Lucene search
K
IbmMost viewed

35730 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:39 p.m.59 views

Security Bulletin: A vulnerability in SQLite affects IBM Security Network Protection (CVE-2015-3416)

Summary A security vulnerability has been discovered in SQLite used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-3416 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by the failure to properly handle precision and width values during floating-point...

7.5CVSS0.8AI score0.05531EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:44 p.m.59 views

Security Bulletin: OpenSSL vulnerabilities in IBM Algo Audit and Compliance (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702)

Summary OpenSSL could allow a remote attacker to obtain sensitive information and denial of service attacks. OpenSSL is used by IBM Algo Audit and Compliance. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when...

10CVSS1.5AI score0.32414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:1 a.m.59 views

IBM WebSphere Cast Iron Security Bulletin: Security vulnerability in IBM JRE 6 and IBM JRE 7

Abstract Security vulnerability exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR15 FP1 and earlier and IBM JRE 7.0 SR6 FP1 and earlier Content VULNERABILITY DETAILS There is a security vulnerability in the IBM Java Runtime Environment used in WebSphere...

4CVSS6.5AI score0.04899EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:37 a.m.58 views

Security Bulletin: Vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi. Vulnerabilities include denial of service, bypass security restrictions, HTTP request smuggling, spyware,...

7.5CVSS8.7AI score0.89955EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:14 a.m.58 views

Security Bulletin: DataStage on Cloud Pak for Data Is Vulnerable to Sensitive Information Disclosure Error (CVE-2022-38714)

Summary A vulnerability in DataStage on Cloud Pak for Data had the potential of exposing database connection details database names, database user-id, database credential to authorized users with Cluster Admin role had they performed remote access to running datastage containers that was processi...

4.9CVSS5AI score0.00589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 2:36 p.m.58 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-9169 DESCRIPTION: GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buff...

10CVSS9.7AI score0.95764EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:11 p.m.58 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Remote Code Execution

Summary IBM Sterling B2B Integrator has addressed the remote code execution vulnerabilty Vulnerability Details CVEID:CVE-2024-31903 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition allow an attacker on the local network to execute arbitrary code on the system, caused by the deserializati...

8.8CVSS7.9AI score0.00968EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 1:51 p.m.58 views

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities

Summary IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate wi...

7.5CVSS6.9AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/27 5:52 p.m.58 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software

Summary Various 3rd party software packages are used by the underlying platform of IBM Cloud Pak for Data. These packages are used for the building of binaries, installation of software and within the provided services. The fixed CVEs are listed below. Vulnerability Details CVEID:CVE-2022-23806...

9.8CVSS10AI score0.10299EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 12:34 a.m.58 views

Security Bulletin: Privilege escalation attack might affect IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilitiy has been addressed. CVE-2023-4623 Vulnerability Details CVEID:CVE-2023-4623 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to...

7.8CVSS8.2AI score0.0029EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/21 4:44 p.m.58 views

Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997

Summary Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997 Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated attacker to execute arbitrary code on the...

7.5CVSS7.6AI score0.00664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/10 2:58 p.m.58 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2021-33631)

Summary This CVE in the OS kernel can affect mounting file-systems Vulnerability Details CVEID:CVE-2021-33631 DESCRIPTION: openEuler is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service...

7.8CVSS5.9AI score0.00371EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 6:34 p.m.58 views

Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904)

Summary IBM Security Guardium has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-43904 DESCRIPTION: IBM Security Guardium could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. CVSS Base score: 7.5 CVSS Temporal...

7.5CVSS7.4AI score0.00666EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 10:19 p.m.58 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is vulnerable to two potential denial of service conditions CVE-2023-44487, CVE-2024-25026 and two instances of weaker than expected security CVE-2023-50312, CVE-2023-46158 due to WebSphere Application Server Liberty. WebSphere Application Server Liberty i...

9.8CVSS8.5AI score0.99999EPSS
Exploits19Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 7:43 a.m.58 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309.

Summary Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-27309 DESCRIPTION: Apache Kafka is vulnerable to a...

7.4CVSS7.3AI score0.01125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:54 p.m.58 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

7.3CVSS7.4AI score0.7795EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 7:17 a.m.58 views

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by ISVG - Identity Manager have multiple vulnerabilities

Summary IBM Security Verify Governance - Identity Manager ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins...

7.5CVSS6.6AI score0.03889EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 9:18 a.m.58 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385,...

9.8CVSS9.6AI score0.51733EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/09 3:50 p.m.58 views

Security Bulletin: Vulnerabilities in Axios, Node.js, VMWare tools, and Linux Kernel might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...

7.8CVSS9.9AI score0.04456EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 7:19 a.m.58 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending...

9.8CVSS8.2AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 4:59 p.m.58 views

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to denial of service due to a flaw in handling multiplexed streams (CVE-2023-44487)

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to denial of service due to a flaw in handling multiplexed streams as described in the vulnerability details section. IBM i has addressed the vulnerability in IBM WebSphere Application Server Liberty with a fix as described ...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.58 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in Libxml2

Summary The following vulnerabilities in Libxml2 have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in...

7.5CVSS1.7AI score0.07836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/30 6:45 p.m.58 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

9.8CVSS10AI score0.87816EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/14 11:7 a.m.58 views

Security Bulletin: IBM Integration Bus is vulnerable to multiple CVEs due to Apache Tomcat.

Summary Due to Apache Tomcat, IBM Integration Bus is vulnerable to multiple CVEs. CVE-2023-45648, CVE-2023-42794, CVE-2023-44487, CVE-2023-42795. Vulnerability Details CVEID: CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP...

7.5CVSS7.2AI score0.99999EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/10 9:46 a.m.58 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-5043, CVE-2023-5044, CVE-2022-4886)

Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/configuration-snippet annotation CVE-2023-5043 or the...

8.8CVSS7.4AI score0.56568EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/03 2:26 p.m.58 views

Security Bulletin: Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak

Summary Golang Go is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2023-29406, CVE-2023-29409. libp2p go-libp2p is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2023-39533. Vulnerability Details CVEID: CVE-2023-29406 DESCRIPTIO...

7.5CVSS7.3AI score0.01328EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/03 2:3 p.m.58 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase.

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. CVE-2023-0466, CVE-2023-0465, CVE-2023-0464, CVE-2023-2650 Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions...

7.5CVSS7.4AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 6:46 a.m.58 views

Security Bulletin: Multiple vulnerabilities in hadoop-hdfs-2.7.3.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in hadoop-hdfs-2.7.3.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-11768 DESCRIPTION: Apache Hadoop is vulnerable to a denial of service,...

8.8CVSS8.4AI score0.06554EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 12:31 p.m.58 views

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

9.1CVSS8.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/21 9:28 p.m.58 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Decision Optimization for Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...

10CVSS9.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:14 p.m.58 views

Security Bulletin: security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-1559)

Summary OpenSSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information,...

5.9CVSS5.8AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:10 p.m.58 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018...

7.8CVSS8AI score0.04513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 6:1 p.m.58 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module i...

9.8CVSS8.1AI score0.02356EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/18 9:8 a.m.58 views

Security Bulletin: Vulnerability in Golang Go could affect IBM CICS TX Advanced [CVE-2023-24538]

Summary CVE-2023-24538 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not properly consider backticks as...

9.8CVSS9.9AI score0.02281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/13 10:18 a.m.58 views

Security Bulletin: IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521, CVE-2013-2165 and CVE-2018-14667]

Summary IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system CVE-2013-4521. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization CVE-2013-2165. IBM Security Verify Governance ...

9.8CVSS9.9AI score0.74171EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/06 2:11 p.m.58 views

Security Bulletin: IBM Watson Explorer is affected by a vulnerability in Apache UIMA

Summary IBM Watson Explorer OneWEX and Foundational Components contains a vulnerable version of Apache UIMA. Vulnerability Details CVEID:CVE-2022-32287 DESCRIPTION: Apache UIMA could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied inpu...

7.5CVSS7.3AI score0.01556EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 2:10 p.m.58 views

Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System

Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...

9.5AI score0.42983EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:17 p.m.58 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...

7.5CVSS7.7AI score0.01395EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.58 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the OpenSSL component affect the management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The CLI interface is unaffected. The CVEs are CVE-2016-2177 CVE-2016-2178 CVE-2016-2183 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306. Vulnerability...

9.8CVSS8AI score0.95707EPSS
Exploits8Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 10:45 a.m.58 views

Security Bulletin: CVE-2022-32149 may affect IBM CICS TX Standard

Summary CVE-2022-32149 related to golang package may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the...

7.5CVSS7.5AI score0.01428EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/20 7:27 a.m.58 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable security bypass due to Google Core Libraries for Java [Guava] (CVE-2020-8908)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Google Core Libraries for Java Guava shipped with product. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory...

3.3CVSS6AI score0.00964EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.58 views

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900

Summary A vulnerability exists in Apache Tomcat to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2018-11784. An exploit of this vulnerability could allow a remote attacker to redirect a user to arbitrary websites. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION:...

4.3CVSS5.3AI score0.94494EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.58 views

Security Bulletin: Four (4) Vulnerabilities in OpenSSL affect IBM FlashSystem 840 and V840 systems ( CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, and CVE-2014-3568)

Summary OpenSSL is a toolkit that implements the Secure Sockets Layer SSL, Transport Layer Security TLS, and Datagram Transport Layer Security DTLS protocols which is used by IBM FlashSystem 840 and V840 systems. OpenSSL had a vulnerability which allowed forceful downgrade of the communication to...

7.1CVSS4AI score0.99999EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 11:41 a.m.58 views

Security Bulletin: IBM Security Guardium Data Encryption is using Components with Known Vulnerabilities (CVE-2022-31129, CVE-2022-24785)

Summary IBM Security Guardium Data Encryption is using components with known vulnerabilities. Please upgrade to latest version of CT-VL having the fixes. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression...

7.5CVSS7.8AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 9:26 p.m.58 views

Security Bulletin: IBM Aspera Orchestrator affected by an Apache HTTP Server vulnerability (CVE-2022-28614)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in the aprwrite function. By reflecting very large...

5.3CVSS7.2AI score0.04428EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:4 p.m.58 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase (CVE-2022-2097, CVE-2022-2068)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information,...

10CVSS8.8AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 10:51 a.m.58 views

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2020-10735)

Summary IBM Security SOAR uses an older version of Python that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 47.2 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2020-10735 DESCRIPTION: Python is...

7.5CVSS7.6AI score0.03213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.58 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could...

8.3CVSS8AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 6:59 p.m.58 views

Security Bulletin: IBM DataPower Gateway potentially affected by CPU side-channel (CVE-2022-21166)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-21166 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup in specific special register write operations in the Memory Mapped I/O MMIO component...

5.5CVSS6.4AI score0.05899EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:46 p.m.58 views

Security Bulletin: IBM Security Guardium is affected by path traversal and crypto vulnerabilities (CVE-2021-29425, CVE-2021-39076)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker coul...

7.5CVSS6.1AI score0.10608EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000