Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2018/06/15 6:59 a.m.•59 views

Security Bulletin: Potential Denial of Service in IBM HTTP Server CVE-2014-0098

Summary Potential Denial of Service in IBM HTTP Server for IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2014-0098 Description: IBM HTTP Server may be vulnerable to a denial of service, caused by certain cookies being logged in the access log. A remote attacker could exploit...

5CVSS6.9AI score0.25999EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:15 a.m.•57 views

Security Bulletin: IBM Cognos Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direc...

9.8CVSS10AI score0.21952EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 2:56 a.m.•57 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities (CVE-2024-38477, CVE-2021-38963, CVE-2024-38475, CVE-2024-38474)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sendi...

9.8CVSS9.6AI score0.99957EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 2:34 a.m.•57 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS9.7AI score0.17673EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 4:6 a.m.•57 views

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...

9.1CVSS6.1AI score0.00975EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:54 a.m.•57 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.2 Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially...

9.8CVSS9.8AI score0.76768EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 10:33 p.m.•57 views

Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...

10CVSS9.9AI score0.97655EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:46 p.m.•57 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-52881)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas fr...

5.5CVSS7.2AI score0.00227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/10/18 1:50 a.m.•57 views

Security Bulletin: Vulnerabilities in GNU Binutils, Bootstrap, PortSmash, Node.js, and libarchive might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...

9.8CVSS9.8AI score0.05941EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/11 8:43 a.m.•57 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-6874 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a...

9.1CVSS7.5AI score0.66594EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 9:54 p.m.•57 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...

7.5CVSS6.8AI score0.60679EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/16 12:6 p.m.•57 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecifie...

7.5CVSS7.2AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/08 3:28 p.m.•57 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to k8s.io/kubernetes ( CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676 )

Summary k8s.io/kubernetes is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676. Vulnerability Details CVEID:CVE-2023-2728 DESCRIPTION: Kubernetes could allow a remote authenticated attacker to bypass security...

8.8CVSS7.3AI score0.11668EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/16 10:4 p.m.•57 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2511, CVE-2024-0727) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-2511, CVE-2024-0727. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

5.9CVSS6.7AI score0.54026EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/10 2:58 p.m.•57 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2021-33631)

Summary This CVE in the OS kernel can affect mounting file-systems Vulnerability Details CVEID:CVE-2021-33631 DESCRIPTION: openEuler is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service...

7.8CVSS5.9AI score0.00371EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/18 12:30 p.m.•57 views

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...

9.8CVSS9.4AI score0.80819EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/28 10:0 p.m.•57 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc [CVE-2024-21626]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc, caused by an internal file descriptor leak CVE-2024-21626. Open Container Initiative runc is part of the gcc utils used by our service runtimes. This...

8.6CVSS8.4AI score0.18087EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/28 10:40 a.m.•57 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git

Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2017-11468 DESCRIPTION: Docker...

9.8CVSS7.8AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/27 10:18 p.m.•57 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality impacts and a timing-based side-channel attack due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and a timing-based side-channel attack CVE-2023-33850 as described in the vulnerabili...

7.5CVSS7.3AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/03/01 11:28 p.m.•57 views

Security Bulletin: Vulnerability in Node.js affects Cloud Pak System [CVE-2023-42282]

Summary Node.js IP package code execution vulnerability affects Cloud Pak System on Power CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw ...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/02/27 4:18 p.m.•57 views

Security Bulletin: Logback is vulnerable to CVE-2023-6481 and CVE-2023-6378 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses logback which is vulnerable to CVE-2023-6481 and CVE-2023-6378. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a deni...

7.5CVSS7AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/02/16 9:57 p.m.•57 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to an attacker uploading arbitrary files and obtaining sensitive information (CVE-2023-45802, CVE-2023-31122)

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to an attacker uploading arbitrary files due to improper validation CVE-2023-45802 and obtaining sensitive information due to an out of bounds read flaw CVE-2023-31122 as described in the vulnerability details section. This...

7.5CVSS7.9AI score0.03024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/02/15 12:43 p.m.•57 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.4CVSS7.3AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/29 2:27 p.m.•57 views

Security Bulletin: Vulnerabilities in node.js affect Cloud Pak Sytem [CVE-2023-28154, CVE-2022-46175, CVE-2022-3517]

Summary Vulnerabilities in react-scripts node.js modules affect Cloud Pak System. Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the...

9.8CVSS9.3AI score0.09304EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/15 12:0 a.m.•57 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2023-22081 and CVE-2023-5676)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cau...

5.9CVSS5.9AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/30 6:45 p.m.•57 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

9.8CVSS10AI score0.87816EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/23 9:30 p.m.•57 views

Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker sending invalid emails. (CVE-2023-27043).

Summary There is a vulnerability in Python used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. An attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected. CVE-2020-23064. This bulletin identifies the security fixes ...

5.3CVSS6.2AI score0.02507EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/25 8:26 p.m.•57 views

Security Bulletin: Vulnerability in CloudPak for Watson AIOps. [CVE-2023-41419]

Summary Gevent vulnerability was addressed in IBM Cloud Pak for Watson AIOps version 4.2.1. CVE-2023-41419 Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using...

9.8CVSS9.6AI score0.01334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/30 4:35 a.m.•57 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to IBM Java SDK (CVE-2022-40609)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow...

9.8CVSS8.9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/25 8:35 a.m.•57 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Application Performance Management products

Summary Apache Log4j is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with...

10CVSS10AI score0.99999EPSS
Exploits359Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/20 6:12 p.m.•57 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload CVE-2023-24998. Apache Commons FileUpload is used by the TS7700 in the Management Interface. IBM Virtualization Engine TS7700 has addressed the applicable CVE. Vulnerability...

7.5CVSS7.9AI score0.46836EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/08 8:42 a.m.•57 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is affected by a tough-cookie Prototype Pollution vulnerability (CVE-2023-26136)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a tough-cookie Prototype Pollution vulnerability with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Salesforce tough-cookie could allow a remote attacker to...

9.8CVSS8.3AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/30 11:5 a.m.•57 views

Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2018-1000632 found in dom4j-1.6.1.jar

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following dom4j-1.6.1.jar vulnerability and updated dom4j.jar file from version 1.6.1 to 2.1.4 Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote...

7.5CVSS7.8AI score0.0657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/30 8:50 a.m.•57 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. For more information please refer to Oracle's July 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:CVE-2023-22045...

3.7CVSS5.7AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/21 9:28 p.m.•57 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Decision Optimization for Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...

10CVSS9.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/16 6:40 p.m.•57 views

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities [CVE-2018-8909, CVE-2021-41100 and CVE-2021-41119]

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2018-8909 DESCRIPTION: Wire App for Android could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../...

9.8CVSS6.7AI score0.01953EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/18 1:9 p.m.•57 views

Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.9 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...

9.8CVSS9.6AI score0.99298EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/23 2:54 p.m.•57 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service due to [CVE-2012-0881], [CVE-2013-4002] and [CVE-2022-23437]

Summary Apache Xerces is not used by IBM App Connect Enterprise Certified Container but was present in an image. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to...

7.8CVSS6.8AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/24 9:39 p.m.•57 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)

Summary IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. Vulnerability Details CVEID:CVE-2023-25930 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a...

5.9CVSS6.3AI score0.00963EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/06 2:11 p.m.•57 views

Security Bulletin: IBM Watson Explorer is affected by a vulnerability in Apache UIMA

Summary IBM Watson Explorer OneWEX and Foundational Components contains a vulnerable version of Apache UIMA. Vulnerability Details CVEID:CVE-2022-32287 DESCRIPTION: Apache UIMA could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied inpu...

7.5CVSS7.3AI score0.01556EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/30 8:1 p.m.•57 views

Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).

Summary IBM Navigator for i and IBM Digital Certificate Manager for i use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Navigat...

6.5CVSS5.6AI score0.00638EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•57 views

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the Apache Tomcat component affect the management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The CLI interface is unaffected. The CVEs are CVE-2016-6796 CVE-2016-6816 CVE-2016-6817. Vulnerability Details CVEID: CVE-2016-6796 DESCRIPTIO...

7.5CVSS8.8AI score0.39633EPSS
Exploits7Affected Software6
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/27 8:8 p.m.•57 views

Security Bulletin: Maximo Application Suite uses jsonwebtoken package which is vulnerable to CVE-2022-23541, CVE-2022-23539, CVE-2022-23529 and CVE-2022-23540

Summary There are four vulnerabilities in jsonwebtoken-8.5.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of ke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/17 7:30 p.m.•57 views

Security Bulletin: Vulnerabilites in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217)

Summary IBM Spectrum Protect Backup-Archive Client can be affected by vulnerabilities in OpenSSL. Vulnerabilities include disclosure of sensitive information and denial of service, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-4450...

7.5CVSS7.6AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•57 views

Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 (CVE-2016-0785 CVE-2016-2162)

Summary Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by IBM® FlashSystem™ 840 and IBM FlashSystem 900 in its Service Assistant GUI. Vulnerability Details CVEID: CVE-2016-0785 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary co...

9CVSS8.1AI score0.08812EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/09 10:24 a.m.•57 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway

Summary There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-22476...

8.8CVSS6.4AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/03 9:23 p.m.•57 views

Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2021-44228, CVE-2021-45105, CVE-2021-45046, CVE2021-4104, CVE-2021-38930, and CVE-2021-38929. Vulnerability Details CVEID:CVE-2021-38930 DESCRIPTION: IBM System Storage DS8000 Management Console H...

10CVSS9.2AI score0.99999EPSS
Exploits356Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 9:26 p.m.•57 views

Security Bulletin: IBM Aspera Orchestrator affected by an Apache HTTP Server vulnerability (CVE-2022-28614)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in the aprwrite function. By reflecting very large...

5.3CVSS7.2AI score0.04428EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:30 p.m.•57 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2022-2048

Summary There is a vulnerability in Eclipse Jetty that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to ...

7.5CVSS7.4AI score0.0227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/12 9:59 p.m.•57 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a Spring framework data binding rules vulnerability, where case sensitive patterns for disallowedFields cause weaker than expected security CVE-2022-22968. Spring Framework is used by some of the java...

5.3CVSS5.6AI score0.05666EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000