Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:19 p.m.57 views

Security Bulletin: IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-42916 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain...

9.8CVSS9.9AI score0.51733EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/29 2:5 p.m.57 views

Security Bulletin: There is a vulnerability in moment.js used by IBM QRadar User Behavior Analytics (CVE-2022-24785)

Summary There is a vulnerability in moment.js used by IBM QRadar User Behavior AnalyticsUBA. This vulnerabiliity is addressed in UBA by upgrading to a version of moment.js that resolves the issue. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to...

7.5CVSS7.4AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.57 views

Security Bulletin: IBM Security Network Protection can be affected by Cross-Site Scripting and Symbol Denial of Service vulnerabilities in Ruby on Rails (CVE-2013-1854, CVE-2013-1857, CVE-2013-1855)

Abstract IBM Security Network Protection is affected by multiple vulnerabilities reported in Ruby on Rails. These vulnerabilities include multiple cross-site scripting and denial of service vulnerabilities that could be exploited remotely by an attacker with access to the Local Management Interfa...

5CVSS7.7AI score0.03438EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 8:45 p.m.57 views

Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL

Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling Connect:Enterprise for UNIX. Content VULNERABILITY DETAILS: CVE IDs : CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-461...

9.3CVSS7.2AI score0.54372EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 6:54 p.m.58 views

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition January 2015 CPU affect WebSphere Process Server

Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for JavaTechnology Edition updates in January 2015. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple...

5CVSS4AI score0.99999EPSS
Exploits12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 6:50 p.m.57 views

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition April 2015 CPU affect WebSphere Process Server

Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for Java Technology Edition updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

5CVSS6.9AI score0.98685EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 6:44 p.m.57 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Process Server (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary WebSphere Application Server WAS is shipped as a component of WebSphere Process Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. These issues were disclosed as part of the IBM Java SDK updates in January...

5.9CVSS6.5AI score0.05453EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:2 p.m.57 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-10237)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server and User Management Service. Information abo...

6.6AI score0.05119EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:9 a.m.57 views

Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server

Summary There are several vulnerabilities that may affect IBM HTTP Server that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending...

9.8CVSS10AI score0.13335EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 6:34 p.m.57 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2022-21986 DESCRIPTION: Microsoft .Net is vulnerable to a denial of service, caused by a flaw in the Kestrel Web Server. By sending a...

7.8CVSS8.6AI score0.03739EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/18 10:23 p.m.57 views

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products vulnerability due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP componen...

5.3CVSS5.4AI score0.03458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/25 2:51 p.m.57 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22823 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.8CVSS9.5AI score0.04829EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 4:24 a.m.57 views

Security Bulletin: Due to use of Expat, IBM Tivoli Network Manager is vulnerable to arbiraty code execution (CVE-2022-23990 and CVE-2022-23852)

Summary When Expat also known as libexpat is used by IBM Tivoli Network Manager ITNM , it could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XMLGetBuffer function. By sending a specially-crafted request, an attacker could exploit this...

9.8CVSS9.1AI score0.04525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 3:10 p.m.57 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Event Streams (CVE-2022-0778)

Summary There is a vulnerability in the version of OpenSSL used by IBM Event Streams. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted certificat...

7.5CVSS0.7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:9 p.m.57 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to several attack vectors due to its use of Apache Netty (CVE-2021-37136, CVE-2021-37137, CVE-2021-43797)

Summary Several security vulnerablities were found in the Apache Netty library used by several components in IBM Cloud Pak for Multicloud Management Monitoring. Vulnerability Details CVEID: CVE-2021-37136 DESCRIPTION: Netty netty-codec is vulnerable to a denial of service, caused by not allow siz...

7.5CVSS1AI score0.0628EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/23 4:36 p.m.57 views

Security Bulletin: Multiple Java Vulnerabilities Affect IBM Connect:Direct Web Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in May 2019 Vulnerability Details CVE-ID: CVE-2019-10246 Description: Eclipse...

7.5CVSS8.1AI score0.09591EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/22 10:12 p.m.57 views

Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)

Summary Apache Log4j is used by IBM Spectrum LSF Suite and IBM Platform Process Manager as part of its logging infrastructure. These vulnerabilities can be addressed by executing steps detailed in the Workaround section. These issues will be addressed in the next fix patch release 10.2.0.13 by en...

9.8CVSS1.4AI score0.81147EPSS
Exploits13Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.57 views

Security Bulletin: Expat vulnerabilities affect IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses Expat version 2.2.0. IBM Netezza Analytics for NPS has addressed the applicable CVEs by upgrading Expat to version 2.4.7. Vulnerability Details CVEID: CVE-2022-23852 DESCRIPTION: Expat aka libexpat could allow a remote attacker to execute arbitrary code ...

9.8CVSS2.5AI score0.34174EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 10:26 p.m.57 views

Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)

Summary Multiple vulnerabilites in Java SE that could allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...

7.1CVSS1.2AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.57 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IMS™ Enterprise Suite: SOAP Gateway (CVE-2015-4000)

Summary The Logjam Attack on TLSTransport Layer Security connections using the Diffie-Hellman DH key exchange protocol affects IMS™ Enterprise Suite: SOAP Gateway. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive informatio...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 3:16 a.m.57 views

Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics for NPS

Summary GNU binutils is used by IBM Netezza Analytics for NPS. IBM Netezza Analytics for NPS has addressed the applicable CVEs by upgrading GNU binutils to version 2.36. Vulnerability Details CVEID: CVE-2021-20284 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a...

7.8CVSS1.3AI score0.02752EPSS
Exploits32Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/26 12:33 p.m.57 views

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2022-22942 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper file descriptor...

7.8CVSS0.4AI score0.02579EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/12 2:14 p.m.57 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. CVSS Base score: 7.5 CVSS...

9.8CVSS0.9AI score0.88497EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/07 8:42 p.m.57 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21294)

Summary An unspecified vulnerability in Java SE - CVE-2022-21349 related to the 2D component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...

5.3CVSS1.5AI score0.0335EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/04 6:41 p.m.57 views

Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation

Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...

7.4CVSS7.2AI score0.8383EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/29 7:27 p.m.57 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped in IBM WebSphere Application Server Patterns due to Expat vulnerabilities

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server CVE-2022-25313, CVE-2022-25315,...

9.8CVSS7.3AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.57 views

Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server may affect IBM InfoSphere Global Name Management (CVE-2019-4046)

Summary There is a potential denial of service vulnerability in WebSphere Application Server shipped as part of IBM Global Name Management. This also affects IBM InfoSphere Global Name Management Enterprise Name Search installations. Vulnerability Details CVEs: CVE-2019-4046 Link to security...

7.5CVSS1.1AI score0.0322EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/13 11:19 a.m.57 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: ...

5.3CVSS1.6AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 12:15 p.m.57 views

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2022-0235)

Summary IBM App Connect Enterprise ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2022-0235 DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive...

8.8CVSS7.9AI score0.01646EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 8:32 a.m.57 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-44790, CVE-2021-44224)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS0.9AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/01 7:13 p.m.57 views

Security Bulletin: SQL injection vulnerability in PostgreSQL affects IBM Connect:Direct Web Services (CVE-2021-23214)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability "A remote attacker could send specially-crafted SQL statements when the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, which could allow the attacker to...

8.1CVSS8.4AI score0.01901EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/21 8:36 p.m.57 views

Security Bulletin: Predictive Maintenance and Quality and Predictive Maintenance Insights is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832).

Summary IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises are vulnerable to Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832 due to multiple components using Apache Log4j for logging. This has been addressed in each of the components;...

9CVSS0.6AI score0.99999EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/25 7:43 a.m.57 views

Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-30639

Summary IBM UrbanCode Release version 6.2.5.3 - 6.2.5.4 are affected by CVE-2021-30639 Vulnerability Details CVEID: CVE-2021-30639 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper error handling during non-blocking I/O. By sending a specially-crafted request, a...

7.5CVSS7.3AI score0.06889EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 7:45 a.m.57 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-45105, CVE-2021-44832).

Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9CVSS2.8AI score0.99999EPSS
Exploits46Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 4:30 a.m.57 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.5CVSS1.5AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 4:21 a.m.57 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2021-37635 DESCRIPTION: TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in the...

8.8CVSS8.6AI score0.00307EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/29 1:23 p.m.57 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...

9.8CVSS9.3AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/29 6:15 a.m.57 views

Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM License Key Server Administration and Reporting Tool and its Agent

Summary A security vulnerability has been found in the IBM® Runtime Environment Java™ used by IBM License Key Server Administration and Reporting Tool and its Agent. A fix has been published to mitigate the same. Vulnerability Details CVEID: CVE-2021-2369 DESCRIPTION: An unspecified vulnerability...

4.3CVSS5.3AI score0.03444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/16 7:47 p.m.57 views

Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021

Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. Vulnerability Details CVEID: CVE-2021-39134 DESCRIPTION: Node.js @npmcli/arborist module could allow a local attacker to launch a symlink attack, caused by the...

8.2CVSS1.3AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/20 10:8 a.m.57 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940

Summary IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused ...

9.8CVSS1.1AI score0.37286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.57 views

Security Bulletin: Power Systems Firmware is affected by vulnerability in OpenSSL (CVE-2014-0160)

Summary OpenSSL Heartbleed Vulnerability - April 2014 Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability to expose...

7.5CVSS7.3AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/15 10:14 p.m.57 views

Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518)

Summary The libXml2 library used by Identity Insight has a potential use-after-free vulnerability that could be exploited by an attacker using a crafted input file. Vulnerability Details CVEID: CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the...

8.8CVSS8.2AI score0.03653EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.57 views

Security Bulletin: Apache CXF Vulnerability Affects IBM Global Mailbox (CVE-2021-22696)

Summary Security vulnerability have been Identified In Apache CXF library shipped with IBM Global Mailbox. Vulnerability Details CVEID: CVE-2021-22696 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper validation of requesturi parameter by the OAuth 2 authorization...

7.5CVSS0.5AI score0.06593EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/25 4:46 p.m.57 views

Security Bulletin: Vulnerability in RC4 stream cipher affects GPFS V3.5 for Windows (CVE-2015-2808) / Enabling weak cipher suites for IBM General Parallel File System is NOT recommended

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenSSH for GPFS V3.5 for Windows. Additionally, with the recent attention to RC4 “Bar Mitzvah” Attack for SSL/TLS, this is a reminder to NOT enable weak or export-level cipher suites for IBM General Parallel File System GPFS. Vulnerability...

5CVSS4.9AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:52 p.m.57 views

Security Bulletin: IBM DataPower Gateway is potentially vulnerable to two cryptographic side-channel vulnerabilities in SSL.

Summary Side-channel vulnerabilities in SSL CVE-2019-1563, CVE-2019-1547 potentially affect IBM DataPower Gateway Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

4.7CVSS1.1AI score0.03838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/05 9:0 p.m.57 views

Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer.

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in January 2021 . Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified...

9.8CVSS1.5AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/05 5:44 a.m.57 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unkno...

9.8CVSS9.5AI score0.18114EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.57 views

Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

9.3CVSS0.6AI score0.99652EPSS
Exploits9Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/26 9:17 p.m.57 views

Security Bulletin: IBM License Metric Tool v7.2.2 and v7.5 and IBM Tivoli Asset Discovery for Distributed v7.2.2 and v7.5 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on TLS connections (CVE-2014-8730)

Summary TLS protocol support used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed is vulnerable to POODLE TLS attack CVE-2014-8730. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages...

4.3CVSS4.1AI score0.1372EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/13 1:33 p.m.57 views

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2019-0233, CVE-2019-0230 Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a fi...

9.8CVSS1.2AI score0.97399EPSS
Exploits15Affected Software1
Total number of security vulnerabilities5000