Lucene search
K
IbmMost viewed

35747 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/09 6:12 p.m.59 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.9 and earlier

Summary This fix upgrades to socket.io 4.5.4, protobuf-java 3.21.9 and nodejs 14.21.1. Vulnerability Details CVEID:CVE-2022-41940 DESCRIPTION: Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote...

10CVSS8.1AI score0.14024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/09 4:54 p.m.59 views

Security Bulletin: Cross-Site Request Forgery vulnerability affects IBM Business Automation Workflow - CVE-2022-42435

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site Request Forgery attack. Vulnerability Details CVEID:CVE-2022-42435 DESCRIPTION: IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is...

8.8CVSS6.5AI score0.00257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.59 views

Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

Summary The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to the following remote code execution CVE's: CVE-2021-46143 CVE-2022-25314 CVE-2022-23990 CVE-2022-22825 CVE-2022-23852 CVE-2022-2282...

9.8CVSS9.8AI score0.34174EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 8:16 p.m.59 views

Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786)

Summary IBM API Connect has addressed the following vulnerability in OpenSSL CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By...

7.5CVSS8.3AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 9:50 a.m.59 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process YAML data may be vulnerable to denial of service due to CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752

Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for processing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

6.5CVSS6.7AI score0.02091EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/11 5:25 p.m.59 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390)

Summary IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. Vulnerability Details CVEID:CVE-2022-22390 DESCRIPTION: IBM Db2 may be vulnerable to an information disclousre caused by improper privilege management when table...

7.5CVSS6.4AI score0.00906EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 11:7 a.m.59 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module file-type (CVE-2022-36313)

Summary IBM App Connect Enterprise is vulnerable to denial of service due to Node.js module file-type CVE-2022-36313. The fix includes a version of file-type 16.5.4 Vulnerability Details CVEID:CVE-2022-36313 DESCRIPTION: Node.js file-type module is vulnerable to a denial of service, caused by an...

5.5CVSS5.4AI score0.00389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.59 views

Security Bulletin: IBM Robotic Process Automation allows weak passwords prior to 21.0.3 (CVE-2022-35280)

Summary Prior to version 21.0.3 IBM Robotic Process Automation allowed weak passwords that may make it easier for attackers to compromise accounts. As of release 21.0.3 IBM Robotic Process Automation enforces strong passwords. Vulnerability Details CVEID:CVE-2022-35280 DESCRIPTION: IBM Robotic...

9.8CVSS6.7AI score0.00669EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.59 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)

Summary Vulnerabilities contained within libcurl a 3rd party component were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module. Vulnerability Details CVEID:CVE-2022-32205 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by an issue with the...

9.8CVSS7.6AI score0.3197EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 10:21 p.m.59 views

Security Bulletin: Tivoli Storage Productivity Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)

Abstract Multiple security vulnerabilities exist in the IBM Tivoli Integrated Portal component of Tivoli Storage Productivity Center. Content Vulnerability Details: CVEID: CVE-2013-0464 Description: IBM Eclipse Help System, as used in multiple IBM products, is vulnerable to cross-site scripting. ...

6CVSS7.8AI score0.80318EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:37 a.m.59 views

Security Bulletin: IBM InfoSphere Guardium Database Activity Monitoring is affected by vulnerabilities in OpenSSL (CVE-2014-0076, CVE-2014-0160)

Abstract Security vulnerabilities have been discovered in OpenSSL that affect a 3rd party Component used by IBM InfoSphere Guardium. Content VULNERABILITY DETAILS: CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the...

7.5CVSS7.1AI score0.99999EPSS
Exploits89Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 10:39 p.m.59 views

Security Bulletin: Tivoli Management Framework affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)

Abstract These vulnerabilities are only applicable to Java deployments where untrusted code may be executed under a security manager e.g. Java applets running in a web browser. Tivoli Management Framework does not have functions that allow external attackers to upload and execute Java code...

4.3CVSS5.7AI score0.06903EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/21 7:33 p.m.59 views

Security Bulletin: A security vulnerability has been identified in Postgresql shipped with IBM Tivoli Netcool Impact (CVE-2022-26520, CVE-2022-21724, 220313)

Summary Postgresql is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Postgresql has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-26520 DESCRIPTION: DISPUTED In pgjdbc before 42.3.3, an attacker who controls the jdbc URL ...

9.8CVSS9.1AI score0.0301EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 6:47 p.m.59 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Process Server (CVE-2015-7450, CVE-2015-2017, CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)

Summary WebSphere Application Server is shipped as a component of WebSphere Process Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins. Vulnerability Details Please consult the security bulletins Security Bulletin: HT...

10CVSS8.2AI score0.97655EPSS
Exploits10Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 6:44 p.m.59 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Process Server (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary WebSphere Application Server WAS is shipped as a component of WebSphere Process Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. These issues were disclosed as part of the IBM Java SDK updates in January...

5.9CVSS6.5AI score0.05453EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:26 a.m.59 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.4

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server Full Profile and Liberty Profile 8.5.5.4, IBM WebSphere Application Server Hypervisor 8.5.5.4 and IBM HTTP Server 8.5.5.4. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM...

6.8CVSS5.3AI score0.99999EPSS
Exploits14Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:26 a.m.59 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server Version 7.0.0.37

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.37, IBM WebSphere Application Server Hypervisor 7.0.0.37 and IBM HTTP Server 7.0.0.37 Vulnerability Details CVE ID:CVE-2014-6167 APAR PI23819 DESCRIPTION: IBM WebSphere Application Server may ...

4.3CVSS4.5AI score0.99999EPSS
Exploits7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/23 4:46 p.m.59 views

Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details Abstract Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in OpenSSL CVE-2014-0160 and CVE-2014-0076 Content Vulnerability Details: CVE-ID : CVE-2014-0160 Description :...

7.5CVSS7.2AI score0.99999EPSS
Exploits89Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/11 8:58 a.m.59 views

Security Bulletin: IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module (CVE-2022-29078)

Summary IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module. Mitigation steps to disable node.js have been recommended. CVE-2022-29078 Vulnerability Details CVEID: CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary...

9.8CVSS2.9AI score0.32808EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 9:11 p.m.59 views

Security Bulletin: Multiple Vulnerabilities in VMware vCenter affect IBM Cloud Pak System

Summary Multiple vulnerabilities in VMware vCenter plugins affect IBM Cloud Pak System. IBM Cloud Pak System in response to the vulnerabilities in VMware vCenter, provides the new release of IBM Cloud Pak System V2.3.3.4, with a new vCenter Image. Vulnerability Details CVEID: CVE-2021-21985...

10CVSS0.9AI score0.99999EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:57 p.m.59 views

Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks or execution of arbitrary code to get sensitive information, overflow a buffer causing the application to crash, and other critical problems...

9.8CVSS1.3AI score0.69062EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/14 4:25 p.m.59 views

Security Bulletin: OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in the BN_mod_sqrt() function (CVE-2022-0778)

Summary OpenSSL is vulnerable to a denial of service due to a flaw in the BNmodsqrt function as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section. Vulnerability Details CVEID: CVE-2022-0778...

7.5CVSS2.1AI score0.70561EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/30 2:40 a.m.59 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS9AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/28 4:18 p.m.59 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise v11 & v12 (CVE-2021-3711)

Summary Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprsie. The DataDirect ODBC Drivers & Nodejs used by IBM App Connect Enterprise and IBM Integration Bus have addressed the applicable CVEs Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is...

9.8CVSS9.9AI score0.87816EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/12 2:43 a.m.59 views

Security Bulletin: IBM Spectrum Copy Data Management is vulnerable to Slowloris, HTTP header injection, XSS, and CSRF (CVE-2022-22354, CVE-2022-22344, CVE-2021-39055, CVE-2021-39051)

Summary IBM Spectrum Copy Data Management is vulnerable to Slowloris HTTP denial of service, HTTP header injection, cross-site scripting XSS, and server-side request forgery CSRF attacks. Vulnerability Details CVEID: CVE-2022-22354 DESCRIPTION: IBM Spectrum Protect Plus and IBM Spectrum Copy Data...

7.5CVSS6.2AI score0.00904EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.59 views

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 )

Summary Security vulnerabilities have been discovered in krb5 used with IBM Security Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-4341 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference. By injecting invalid tokens into a...

5CVSS6.6AI score0.07138EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 10:9 p.m.59 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect ProtecTIER

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by ProtecTIER. ProtecTIER has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Details CVEID: CVE-2016-0800...

7.5CVSS8.6AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/21 10:22 p.m.59 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...

9.8CVSS7.4AI score0.14839EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 10:51 a.m.59 views

Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44832 , CVE-2021-45105)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44832...

10CVSS2.6AI score0.99999EPSS
Exploits358Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 4:30 a.m.59 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.5CVSS1.5AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:52 p.m.59 views

Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in the Java runtime

Summary IBM Event Streams affected by multiple vulnerabilities in the Java runtime Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. CVSS Base...

9.8CVSS7.3AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 6:5 p.m.59 views

Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products

Summary Multiple N series products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.2k and 1.1.0d are susceptible to vulnerabilities that could lead to out-of-bound reads, process crashes, Denial of Service DoS attacks, or incorrect...

7.5CVSS7.6AI score0.57595EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:37 p.m.59 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability Details CVEID: CVE-2019-2766 DESCRIPTION: An unspecified vulnerability in Oracle Ja...

5.8CVSS7.1AI score0.09393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/02 12:20 a.m.59 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to Node.js and its modules. Vulnerability Details CVEID: CVE-2021-32804 DESCRIPTION: Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient absolute path sanitization. An attacker could use a...

8.2CVSS0.9AI score0.23132EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/01 2:49 a.m.59 views

Security Bulletin: Vulnerability in IBM HTTP Server used by WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-39275)

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

0.6AI score0.36339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/28 8:41 p.m.59 views

Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore may be affected by vulnerabilities in Python, Tornado. and Urllib3 such as server-side request forgery, HTTP response splitting, buffer overflow, and man-in-the-middle attacks. Vulnerability Details CVEID: CVE-2021-29921...

9.8CVSS1.2AI score0.23293EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/23 1:16 p.m.59 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerabilities CVE-2021-3450 and CVE-2021-3449 Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.50...

7.4CVSS0.9AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:33 p.m.59 views

Security Bulletin: IBM DataPower Gateway may allow a potential DoS when importing malicious ZIP files (CVE-2019-13232)

Summary IBM has addressed CVE-2019-13232 Vulnerability Details CVEID: CVE-2019-13232 DESCRIPTION: Info-ZIP UnZip is vulnerable to a denial of service, caused by mishandling the overlapping of files inside a ZIP container. By persuading a victim to open a specially crafted file, a remote attacker...

3.3CVSS1.8AI score0.00495EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.59 views

Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM DataPower Gateways uses GSKit in certain moduels - namely MQ, ISAM/TAM, JMS. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION:...

4.3CVSS6.3AI score0.23222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/14 9:38 p.m.59 views

Security Bulletin: Multiple CKEditor Vulnerabilities Affect IBM Control Center

Summary Muliple CKEditor vulnerablities affect IBM Control Center. See vulnerability details for descriptions. Vulnerability Details CVEID: CVE-2018-17960 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

6.5CVSS0.9AI score0.04327EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 9:45 p.m.59 views

Security Bulletin: Cloud Pak for Security contains security vulnerabilities

Summary Cloud Pak for Security v 1.6.0.1 and earlier contains security vulnerabilities, addressed in Cloud Pak for Security v 1.7.0.0 Vulnerability Details CVEID: CVE-2020-10543 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the nested regular...

9.8CVSS9.7AI score0.77385EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/05 5:44 a.m.59 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unkno...

9.8CVSS9.5AI score0.18114EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 10:46 a.m.59 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-14422

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-14422 Vulnerability Details CVEID: CVE-2020-14422 DESCRIPTION: Python is vulnerable to a denial of service, caused by improper computing hash values in the IPv4Interface and IPv6Interface classes in Lib/ipaddress.py. By...

5.9CVSS1.9AI score0.12826EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/16 7:51 p.m.59 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: ...

4.3CVSS1.6AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 3:51 p.m.59 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for System z (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that is used by Rational Developer for System z. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPO...

5CVSS0.9AI score0.67234EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.59 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle April 2020 Critical Patch Update minus CVE-2020-2773. The fix for CVE-2020-2773 is targeted for a future release and will be covered by an additional bulletin. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Ja...

8.3CVSS1.4AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/07 5:41 p.m.59 views

Security Bulletin: Third party vulnerable library Jackson-Databind affects IBM Engineering Lifecycle Optimization - Publishing

Summary There are some vulnerabilities in the Jackson-Databind library that affects IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused ...

10CVSS1AI score0.49727EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/29 10:30 a.m.59 views

Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2020-2654)

Summary There is a vulnerability in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. This issue was disclosed as part of the IBM Java SDK updates in January 2020 deferred from Oracle Jan 2020 CPU. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTIO...

6.8CVSS1.3AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/24 2:29 p.m.59 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4449)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

7.5CVSS0.9AI score0.03932EPSS
Exploits0Affected Software20
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/12 8:32 p.m.59 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Spectrum Protect Plus (CVE-2020-1938)

Summary An Apache Tomcat vulnerability which could allow a remote attacker to execute arbitrary code on the system affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS2.2AI score0.9927EPSS
Exploits45Affected Software1
Total number of security vulnerabilities5000