a vulnerability in Apache-Log4j that impacts IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization ...

9.8CVSS9.4AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/28 5:37 p.m.149 views

Security Bulletin: MAS Monitor 8.4, 8.5, and 8.6 log4j

Summary A new vulnerability with log4j has been detected. MAS Monitor uses log4j in all releases and interim fixes are now available for our 8.4, 8.5 and 8.6 releases. More details of the vulnerability are available here: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Vulnerability Details...

10CVSS7.9AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 1:46 p.m.149 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2022-46364)

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

9.8CVSS9.8AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.148 views

Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600)

Summary A security vulnerability has been discovered in OpenSSH used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-5600 DESCRIPTION: OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive...

8.5CVSS5.5AI score0.09302EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 2:58 p.m.148 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)

Summary There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM...

10CVSS0.6AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 6:7 a.m.148 views

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent

Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM LKS Administration And Reporting Tool and its Agent. A fix is available to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a...

10CVSS1.3AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/05 7:7 p.m.148 views

Security Bulletin: Public disclosed vulnerability from SQLite CVE-2019-8457

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following SQLite vulnerability: SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when the FTS3 extension is enabled. By using...

9.8CVSS1.2AI score0.45426EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/17 8:35 a.m.147 views

Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...

6.6CVSS8.6AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.147 views

Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)

Summary Potential DOS due to weak IPv4 and IPv6 sequence numbers Vulnerability Details CVEID: CVE-2011-3188 DESCRIPTION: The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes i...

9.1CVSS8.8AI score0.05689EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/01 1:47 p.m.147 views

Notice: CentOS6 applications and mitigation for CVEs

Problem A security bulletin is issued to users on several QRadar versions identifying CVEs related to CentOS6 base images used in QRadar applications. Administrators are advised per the security bulletin to upgrade applications to mitigate the security issue. Cause Applications that use a CentOS6...

6.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/15 9:10 p.m.147 views

Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-7656).

Summary IBM Aspera Webapps are vulnerable to cross-site scripting. See vulnerability details for more information. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remot...

6.1CVSS1.5AI score0.06273EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/25 4:46 p.m.147 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM GPFS for Windows (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM GPFS for Windows V3.5 Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properl...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:35 p.m.147 views

Security Bulletins for IBM Tealeaf Customer Experience offerings

Abstract Support for IBM Tealeaf Customer Experience offerings is found in the IBM Client Success Portal at https://support.ibmcloud.com/, which requires login. For your convenience, Security Bulletins for IBM Tealeaf Customer Experience offerings are listed here, most recent at top, and do not...

10CVSS0.6AI score0.99999EPSS
Exploits287
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 2:33 p.m.146 views

Security Bulletin: AIX is vulnerable to cache poisoning due to ISC BIND (CVE-2021-25220)

Summary A vulnerability in ISC BIND could allow a remote attacker to poison the cache CVE-2021-25220. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error...

6.8CVSS6.8AI score0.0325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:39 p.m.146 views

Security Bulletin: OpenSource Python Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-5699, CVE-2016-5636)

Summary Vulnerabilities in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager Vulnerability Details CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to...

10CVSS0.4AI score0.2548EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 9:38 a.m.145 views

Security Bulletin: Vulnerability in Apache HTTP Server ( CVE-2023-25690 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with...

9.8CVSS9.3AI score0.8377EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/18 3:9 p.m.145 views

Security Bulletin: Vulnerabilities in Apache Shiro (CVE-2022-40664) and Apache Commons FileUpload (CVE-2023-24998) affect IBM WebSphere Service Registry and Repository.

Summary A bypass security restrictions vulnerability in Apache Shiro CVE-2022-40664 and a denial of service vulnerability in Apache Commons File Upload CVE-2023-24998 affect IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2022-40664 DESCRIPTION: Apache Shiro could...

9.8CVSS8.1AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/01 6:13 a.m.145 views

Security Bulletin: Security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (CVE-2022-22389, CVE-2022-25313, CVE-2022-25236, CVE-2022-25314, CVE-2022-25315, CVE-2022-25235 and CVE-2022-22390)

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS8.7AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 5:6 p.m.145 views

Security Bulletin: The LogJam Attack on Diffie-Hellman ciphers (CVE-2015-4000) affects some versions of the DS8000.

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 affects some versions of the DS8000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT...

4.3CVSS4.7AI score0.9986EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 3:27 p.m.145 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-45046)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

10CVSS1AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 2:58 a.m.145 views

Security Bulletin: IBM Cognos Controller 10.4.2 IF16: Apache Log4j vulnerability (CVE-2021-45046)

Summary IBM Cognos Controller is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-45046 vulnerability. IBM Cognos Controller has upgraded Apache Log4j to...

10CVSS0.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/15 12:58 a.m.145 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2021) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2021. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclip...

9.8CVSS1.3AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/27 5:44 p.m.145 views

Security Bulletin: Publicly disclosed vulnerability from OpenSSH affects IBM Netezza Host Management

Summary OpenSSH is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the...

7.8CVSS0.9AI score0.12996EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 1:57 p.m.144 views

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for File Systems (CVE-2021-44228)

Summary Apache Log4j open source library is used by Content Collector for File Systems. The vulnerability affects the Content Collector AFUKnowledgeCenter component. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTIO...

10CVSS1.1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/08 5:42 p.m.143 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-32214 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to strictly use the CRLF sequence to delimit HTTP requests by the llhttp parser in the http module. ...

8.1CVSS8.3AI score0.77766EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 12:14 p.m.143 views

Security Bulletin: Due to use of Apache Log4j, IBM Watson Explorer is vulnerable to arbitrary code execution (CVE-2021-44832, CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the security vulnerabilities CVE-2021-44832, CVE-2021-45105, and CVE-2021-45046 by upgrading IBM Watson Explorer to Apache Log4j v2.17.1. Vulnerability Details CVEID:...

10CVSS0.8AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 6:47 a.m.143 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j2 affect IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center

Summary There is a vulnerability in Apache Log4j2 used by IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center. IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center have addressed the applicable CVE. Customers are encouraged to take action by executing the mitigation...

10CVSS1.1AI score0.99999EPSS
Exploits354Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 9:2 p.m.143 views

Security Bulletin: Apache HTTP Server as used in IBM QRadar SIEM is vulnerable to server-side request forgery (SSRF) (CVE-2021-40438)

Summary Apache HTTP Server as used in IBM QRadar SIEM is vulnerable to server-side request forgery SSRF CVE-2021-40438 Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially...

9CVSS0.8AI score0.99999EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/17 2:52 p.m.143 views

Security Bulletin: Vulnerability has been identified in SnakeYAML used by IBM Dependency Based Build

Summary A vulnerability has been identified in SnakeYAML used by IBM Dependency Based BUild. SnakeYAML is used to load local YAML property files and is unlikely to cause a DoS incident described in the Vulnerability Details below. However, IBM recommends upgrading to version 1.1.0 or later...

7.5CVSS1AI score0.26723EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 2:50 p.m.141 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute...

7.5CVSS7.8AI score0.17673EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/23 10:32 p.m.141 views

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary RamdaCVE-2021-42581 is vulnerable to remote attackers to execute arbitrary code on the system, caused by a prototype pollution in functions. An attacker could exploit this vulnerability to execute arbitrary code on the system. Node-forgeCVE-2022-24773, 217313, CVE-2022-24771, CVE-2020-772...

9.8CVSS9.8AI score0.04581EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/21 9:59 a.m.141 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Integrated Analytics System.

Summary Apache Log4j used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2022-23302. Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system,...

8.8CVSS1.5AI score0.61785EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 5:24 a.m.141 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-4104, CVE-2021-45046)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.1.1.x and 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104...

10CVSS1.2AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 2:44 p.m.139 views

Security Bulletin: OpenSSL and OpenSSH for IBM i are vulnerable to arbitrary code execution, denial of service, and security restrictions bypass due to multiple vulnerabilities.

Summary OpenSSH for IBM i is vulnerable to arbitrary code execution due to a flaw in ssh-agent CVE-2023-38408, OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in DH key check CVE-2023-3817, a denial of service due to using an object to text function CVE-2023-2650, and a...

9.8CVSS8AI score0.76768EPSS
Exploits10Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/19 9:3 a.m.139 views

Security Bulletin: Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934)

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Flask and Pallets Werkzeug include obtain sensitive information, denial of service attacks and bypass security restrictions, as described by the CVEs in the "Vulnerability Details"...

7.5CVSS6.9AI score0.0142EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 6:59 a.m.138 views

Security Bulletin: IBM Cloud Pak for Applications is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Security Bulletin: IBM Cloud Transformation Advisor, which is bundled with IBM Cloud Pak for Applications, is affected by Apache Log4j vulnerability CVE-2021-44228. Log4j is used by IBM Cloud Transformation Advisor for generating logs in some components and tools. This bulletin provides a...

10CVSS1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/16 8:17 a.m.137 views

Security Bulletin: IBM Event Processing is vulnerable to a denial of service (CVE-2023-4043).

Summary IBM Event Processing is vulnerable to a denial of service due to parsson-1.1.2.jar component. Parsson provides an implementation of Jakarta JSON Processing Specification. Vulnerability Details CVEID:CVE-2023-4043 DESCRIPTION: Eclipse Parsson is vulnerable to a denial of service, caused by...

7.5CVSS6.4AI score0.00764EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000