Lucene search
K
IbmMost viewed

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:9 p.m.57 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to several attack vectors due to its use of Apache Netty (CVE-2021-37136, CVE-2021-37137, CVE-2021-43797)

Summary Several security vulnerablities were found in the Apache Netty library used by several components in IBM Cloud Pak for Multicloud Management Monitoring. Vulnerability Details CVEID: CVE-2021-37136 DESCRIPTION: Netty netty-codec is vulnerable to a denial of service, caused by not allow siz...

7.5CVSS1AI score0.0628EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:19 a.m.57 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class i...

7.5CVSS1.5AI score0.11586EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/22 10:12 p.m.57 views

Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)

Summary Apache Log4j is used by IBM Spectrum LSF Suite and IBM Platform Process Manager as part of its logging infrastructure. These vulnerabilities can be addressed by executing steps detailed in the Workaround section. These issues will be addressed in the next fix patch release 10.2.0.13 by en...

9.8CVSS1.4AI score0.81147EPSS
Exploits13Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/15 7:7 p.m.57 views

Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)

Summary Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip. Vulnerability Details CVEID: CVE-2019-20916 DESCRIPTION: pypa pip package for python could...

7.8CVSS1.1AI score0.03028EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.57 views

Security Bulletin: Expat vulnerabilities affect IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses Expat version 2.2.0. IBM Netezza Analytics for NPS has addressed the applicable CVEs by upgrading Expat to version 2.4.7. Vulnerability Details CVEID: CVE-2022-23852 DESCRIPTION: Expat aka libexpat could allow a remote attacker to execute arbitrary code ...

9.8CVSS2.5AI score0.34174EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.57 views

Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics

Summary IBM Netezza Analytics uses Log4j version 1.x. IBM Netezza Analytics has addressed the aplicable CVEs Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserializati...

9.8CVSS1.9AI score0.81147EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 10:26 p.m.57 views

Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)

Summary Multiple vulnerabilites in Java SE that could allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...

7.1CVSS1.2AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.57 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IMS™ Enterprise Suite: SOAP Gateway (CVE-2015-4000)

Summary The Logjam Attack on TLSTransport Layer Security connections using the Diffie-Hellman DH key exchange protocol affects IMS™ Enterprise Suite: SOAP Gateway. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive informatio...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/26 12:33 p.m.57 views

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2022-22942 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper file descriptor...

7.8CVSS0.4AI score0.02579EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/07 8:42 p.m.57 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21294)

Summary An unspecified vulnerability in Java SE - CVE-2022-21349 related to the 2D component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...

5.3CVSS1.5AI score0.0335EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/06 9:11 p.m.57 views

Security Bulletin: Multiple Vulnerabilities in VMware vCenter affect IBM Cloud Pak System

Summary Multiple vulnerabilities in VMware vCenter plugins affect IBM Cloud Pak System. IBM Cloud Pak System in response to the vulnerabilities in VMware vCenter, provides the new release of IBM Cloud Pak System V2.3.3.4, with a new vCenter Image. Vulnerability Details CVEID: CVE-2021-21985...

10CVSS0.9AI score0.99999EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/29 7:27 p.m.57 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped in IBM WebSphere Application Server Patterns due to Expat vulnerabilities

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server CVE-2022-25313, CVE-2022-25315,...

9.8CVSS7.3AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.57 views

Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server may affect IBM InfoSphere Global Name Management (CVE-2019-4046)

Summary There is a potential denial of service vulnerability in WebSphere Application Server shipped as part of IBM Global Name Management. This also affects IBM InfoSphere Global Name Management Enterprise Name Search installations. Vulnerability Details CVEs: CVE-2019-4046 Link to security...

7.5CVSS1.1AI score0.0322EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/14 3:51 p.m.57 views

Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation

Summary Multiple vulnerabilities in IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2022-0235 DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when fetching a remote url with Cookie. By sending a...

8.8CVSS1.8AI score0.02899EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/13 11:19 a.m.57 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: ...

5.3CVSS1.6AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 12:15 p.m.57 views

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2022-0235)

Summary IBM App Connect Enterprise ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2022-0235 DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive...

8.8CVSS7.9AI score0.01646EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 8:32 a.m.57 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-44790, CVE-2021-44224)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS0.9AI score0.97108EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/01 7:13 p.m.57 views

Security Bulletin: SQL injection vulnerability in PostgreSQL affects IBM Connect:Direct Web Services (CVE-2021-23214)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability "A remote attacker could send specially-crafted SQL statements when the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, which could allow the attacker to...

8.1CVSS8.4AI score0.01901EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/21 8:36 p.m.57 views

Security Bulletin: Predictive Maintenance and Quality and Predictive Maintenance Insights is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832).

Summary IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises are vulnerable to Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832 due to multiple components using Apache Log4j for logging. This has been addressed in each of the components;...

9CVSS0.6AI score0.99999EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/25 7:43 a.m.57 views

Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-30639

Summary IBM UrbanCode Release version 6.2.5.3 - 6.2.5.4 are affected by CVE-2021-30639 Vulnerability Details CVEID: CVE-2021-30639 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper error handling during non-blocking I/O. By sending a specially-crafted request, a...

7.5CVSS7.3AI score0.06889EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 7:45 a.m.57 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-45105, CVE-2021-44832).

Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9CVSS2.8AI score0.99999EPSS
Exploits46Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 6:4 p.m.57 views

Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by Multiple IBM N Series Products. Below IBM N Series Products have addressed the applicabl...

5CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/11 12:37 a.m.57 views

Security Bulletin: Vulnerabilities in XStream affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in XStream, such as execution of arbitrary code, server-side request forgery, denial of service, bypassing security restrictions, and deletion of arbitrary files, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2020-26217 DESCRIPTION: XStream...

9.9CVSS9.3AI score0.98124EPSS
Exploits38Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/29 1:23 p.m.57 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...

9.8CVSS9.3AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/16 7:47 p.m.57 views

Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021

Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. Vulnerability Details CVEID: CVE-2021-39134 DESCRIPTION: Node.js @npmcli/arborist module could allow a local attacker to launch a symlink attack, caused by the...

8.2CVSS1.3AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/20 10:8 a.m.57 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940

Summary IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused ...

9.8CVSS1.1AI score0.37286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.57 views

Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console

Summary BIND is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9778 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of specific queries when using the nxdomain-redirect feature...

7.5CVSS0.1AI score0.40556EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/08 10:2 a.m.57 views

Security Bulletin: CVE-2020-1971 vulnerability in OpenSSL may affect IBM Workload Scheduler

Summary OpenSSL vulnerability CVE-2020-1971 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

5.9CVSS0.6AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 9:9 p.m.57 views

Security Bulletin: Potential vulnerability with FasterXML jackson-databind

Summary A potential vulnerability has been identified related to FasterXML jackson-databind. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity...

7.5CVSS1.9AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.57 views

Security Bulletin: Apache CXF Vulnerability Affects IBM Global Mailbox (CVE-2021-22696)

Summary Security vulnerability have been Identified In Apache CXF library shipped with IBM Global Mailbox. Vulnerability Details CVEID: CVE-2021-22696 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper validation of requesturi parameter by the OAuth 2 authorization...

7.5CVSS0.5AI score0.06593EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/25 4:46 p.m.57 views

Security Bulletin: Vulnerability in RC4 stream cipher affects GPFS V3.5 for Windows (CVE-2015-2808) / Enabling weak cipher suites for IBM General Parallel File System is NOT recommended

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenSSH for GPFS V3.5 for Windows. Additionally, with the recent attention to RC4 “Bar Mitzvah” Attack for SSL/TLS, this is a reminder to NOT enable weak or export-level cipher suites for IBM General Parallel File System GPFS. Vulnerability...

5CVSS4.9AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/16 6:32 a.m.57 views

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by OpenSSL vulnerabilities

Summary There are vulnerabilities in OpenSSL used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVEs: CVE-2021-23839, CVE-2021-23840, CVE-2021-23841. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS2.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/05 9:0 p.m.57 views

Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer.

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in January 2021 . Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified...

9.8CVSS1.5AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/05 5:44 a.m.57 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unkno...

9.8CVSS9.5AI score0.18114EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/29 11:3 a.m.57 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities

Summary App Connect Enterprise flows may be susceptible to denial of service attacks due to CVE-2020-1971 and CVE-2020-8265 in the Node.js runtime, and all components may be vulnerable to HTTP request smuggling due to CVE-2020-8287. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL ...

8.1CVSS0.7AI score0.16296EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.57 views

Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

9.3CVSS0.6AI score0.99652EPSS
Exploits9Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/26 9:17 p.m.57 views

Security Bulletin: IBM License Metric Tool v7.2.2 and v7.5 and IBM Tivoli Asset Discovery for Distributed v7.2.2 and v7.5 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on TLS connections (CVE-2014-8730)

Summary TLS protocol support used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed is vulnerable to POODLE TLS attack CVE-2014-8730. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages...

4.3CVSS4.1AI score0.1372EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/13 1:33 p.m.57 views

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2019-0233, CVE-2019-0230 Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a fi...

9.8CVSS1.2AI score0.97399EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/16 6:52 a.m.57 views

Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-13434, CVE-2020-13435)

Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Vulnerability Details CVEID: CVE-2020-13435 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a...

5.5CVSS3.1AI score0.01013EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/05 2:57 p.m.57 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by TPF Toolkit. TPF Toolkit has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

9.8CVSS1.4AI score0.02245EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:51 a.m.57 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform (CVE-2020-11023, CVE-2020-11022)

Summary jQuery publicly disclosed vulnerability affects IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote...

6.9CVSS7.1AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/20 8:41 p.m.57 views

Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-5408 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to obtain...

9.8CVSS1.2AI score0.99019EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/10 10:27 a.m.57 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System

Summary RedHat provided BIND package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-5744 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a failure to free memory when...

7.5CVSS0.9AI score0.037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/30 4:18 p.m.57 views

Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet with...

8.2CVSS0.5AI score0.04071EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/30 1:43 p.m.57 views

Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13935)

Summary Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper...

7.5CVSS0.6AI score0.87553EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/09 2:56 p.m.57 views

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Summary Apache HTTP Server is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-9490 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when the server tries to HTTP/2 PUSH a resource afterwards. By using a...

7.5CVSS1.2AI score0.89744EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/06 6:27 p.m.57 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-10086)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in t...

7.5CVSS2.1AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/03 10:56 p.m.57 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Protect Plus (CVE-2020-10531, CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)

Summary Node.js is vulnerable to buffer overflows, bypass of security restrictions, and denial of service which may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C++ is vulnerable to a heap-based buffer...

9.3CVSS1.6AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/28 1:36 p.m.57 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2020-1927, CVE-2020-1934)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about security vulnerabilities affecting IBM HTTP Server,...

1AI score0.56691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.57 views

Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL

Summary A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Sterling Connect:Express for UNIX. Vulnerability Details CVE ID: CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576...

7.6CVSS2.4AI score0.48298EPSS
Exploits15Affected Software1
Total number of security vulnerabilities5000