Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/09/17 5:41 p.m.56 views

Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary Aspera Web Applications Shares, Console have addressed the following OpenSSL Vulnerabilities. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the...

7.5CVSS1.3AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/08 10:2 a.m.56 views

Security Bulletin: CVE-2020-1971 vulnerability in OpenSSL may affect IBM Workload Scheduler

Summary OpenSSL vulnerability CVE-2020-1971 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

5.9CVSS0.6AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/16 3:33 p.m.56 views

Security Bulletin: IBM DataPower Gateway vulnerable to a DoS

Summary IBM has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the applicati...

7.5CVSS7.8AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/04 7:48 a.m.56 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by denial of service vulnerability in Java SE (CVE-2020-2654)

Summary IBM Security Privileged Identity Manager has addressed a denial of service vulnerability in Java SE. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause ...

4.3CVSS5.4AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 9:9 p.m.56 views

Security Bulletin: Potential vulnerability with FasterXML jackson-databind

Summary A potential vulnerability has been identified related to FasterXML jackson-databind. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity...

7.5CVSS1.9AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 8:37 p.m.56 views

Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHel...

7.4CVSS1.1AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/14 6:25 p.m.56 views

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Apache Commons ( CVE-2021-29425)

Summary The product includes an older version of Apache Commons that may be identified and exploited with a specially-crafted URL request. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...

5.8CVSS1.8AI score0.10608EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/29 3:32 p.m.56 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in January 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

9.8CVSS2AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/21 8:35 p.m.56 views

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2

Summary BM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this...

7.5CVSS1.7AI score0.07836EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/16 6:32 a.m.56 views

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by OpenSSL vulnerabilities

Summary There are vulnerabilities in OpenSSL used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVEs: CVE-2021-23839, CVE-2021-23840, CVE-2021-23841. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS2.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/19 11:57 a.m.56 views

Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)

Summary An issue was found within cURL libcurl that IBM MQ uses. This issue could affect users of the CCDTURL feature. Vulnerability Details CVEID: CVE-2020-8284 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper validation of FTP PASV...

4.3CVSS1.2AI score0.03851EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/17 2:30 p.m.56 views

Security Bulletin: OpenSSL Vulnerabilities Affect IBM Sterling Connect:Express for UNIX (CVE-2021-3449, CVE-2021-3450)

Summary Security vulnerabilities have been disclosed on 25h March 2021 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is...

7.4CVSS1.1AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/29 11:3 a.m.56 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities

Summary App Connect Enterprise flows may be susceptible to denial of service attacks due to CVE-2020-1971 and CVE-2020-8265 in the Node.js runtime, and all components may be vulnerable to HTTP request smuggling due to CVE-2020-8287. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL ...

8.1CVSS0.7AI score0.16296EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/22 5:30 a.m.57 views

Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There are series of Deserialization of Untrusted Data vulnerabilities and Input Validation vulnerability in various versions of FasterXML jackson-databind that affect Apache Solr. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID: CVE-2020-11620...

9.8CVSS2AI score0.26587EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/09 9:24 a.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Symphony

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 16 and earlier releases used by IBM Spectrum Symphony. IBM Spectrum Symphony has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified...

9.8CVSS1.9AI score0.03625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/01 5:6 p.m.56 views

Security Bulletin: WebSphere MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841

Summary WebSphere MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841 Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection...

7.5CVSS0.8AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/23 3:48 p.m.56 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities (CVE-2020-28851 and CVE-2020-28852)

Summary IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2020-28851 and CVE-2020-28852 with details of each below. Vulnerability Details CVEID: CVE-2020-28851 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u...

7.5CVSS0.6AI score0.02297EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/04 3:24 a.m.56 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control...

7.2CVSS0.7AI score0.0642EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/25 7:56 a.m.56 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.5 ESR + CVE-2020-15683) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF12 + ICAM2019.3.0 - 2020.2.0

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-15683, CVE-2020-15969. Vulnerability Details CVEID: CVE-2020-15683 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the...

9.8CVSS2.6AI score0.0262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/01 9:3 a.m.56 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in Apr 2020. Vulnerability...

8.3CVSS2.2AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/11 8:25 a.m.56 views

Security Bulletin: CVE-2020-1968 vulnerability in OpenSSL may affect IBM Workload Scheduler

Summary OpenSSL vulnerability CVE-2020-1968 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

4.3CVSS0.6AI score0.04803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:52 a.m.56 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Contract Management (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:51 a.m.56 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform (CVE-2020-11023, CVE-2020-11022)

Summary jQuery publicly disclosed vulnerability affects IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote...

6.9CVSS7.1AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/10 10:33 a.m.56 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System

Summary RedHat provided OpenSSL package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failur...

5.9CVSS1.1AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/02 7:50 p.m.56 views

Security Bulletin: IBM Security Directory Suite vulnerable to information disclosure (CVE-2018-15473)

Summary Security vulnerability that could allow a remote attacker to obtain sensitive information, has been fixed and delivered in IBM Security Directory Suite. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused b...

5.3CVSS1.1AI score0.98631EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/28 5:16 p.m.56 views

Security Bulletin: Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues.

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2017-5461 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.8CVSS0.8AI score0.89058EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/06 8:42 p.m.56 views

Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port...

4.7CVSS1.2AI score0.03418EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/01 9:23 p.m.56 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-8203 Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183560 fo...

7.4CVSS1.2AI score0.05213EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/10 5:3 p.m.56 views

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by Rational Software Architect and Rational Software Architect for WebSphere Software. The applicable CVEs have been addressed. Vulnerability Details CVEID: CVE-2015-3193 DESCRIPTION: OpenSS...

7.5CVSS0.9AI score0.44016EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/09 2:56 p.m.56 views

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Summary Apache HTTP Server is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-9490 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when the server tries to HTTP/2 PUSH a resource afterwards. By using a...

7.5CVSS1.2AI score0.89744EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 5:7 p.m.56 views

Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox

Summary Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown...

9.8CVSS0.9AI score0.26587EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/20 2:40 p.m.56 views

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2018-1283, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

Summary There are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when modsession is configured with SessionEnv...

9.8CVSS0.4AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/14 3:2 p.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability ...

6.8CVSS1.9AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/14 11:52 a.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...

9.1CVSS1.1AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/27 8:27 a.m.56 views

Security Bulletin: IBM QRadar Network Security is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729, CVE-2019-11745)

Summary IBM QRadar Network Security is affected by Network Security Services NSS vulnerabilities - 2 issues for nss, nss-softokn, nss-util Vulnerability Details CVEID: CVE-2019-11729 DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by the improperly validation of empty or...

8.8CVSS1AI score0.02994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/03 2:28 p.m.56 views

Security Bulletin: Addressing the Sqlite Vulnerability CVE-2019-16168, CVE-2019-19242 and CVE-2019-19244

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following SQLite vulnerability: Vulnerability Details CVEID: CVE-2019-16168 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by missing validation of a sqlitestat1 sz...

7.5CVSS1.8AI score0.04253EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.56 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL project. OpenSSL is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details CVEID:...

7.5CVSS0.7AI score0.57595EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/04 4:40 p.m.56 views

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products an...

9.8CVSS1.3AI score0.57472EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 4:10 p.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by ITNCM. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java...

4.3CVSS0.8AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluat...

8.1CVSS0.9AI score0.37618EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.56 views

Security Bulletin: IBM i is affected by a vulnerability in OpenSSH (CVE-2018-15473)

Summary OpenSSH is used by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a...

5.3CVSS1.8AI score0.98631EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/02 4:31 p.m.56 views

Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-10086)

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

7.5CVSS2.1AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/05 10:28 p.m.56 views

Security Bulletin: IBM RackSwitch firmware products are affected by TCP denial of service vulnarabilities

Summary The IBM RackSwitch firmware products listed below have addressed the following TCP denial of service vulnerabilities. Vulnerability Details CVEID: CVE-2019-11478 DESCRIPTION: Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel cou...

7.8CVSS1AI score0.98745EPSS
Exploits4Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/05 6:40 p.m.56 views

Security Bulletin: Multiple vulnerabilities in Java affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in Java were disclosed as part of the Java SDK updates in January 2019 that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may...

9.8CVSS0.6AI score0.05074EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/14 11:5 p.m.56 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Cloud Private. IBM Cloud Private has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate yo...

8.4CVSS0.8AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/17 3:32 p.m.56 views

Security Bulletin: IBM Security Privileged Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following a fixpack for IBM Security Privileged Identity Manager in response to CVE-2017-5753 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to...

5.6CVSS0.8AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/04 10:55 a.m.56 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerabilities (CVE-2019-9512, CVE-2019-9514)

Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the net/http library of the Go language that affects all Kubernetes components. These vulnerabilities can result in a denial-of-service attack against a process with an HTTP or HTTPS listener CVE-2019-9512 and...

7.8CVSS0.2AI score0.83433EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/25 7:40 p.m.56 views

Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905)

Summary Multiple vulnerabilities in Open Source VMware affects IBM PureApplication System. IBM PureApplication System has addressed Common Vulnerabilities Exposures CVE-2017-4903, CVE-2017-4904, CVE-2017-4905. Additionally this bulletin includes information about the release of fix for Common...

8.8CVSS1.2AI score0.03157EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/05 6:20 a.m.56 views

Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability

Summary IBM MessageSight/MessageGateway has addressed the following jQuery vulnerability: CVE-2019-11358: jQuery mishandles jQuery.extendtrue, , ... Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper...

6.1CVSS0.9AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/15 8:55 p.m.56 views

Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes

Summary Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes Vulnerability Details CVEID: CVE-2019-4119 DESCRIPTION: IBM Cloud Private Kubernetes API server can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. CVSS Base Score: 3.1 CVSS...

8.1CVSS0.4AI score0.13164EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000