Lucene search
K
IbmMost viewed

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 1:50 a.m.57 views

Security Bulletin: Vulnerabilities in GNU Binutils, Bootstrap, PortSmash, Node.js, and libarchive might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...

9.8CVSS9.8AI score0.05941EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 9:54 p.m.57 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...

7.5CVSS6.8AI score0.60679EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/16 12:6 p.m.57 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecifie...

7.5CVSS7.2AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/16 10:4 p.m.57 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2511, CVE-2024-0727) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-2511, CVE-2024-0727. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

5.9CVSS6.7AI score0.54026EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/18 12:30 p.m.57 views

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...

9.8CVSS9.4AI score0.80819EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/05 3:16 p.m.57 views

Security Bulletin: There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application (CVE-2024-21634)

Summary There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a specially crafted...

7.5CVSS7.5AI score0.0082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/28 10:0 p.m.57 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc [CVE-2024-21626]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc, caused by an internal file descriptor leak CVE-2024-21626. Open Container Initiative runc is part of the gcc utils used by our service runtimes. This...

8.6CVSS8.4AI score0.18087EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/28 10:40 a.m.57 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git

Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2017-11468 DESCRIPTION: Docker...

9.8CVSS7.8AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 10:18 p.m.57 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality impacts and a timing-based side-channel attack due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and a timing-based side-channel attack CVE-2023-33850 as described in the vulnerabili...

7.5CVSS7.3AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 11:28 p.m.57 views

Security Bulletin: Vulnerability in Node.js affects Cloud Pak System [CVE-2023-42282]

Summary Node.js IP package code execution vulnerability affects Cloud Pak System on Power CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw ...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 4:18 p.m.57 views

Security Bulletin: Logback is vulnerable to CVE-2023-6481 and CVE-2023-6378 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses logback which is vulnerable to CVE-2023-6481 and CVE-2023-6378. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a deni...

7.5CVSS7AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 12:43 p.m.57 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.4CVSS7.3AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/29 2:27 p.m.57 views

Security Bulletin: Vulnerabilities in node.js affect Cloud Pak Sytem [CVE-2023-28154, CVE-2022-46175, CVE-2022-3517]

Summary Vulnerabilities in react-scripts node.js modules affect Cloud Pak System. Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the...

9.8CVSS9.3AI score0.09304EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 12:0 a.m.57 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2023-22081 and CVE-2023-5676)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cau...

5.9CVSS5.9AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/23 9:30 p.m.57 views

Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker sending invalid emails. (CVE-2023-27043).

Summary There is a vulnerability in Python used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. An attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected. CVE-2020-23064. This bulletin identifies the security fixes ...

5.3CVSS6.2AI score0.02527EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/30 5:11 p.m.57 views

Security Bulletin: Due to the use of OpenSSL IBM Tivoli Netcool System Service Monitors/Application Service Monitors is vulnerable to a denial of service and security bypass restrictions.

Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors. CVE-2023-2650, CVE-2023-0466 and CVE-2023-0465 Vulnerability Details CVEID: CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly,...

6.5CVSS7.5AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/25 8:26 p.m.57 views

Security Bulletin: Vulnerability in CloudPak for Watson AIOps. [CVE-2023-41419]

Summary Gevent vulnerability was addressed in IBM Cloud Pak for Watson AIOps version 4.2.1. CVE-2023-41419 Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using...

9.8CVSS9.6AI score0.01334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/30 4:35 a.m.57 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to IBM Java SDK (CVE-2022-40609)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow...

9.8CVSS8.9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 8:35 a.m.57 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Application Performance Management products

Summary Apache Log4j is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with...

10CVSS10AI score0.99999EPSS
Exploits359Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/20 6:12 p.m.57 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload CVE-2023-24998. Apache Commons FileUpload is used by the TS7700 in the Management Interface. IBM Virtualization Engine TS7700 has addressed the applicable CVE. Vulnerability...

7.5CVSS7.9AI score0.46836EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 8:7 p.m.57 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2022-43909 DESCRIPTION: IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

8.8CVSS7AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:26 p.m.57 views

Security Bulletin: Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management

Summary BM Spectrum Copy Data Management can be affected by vulnerabilities in Golang Go, openSSH and openJDK. Vulnerabilities include allowing a local attacker to cause high confidentiality impacts, allowing a remote authenticated attacker to cause high and low integrity impacts , allowing a...

9.8CVSS8.5AI score0.76768EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/08 8:42 a.m.57 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is affected by a tough-cookie Prototype Pollution vulnerability (CVE-2023-26136)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a tough-cookie Prototype Pollution vulnerability with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Salesforce tough-cookie could allow a remote attacker to...

9.8CVSS8.3AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/06 5:39 a.m.57 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities (CVE-2023-2454, CVE-2023-2455)

Summary IBM Data Risk Manager IDRM 2.0.6.18, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.19. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

7.2CVSS7.5AI score0.0119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/30 11:5 a.m.57 views

Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2018-1000632 found in dom4j-1.6.1.jar

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following dom4j-1.6.1.jar vulnerability and updated dom4j.jar file from version 1.6.1 to 2.1.4 Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote...

7.5CVSS7.8AI score0.0657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/30 8:50 a.m.57 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. For more information please refer to Oracle's July 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:CVE-2023-22045...

3.7CVSS5.7AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/21 9:28 p.m.57 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Decision Optimization for Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...

10CVSS9.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/17 4:25 a.m.57 views

Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751)

Summary Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc CVE-2020-1751 Vulnerability Details CVEID:CVE-2020-1751 DESCRIPTION: GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling signal...

7CVSS7.1AI score0.00537EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/16 6:40 p.m.57 views

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities [CVE-2018-8909, CVE-2021-41100 and CVE-2021-41119]

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2018-8909 DESCRIPTION: Wire App for Android could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../...

9.8CVSS6.7AI score0.01953EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 6:12 a.m.57 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go

Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...

9.8CVSS9.5AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 1:9 p.m.57 views

Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.9 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...

9.8CVSS9.6AI score0.99298EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 9:40 p.m.57 views

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in snakeYAML

Summary Multiple vulnerabilities in snakeYAML used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending...

9.8CVSS9.5AI score0.99615EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/23 2:54 p.m.57 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service due to [CVE-2012-0881], [CVE-2013-4002] and [CVE-2022-23437]

Summary Apache Xerces is not used by IBM App Connect Enterprise Certified Container but was present in an image. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to...

7.8CVSS6.8AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/22 2:23 p.m.57 views

Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises

Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilities due to which an attacker could exploit this vulnerability to execute arbitrary code on the system and cause the application to crash cause a denial of service condition on the system. This...

9.8CVSS9.3AI score0.14663EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 9:39 p.m.57 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)

Summary IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. Vulnerability Details CVEID:CVE-2023-25930 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a...

5.9CVSS6.3AI score0.00963EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 2:10 p.m.57 views

Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System

Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...

9.5AI score0.42983EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 8:1 p.m.57 views

Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).

Summary IBM Navigator for i and IBM Digital Certificate Manager for i use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Navigat...

6.5CVSS5.6AI score0.00638EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.57 views

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the Apache Tomcat component affect the management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The CLI interface is unaffected. The CVEs are CVE-2016-6796 CVE-2016-6816 CVE-2016-6817. Vulnerability Details CVEID: CVE-2016-6796 DESCRIPTIO...

7.5CVSS8.8AI score0.39633EPSS
Exploits7Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 8:8 p.m.57 views

Security Bulletin: Maximo Application Suite uses jsonwebtoken package which is vulnerable to CVE-2022-23541, CVE-2022-23539, CVE-2022-23529 and CVE-2022-23540

Summary There are four vulnerabilities in jsonwebtoken-8.5.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of ke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/17 7:30 p.m.57 views

Security Bulletin: Vulnerabilites in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217)

Summary IBM Spectrum Protect Backup-Archive Client can be affected by vulnerabilities in OpenSSL. Vulnerabilities include disclosure of sensitive information and denial of service, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-4450...

7.5CVSS7.6AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/09 10:24 a.m.57 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway

Summary There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-22476...

8.8CVSS6.4AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/03 9:23 p.m.57 views

Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2021-44228, CVE-2021-45105, CVE-2021-45046, CVE2021-4104, CVE-2021-38930, and CVE-2021-38929. Vulnerability Details CVEID:CVE-2021-38930 DESCRIPTION: IBM System Storage DS8000 Management Console H...

10CVSS9.2AI score0.99999EPSS
Exploits356Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:30 p.m.57 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2022-2048

Summary There is a vulnerability in Eclipse Jetty that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to ...

7.5CVSS7.4AI score0.0227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.57 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a Spring framework data binding rules vulnerability, where case sensitive patterns for disallowedFields cause weaker than expected security CVE-2022-22968. Spring Framework is used by some of the java...

5.3CVSS5.6AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:19 p.m.57 views

Security Bulletin: IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-42916 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain...

9.8CVSS9.9AI score0.51733EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/02 7:43 p.m.57 views

Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.2 FP2 and 10.4.1 IF15 . There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgradin...

9.8CVSS10AI score0.99677EPSS
Exploits130Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/29 2:5 p.m.57 views

Security Bulletin: There is a vulnerability in moment.js used by IBM QRadar User Behavior Analytics (CVE-2022-24785)

Summary There is a vulnerability in moment.js used by IBM QRadar User Behavior AnalyticsUBA. This vulnerabiliity is addressed in UBA by upgrading to a version of moment.js that resolves the issue. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to...

7.5CVSS7.4AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.57 views

Security Bulletin: WebSphere Application Server Community Edition 3.0.0.3 Oracle CPU April 2013

Abstract Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM WebSphere Application Server Community Edition. Content The IBM WebSphere Application Server Community Edition is shipped with an IBM Java SDK that is based on the Oracle JDK. Oracle has released April...

10CVSS7AI score0.87227EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.57 views

Security Bulletin: IBM Security Network Protection can be affected by Cross-Site Scripting and Symbol Denial of Service vulnerabilities in Ruby on Rails (CVE-2013-1854, CVE-2013-1857, CVE-2013-1855)

Abstract IBM Security Network Protection is affected by multiple vulnerabilities reported in Ruby on Rails. These vulnerabilities include multiple cross-site scripting and denial of service vulnerabilities that could be exploited remotely by an attacker with access to the Local Management Interfa...

5CVSS7.7AI score0.03438EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 8:45 p.m.57 views

Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL

Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling Connect:Enterprise for UNIX. Content VULNERABILITY DETAILS: CVE IDs : CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-461...

9.3CVSS7.2AI score0.54372EPSS
Exploits12Affected Software1
Total number of security vulnerabilities5000