Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•56 views

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900

Summary A vulnerability exists in Apache Tomcat to which the IBM FlashSystemâ„¢ 840 and FlashSystem 900 are susceptible CVE-2018-11784. An exploit of this vulnerability could allow a remote attacker to redirect a user to arbitrary websites. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION:...

4.3CVSS5.3AI score0.94494EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/17 11:41 a.m.•56 views

Security Bulletin: IBM Security Guardium Data Encryption is using Components with Known Vulnerabilities (CVE-2022-31129, CVE-2022-24785)

Summary IBM Security Guardium Data Encryption is using components with known vulnerabilities. Please upgrade to latest version of CT-VL having the fixes. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression...

7.5CVSS7.8AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:4 p.m.•56 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to several no confidentiality exposures due to IBM SDK, Java Technology Edition

Summary IBM SDK, Java Technology Edition is used by CICS TX Advanced to run WebSphere Liberty, Fix Installer and Java based CICS applications. The fix removes the no confidentiality exposure vulnerabilities CVE-2022-21496, CVE-2022-21434 and CVE-2022-21443 from IBM SDK, JTE. Vulnerability Details...

5.3CVSS6.3AI score0.02805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/08 2:22 p.m.•56 views

Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)

Summary IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. Vulnerability Details CVEID:CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain...

5.8CVSS6AI score0.09149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 5:29 p.m.•56 views

Security Bulletin: IBM Aspera Orchestrator was vulnerable to a denial of service attack due to an Apache HTTP Server vulnerability (CVE-2022-30522)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-30522 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service when configured to do transformations with modsed in contexts where the input to modsed may be...

7.5CVSS8.4AI score0.90407EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/17 5:38 p.m.•56 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2018-1996)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS5.3AI score0.01142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 5:31 p.m.•56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could...

8.3CVSS7.7AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 3:9 p.m.•56 views

Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Cloud Application Business Insights (CVE-2021-45105, CVE-2021-45046)

Summary IBM Cloud Application Business Insights ICABI is vulnerable to denial of service due to Apache Log4j CVE-2021-45105 and arbitrary code execution due to Apache Log4j CVE-2021-45046 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS10AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 3:9 p.m.•56 views

Security Bulletin: Vulnerabilities in Java impact IBM Cloud Application Business Insights (CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035)

Summary Vulnerabilities in Java impact IBM Cloud Application Business Insights CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an...

9.8CVSS8.4AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/02 7:43 p.m.•56 views

Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.2 FP2 and 10.4.1 IF15 . There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgradin...

9.8CVSS10AI score0.99677EPSS
Exploits129Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/01 6:28 p.m.•56 views

Security Bulletin: Cloud Pak for Security is affected by but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Summary Cloud Pak for Security CP4S 1.9.1.0 and earlier is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR i...

9.8CVSS9.1AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/28 7:52 p.m.•56 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities

Summary IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities. These components have been updated in the latest release and the vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest...

9.8CVSS9.9AI score0.51733EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/18 2:58 p.m.•56 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Python is used by IBM Robotic Process Automation as part of the NLP command implementation and part of the base container image for Antivirus and OCR services. Vulnerability Details CVEID:CVE-2021-4189 DESCRIPTION: Python could allow a remote attacker to obtain sensitive information, caus...

9.8CVSS10AI score0.23293EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 4:23 a.m.•56 views

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract SONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2011-1248| Important: ca-certificates...

10CVSS0.1AI score0.90734EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 11:13 p.m.•56 views

Security Bulletin: Potential security exposure when using IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK.

Abstract IBM InfoSphere Streams makes use of IBM Java SE Version Version 6 SDK. Potential security exposures exist in IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK. Content VULNERABILITYDETAILS: CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-5081 DESCRIPTION:...

10CVSS8.8AI score0.45113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/23 10:5 p.m.•56 views

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID:CVE-2022-27776 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw when asked to send custom headers or cookies in its HTTP requests. By sendin...

8.1CVSS8.4AI score0.03453EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/23 4:7 p.m.•56 views

Security Bulletin: Due to RPM, AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266)

Summary AIX is vulnerable to arbitrary code execution CVE-2021-20271, RPM database corruption CVE-2021-3421, and denial of service CVE-2021-20266 due to RPM. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2021-20271 DESCRIPTION: RPM could allow a remote attacker to...

7CVSS7.8AI score0.01706EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/22 3:2 a.m.•56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...

9.8CVSS10AI score0.07489EPSS
Exploits2Affected Software15
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/22 3:2 a.m.•56 views

Security Bulletin: Potential security vulnerabilities with JavaTM SDKs

Summary Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Vulnerability Details CVE IDs: CVE-2014-0878 CVE-2014-0457 CVE-2014-2421 CVE-2014-0429...

10CVSS8.2AI score0.10117EPSS
Exploits1Affected Software14
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 3:28 p.m.•56 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service...

9.2AI score0.04829EPSS
Exploits2Affected Software6
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/07 12:8 p.m.•56 views

Security Bulletin: An unspecified vulnerability related to the Networking component found in IBM Java 8.0 which is shipped with IBM® Intelligent Operations Center (CVE-2021-2341)

Summary An unspecified vulnerability related to the Networking component found in IBM Java 8.0 which is shipped with IBM® Intelligent Operations Center. Information about this vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

4.3CVSS5.8AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/31 10:26 a.m.•56 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity...

5.9CVSS6.5AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/08 10:13 a.m.•56 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to OpenSSL CVE-2022-0778

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to OpenSSL CVE-2022-0778 with details below Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...

7.5CVSS7.7AI score0.70561EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/26 7:54 a.m.•56 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF012 and 21.0.3-IF010. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to...

8.2CVSS8.6AI score0.074EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/29 3:17 p.m.•56 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to zlib (CVE-2018-25032)

Summary There is a vulnerability in the zlib library used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable issue. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...

7.5CVSS0.6AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/29 2:19 a.m.•56 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID: CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the AbstractBasicAuthHandler class i...

7.5CVSS1.5AI score0.11586EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/22 10:25 a.m.•56 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2021-41617

Summary OpenSSH is part of the base OS modules in all operand images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container is not directly vulnerable under standard operations, but custom use of the images may be vulnerable to privilege escalation. This...

7CVSS1.6AI score0.02367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/21 4:22 p.m.•56 views

Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35603)

Summary IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

4.3CVSS1.2AI score0.04104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/15 7:7 p.m.•56 views

Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)

Summary Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip. Vulnerability Details CVEID: CVE-2019-20916 DESCRIPTION: pypa pip package for python could...

7.8CVSS1.1AI score0.03028EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/06 6:27 p.m.•56 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Summary Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

9.8CVSS1.1AI score0.99677EPSS
Exploits103Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/03 2:32 p.m.•56 views

Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics

Summary IBM Netezza Analytics uses Log4j version 1.x. IBM Netezza Analytics has addressed the aplicable CVEs Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserializati...

9.8CVSS1.9AI score0.81147EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/27 9:21 a.m.•56 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785 with details below Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper...

7.5CVSS6.8AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/06 9:11 p.m.•56 views

Security Bulletin: Multiple Vulnerabilities in VMware vCenter affect IBM Cloud Pak System

Summary Multiple vulnerabilities in VMware vCenter plugins affect IBM Cloud Pak System. IBM Cloud Pak System in response to the vulnerabilities in VMware vCenter, provides the new release of IBM Cloud Pak System V2.3.3.4, with a new vCenter Image. Vulnerability Details CVEID: CVE-2021-21985...

10CVSS0.9AI score0.99999EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/27 9:58 a.m.•56 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM InfoSphere Master Data Management Server (CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176)

Summary IBM WebSphere Application Server is shipped as a component of IBM InfoSphere Master Data Management Server . Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bullet...

10CVSS2AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/14 4:20 p.m.•56 views

Security Bulletin: Security vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager

Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM SDK, Java Technology Edition have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

7.1CVSS1.8AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/14 3:51 p.m.•56 views

Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation

Summary Multiple vulnerabilities in IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2022-0235 DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when fetching a remote url with Cookie. By sending a...

8.8CVSS1.8AI score0.02899EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/21 11:7 p.m.•56 views

Security Bulletin: IBM InfoSphere Information Server may be vulnerable to various cross-site injection attacks CVE-2019-4727

Summary Potential cross-site injection vulnerabilities were addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4727 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...

0.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/10 5:9 p.m.•56 views

Security Bulletin: IBM Integration Designer is vulnerable to an attacker obtaining sensitive information (CVE-2021-35550, CVE-2021-35603) and denial of service (CVE-2021-35578)

Summary The fix includes a new version of the IBM Runtime Environment Java Versions 7 and 8 that resolve the specified vulnerabilities. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated...

7.1CVSS5.5AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/18 1:39 p.m.•56 views

Security Bulletin: Polkit as used by IBM® QRadar SIEM is vulnerable to privilege escalation (CVE-2021-4034)

Summary There is a privilege escalation vulnerability in Polkit which is used by IBM® QRadar SIEM indirectly as a dependency. Vulnerability Details CVEID: CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect...

7.8CVSS1.7AI score0.94921EPSS
Exploits151Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/17 6:26 p.m.•56 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-33193)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-33193 Vulnerability Details CVEID: CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker could explo...

7.5CVSS7.4AI score0.46179EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/16 4:6 a.m.•56 views

Security Bulletin: Due to use of Apache Log4j, IBM Robotic Process Automation with Automation Anywhere is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary There are vulnerabilities in the Apache Log4j library used by IBM Robotic Process Automation with Automation Anywhere. This affects the IBM Robotic Process Automation with Automation Anywhere control room application. This vulnerability has been addressed by upgrading the Apache Log4j...

10CVSS7.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/21 5:58 a.m.•56 views

Security Bulletin: Vulnerability in Apache Log4j affects the components (Elastic Search and Hadoop) of IBM Financial Crimes Insight for Claims Fraud

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability CVE-2021-44228 by applying the applicable workaround ste...

10CVSS0.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/17 2:2 p.m.•56 views

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics Desktop (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics Desktop. IBM SPSS Statistics Desktop has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/17 1:57 p.m.•56 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects MaaS360 Enterprise Gateway

Summary There is a vulnerability in the Apache Log4j open source library. This library is not used within the MaaS360 Enterprise Gateway code, but is contained within the package of the MaaS360 Enterprise Gateway module. The Enterprise Gateway module is contained within the MaaS360 Cloud Extender...

10CVSS0.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/12/15 6:4 p.m.•56 views

Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by Multiple IBM N Series Products. Below IBM N Series Products have addressed the applicabl...

5CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/11/05 5:17 p.m.•56 views

Security Bulletin:Multiple Security Vulnerabilities fixed in Openssl as shipped with IBM Security Verify products (CVE-2021-3711, CVE-2021-3712)

Summary Security Vulnerabilities found in OpenSSL were fixed in the following products: IBM Security Verify Gateway for Windows Login, IBM Security Verify Bridge for Directory Sync, IBM Security Verify Gateway for RADIUS Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerabl...

9.8CVSS1.2AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/09/23 1:31 a.m.•56 views

Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console

Summary BIND is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9778 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of specific queries when using the nxdomain-redirect feature...

7.5CVSS0.1AI score0.40556EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/09/23 1:31 a.m.•56 views

Security Bulletin: Vulnerabilities in openssl affect Power Hardware Management Console ( CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797)

Summary OpenSSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSL...

10CVSS7.7AI score0.27022EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2021/09/22 11:38 p.m.•56 views

Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)

Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities...

8.8CVSS9.2AI score0.02994EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2021/09/22 11:38 p.m.•56 views

Security Bulletin: Vulnerability in httpd (CVE-2018-17199 and CVE-2018-1301).

Summary The Apache HTTP Server, httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1301 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error after a header size lim...

7.5CVSS0.19994EPSS
Exploits0
Total number of security vulnerabilities5000