Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:45 p.m.57 views

Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM Security Network Active Bypass (CVE-2014-9761, CVE-2015-8778, CVE-2015-8779)

Summary GNU C library glibc vulnerabilities were found that affect IBM Security Network Active Bypass. Vulnerability Details CVEID: CVE-2014-9761 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nan function. By sending an...

9.8CVSS1.5AI score0.05966EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.57 views

Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)

Summary Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. IBM Security Access Manager for...

9.8CVSS2.2AI score0.10238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:19 p.m.57 views

Security Bulletin: Vulnerabilities in Bash affect IBM Security Access Manager for Mobile and IBM Security Access Manager for Web (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM Security Access Manager for Mobile and IBM Security Access Manager...

10CVSS1.7AI score0.99999EPSS
Exploits158Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:17 p.m.57 views

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerabilit...

7.5CVSS0.6AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:45 p.m.57 views

Security Bulletin: Mutiple vulnerabilities in zlib affect IBM ILOG CPLEX Optimization Studio

Summary The gz feature, provided by the open source zlib, is used to decompress files automatically. A denial of service may be caused by four potential vulnerabilities. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds...

9.8CVSS0.7AI score0.07489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:42 p.m.57 views

Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server

Summary Struts vulnerabilities affect IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-4430 DESCRIPTION: Apache Struts is vulnerable to cross-site request forgery, caused by improper validation of...

10CVSS0.9AI score0.9373EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:48 p.m.57 views

Security Bulletin: IBM OpenPages GRC Platform Web Applications are NOT vulnerable to (CVE-2017-9805 , CVE-2017-9804, CVE-2017-9793)

Summary IBM OpenPages GRC Platform Web Applications are NOT vulnerable to Apache Struts 2 vulnerabilities CVE-2017-9805 , CVE-2017-9804 and CVE-2017-9793 Vulnerability Details For more information on Struts 2 vulnerabilities, please consult Apache Security Bulletins CVE-2017-9805 , CVE-2017-9804...

8.1CVSS3.3AI score0.99461EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.57 views

Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)

Summary IBM API Connect has addressed the following vulnerabilities. API Connect Developer Portal is impacted by Drupal vulnerability: Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this...

9.8CVSS7.9AI score0.99993EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 11:52 p.m.56 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary code on the system, caused by a flaw in...

9.3CVSS9.6AI score0.02761EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 9:37 p.m.56 views

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

Summary IBM® Db2® is vulnerable to sensitive information disclosure when using ADMINCMD with IMPORT or EXPORT. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When...

6.8CVSS6.1AI score0.00567EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:21 a.m.56 views

Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA

Summary There are multiple vulnerabilities in PowerSC and PowerSC MFA. Vulnerability Details CVEID:CVE-2023-50939 DESCRIPTION: IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...

9.8CVSS7AI score0.00663EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:0 a.m.56 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...

7.5CVSS7.4AI score0.99019EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:26 a.m.56 views

Security Bulletin: Dashboard of IBM Sterling B2B Integrator is vulnerable to session mismanagment (CVE-2022-22371)

Summary IBM Sterling B2B Integrator has addressed the session mismangement vulnerability in Dashboard. Vulnerability Details CVEID:CVE-2022-22371 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition does not invalidate session after a password change which could allow an authenticated user t...

6.5CVSS6.3AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:39 a.m.56 views

Security Bulletin: This Power System update is being released to address CVE 2022-34331

Summary A security problem for CVE-2022-34331 was addressed where switches configured to monitor network traffic for malicious activity are not effective because of errant adapter configuration changes. The misconfigured adapter can cause network traffic to flow directly between the VFs and not o...

9.8CVSS9AI score0.00465EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/04 2:41 p.m.56 views

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: The...

7.5CVSS7.2AI score0.011EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 9:4 a.m.56 views

Security Bulletin: Vulnerability in nodejs moment.js affect Cloud Pak System [CVE-2022-24785]

Summary Vulnerability in nodejs moment.js affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafte...

7.5CVSS7.4AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 7:30 p.m.56 views

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)

Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID:CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...

8.8CVSS8.2AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/06 2:36 p.m.56 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacke...

8.3CVSS8.8AI score0.99995EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/21 7:22 p.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22081, CVE-2023-22067, and CVE-2023-5676 Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability i...

5.9CVSS5.7AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/05 3:16 p.m.56 views

Security Bulletin: There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application (CVE-2024-21634)

Summary There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a specially crafted...

7.5CVSS7.5AI score0.0082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 3:35 p.m.56 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Storage Scale System

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487 Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

9.8CVSS7.9AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.56 views

Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in the Kernel (CVE-2020-12464)

Summary IBM Flex System switch firmware products have addressed the following Kernel vulnerability. Vulnerability Details CVEID: CVE-2020-12464 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the usbsgcancel functi...

7.2CVSS1.1AI score0.00802EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:31 p.m.56 views

Security Bulletin: OpenSSL vulnerabilities affect IBM Unified Extensible Firmware Interface (UEFI)

Summary IBM System x, Flex and BladeCenter systems have addressed the following OpenSSL vulnerabilities in Unified Extensible Firmware Interface UEFI. Vulnerability Details CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overfl...

5.9CVSS0.4AI score0.83645EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 2:18 p.m.56 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID: CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of...

7.5CVSS6.9AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 4:48 p.m.56 views

Security Bulletin: IBM Security Guardium is affected by a Command injection in CLI vulnerability [CVE-2023-35893]

Summary IBM Security Guardium has addressed these vulnerabilities CVE-2023-35893 Vulnerability Details CVEID: CVE-2023-35893 DESCRIPTION: IBM Security Guardium could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. CVSS Base...

9.9CVSS9.1AI score0.01072EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/30 5:11 p.m.56 views

Security Bulletin: Due to the use of OpenSSL IBM Tivoli Netcool System Service Monitors/Application Service Monitors is vulnerable to a denial of service and security bypass restrictions.

Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors. CVE-2023-2650, CVE-2023-0466 and CVE-2023-0465 Vulnerability Details CVEID: CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly,...

6.5CVSS7.5AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/24 2:32 p.m.56 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-46158)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

9.8CVSS6.9AI score0.00456EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/20 5:7 p.m.56 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.7.3 resolves vulnerabilities reported in the Node.js February 2023 CVE-2023-23918, CVE-2023-23920, CVE-2023-24807, CVE-2023-23936, CVE-2023-23919 and June 2023 CVE-2023-30588, CVE-2023-30589 Security Releases as well as vulnerabilities in Pyth...

7.5CVSS8.4AI score0.08665EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 8:7 p.m.56 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2022-43909 DESCRIPTION: IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

8.8CVSS7AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:29 p.m.56 views

Security Bulletin: Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in cURL libcurl. Vulnerabilities include exploiting the vulnerabilities to reuse a previously created connection even when the GSS delegation, to pass on user name and "telnet options" for the server negotiation, to caus...

9.8CVSS8.7AI score0.02195EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/06 5:39 a.m.56 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities (CVE-2023-2454, CVE-2023-2455)

Summary IBM Data Risk Manager IDRM 2.0.6.18, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.19. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

7.2CVSS7.5AI score0.0119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/17 4:25 a.m.56 views

Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751)

Summary Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc CVE-2020-1751 Vulnerability Details CVEID:CVE-2020-1751 DESCRIPTION: GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling signal...

7CVSS7.1AI score0.00537EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/10 10:22 p.m.56 views

Security Bulletin: IBM InfoSphere Global Name Management Vulnerable to CVE-2023-30441

Summary InfoSphere Global Name Management bundles IBM Java as internal component. A combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. This vulnerability is addressed...

7.5CVSS7.5AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 6:12 a.m.56 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go

Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...

9.8CVSS9.5AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 10:6 a.m.56 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 and 8 applying to IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the issues. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: ...

9.1CVSS8.5AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 9:40 p.m.56 views

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in snakeYAML

Summary Multiple vulnerabilities in snakeYAML used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending...

9.8CVSS9.5AI score0.99615EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 4:41 p.m.56 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to Denial of Service (CVE-2023-2650)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit. By sendin...

6.5CVSS6.9AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:10 p.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018...

7.8CVSS8AI score0.04513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 6:56 p.m.56 views

Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2023-28513)

Summary IBM MQ is affected by a denial of service vulnerability caused by improper message handling. Vulnerability Details CVEID:CVE-2023-28513 DESCRIPTION: IBM MQ, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. CVSS Base score: 5...

7.5CVSS6.5AI score0.00962EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/08 9:56 p.m.56 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

10CVSS9.9AI score0.96032EPSS
Exploits64Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/22 2:23 p.m.56 views

Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises

Summary IBM Engineering Requirements Quality Assistant On-Premises affected by multiple vulnerabilities due to which an attacker could exploit this vulnerability to execute arbitrary code on the system and cause the application to crash cause a denial of service condition on the system. This...

9.8CVSS9.3AI score0.14663EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 9:55 p.m.56 views

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in Apache Hadoop

Summary Multiple vulnerabilities in Apache Hadoop used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an unTarUsingJava function ...

9.8CVSS9.5AI score0.07577EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 3:26 p.m.56 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2022-25901, CVE-2022-24823)

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS7.6AI score0.01546EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 10:2 p.m.56 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® Graph

Summary IBM has released the below fix for IBM Db2® Graph in response to multiple vulnerabilities found in multiple components Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a...

9.8CVSS9.5AI score0.99931EPSS
Exploits56Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 2:17 p.m.56 views

Security Bulletin: Multiple publicly disclosed OpenSSL vulnerabilities affect IBM Safer Payments

Summary OpenSSL is used by IBM Safer Payments as part of all secure network communications. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channe...

7.5CVSS7.9AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 6:0 p.m.56 views

Security Bulletin: Golang Go vulnerability

Summary Golang Go is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By sending a specially-crafted keys, a remote attacker could exploit this...

5.3CVSS6.6AI score0.05623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 5:1 p.m.56 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in zlib (CVE-2022-37434)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in zlib caused by improper bounds checking by inflate in inflate.c. CVE-2022-37434. zlib is included as part of the Base OS used by our service images. Please read the details for...

9.8CVSS9.8AI score0.1593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 2:10 p.m.56 views

Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System

Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...

9.5AI score0.42983EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/16 6:3 p.m.56 views

Security Bulletin: Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management (CVE-2022-41717, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)

Summary Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management. Vulnerabilities include denial of service attacks, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a...

5.3CVSS5.7AI score0.05623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.56 views

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900

Summary A vulnerability exists in Apache Tomcat to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2018-11784. An exploit of this vulnerability could allow a remote attacker to redirect a user to arbitrary websites. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION:...

4.3CVSS5.3AI score0.94494EPSS
Exploits3Affected Software1
Total number of security vulnerabilities5000