Lucene search
K
IbmMost viewed

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/27 1:51 p.m.56 views

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks

Summary XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks DoS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service...

7.5CVSS7AI score0.19653EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/17 5:38 p.m.56 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2018-1996)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS5.3AI score0.01142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could...

8.3CVSS7.7AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 3:9 p.m.56 views

Security Bulletin: Vulnerabilities in Java impact IBM Cloud Application Business Insights (CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035)

Summary Vulnerabilities in Java impact IBM Cloud Application Business Insights CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an...

9.8CVSS8.4AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 3:9 p.m.56 views

Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Cloud Application Business Insights (CVE-2021-45105, CVE-2021-45046)

Summary IBM Cloud Application Business Insights ICABI is vulnerable to denial of service due to Apache Log4j CVE-2021-45105 and arbitrary code execution due to Apache Log4j CVE-2021-45046 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

10CVSS10AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 6:28 p.m.56 views

Security Bulletin: Cloud Pak for Security is affected by but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Summary Cloud Pak for Security CP4S 1.9.1.0 and earlier is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR i...

9.8CVSS9.1AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/28 7:52 p.m.56 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities

Summary IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities. These components have been updated in the latest release and the vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest...

9.8CVSS9.9AI score0.51733EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 2:58 p.m.56 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Python is used by IBM Robotic Process Automation as part of the NLP command implementation and part of the base container image for Antivirus and OCR services. Vulnerability Details CVEID:CVE-2021-4189 DESCRIPTION: Python could allow a remote attacker to obtain sensitive information, caus...

9.8CVSS10AI score0.23293EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.56 views

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract SONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2011-1248| Important: ca-certificates...

10CVSS0.1AI score0.90734EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.56 views

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract SONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013-0587| Moderate: openssl security...

10CVSS7.2AI score0.73364EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.56 views

Security Bulletin: Potential security exposure when using IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK.

Abstract IBM InfoSphere Streams makes use of IBM Java SE Version Version 6 SDK. Potential security exposures exist in IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK. Content VULNERABILITYDETAILS: CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-5081 DESCRIPTION:...

10CVSS8.8AI score0.45113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 10:31 p.m.56 views

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.43

Abstract Cross reference list for security vulnerabilities fixed in WebSphere Application Server Fix Pack 6.1.0.43 Content VULNERABILITY DETAILS: CVE ID:CVE-2011-1376 PM49712 DESCRIPTION: IBM Websphere Application Server, when running on IBM i operating systems, applies insecure permissions to...

9.8CVSS9.7AI score0.0273EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/23 10:5 p.m.56 views

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Summary There are multiple vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID:CVE-2022-27776 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw when asked to send custom headers or cookies in its HTTP requests. By sendin...

8.1CVSS8.4AI score0.03453EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/23 4:7 p.m.56 views

Security Bulletin: Due to RPM, AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266)

Summary AIX is vulnerable to arbitrary code execution CVE-2021-20271, RPM database corruption CVE-2021-3421, and denial of service CVE-2021-20266 due to RPM. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2021-20271 DESCRIPTION: RPM could allow a remote attacker to...

7CVSS7.8AI score0.01706EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...

9.8CVSS10AI score0.07489EPSS
Exploits2Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service...

9.2AI score0.04829EPSS
Exploits2Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/07 12:8 p.m.56 views

Security Bulletin: An unspecified vulnerability related to the Networking component found in IBM Java 8.0 which is shipped with IBM® Intelligent Operations Center (CVE-2021-2341)

Summary An unspecified vulnerability related to the Networking component found in IBM Java 8.0 which is shipped with IBM® Intelligent Operations Center. Information about this vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

4.3CVSS5.8AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/31 10:26 a.m.56 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity...

5.9CVSS6.5AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 11:39 p.m.56 views

Security Bulletin: Vulnerability in Fabric OS firmware used by IBM b-type SAN directors and switches.

Summary Public disclosed vulnerability from OpenSSL in the Fabric OS FOS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By usi...

7.5CVSS7.7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/08 10:13 a.m.56 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to OpenSSL CVE-2022-0778

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to OpenSSL CVE-2022-0778 with details below Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...

7.5CVSS7.7AI score0.70561EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 10:49 a.m.56 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

7.1CVSS7AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 7:54 a.m.56 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF012 and 21.0.3-IF010. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to...

8.2CVSS8.6AI score0.074EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 3:17 p.m.56 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to zlib (CVE-2018-25032)

Summary There is a vulnerability in the zlib library used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable issue. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...

7.5CVSS0.6AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/22 10:25 a.m.56 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2021-41617

Summary OpenSSH is part of the base OS modules in all operand images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container is not directly vulnerable under standard operations, but custom use of the images may be vulnerable to privilege escalation. This...

7CVSS1.6AI score0.02367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/21 4:22 p.m.56 views

Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35603)

Summary IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

4.3CVSS1.2AI score0.04104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/06 6:27 p.m.56 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Summary Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

9.8CVSS1.1AI score0.99677EPSS
Exploits104Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/27 9:21 a.m.56 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785 with details below Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper...

7.5CVSS6.8AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.56 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM InfoSphere Master Data Management Server (CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176)

Summary IBM WebSphere Application Server is shipped as a component of IBM InfoSphere Master Data Management Server . Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bullet...

10CVSS2AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/14 4:20 p.m.56 views

Security Bulletin: Security vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager

Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM SDK, Java Technology Edition have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

7.1CVSS1.8AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/21 11:7 p.m.56 views

Security Bulletin: IBM InfoSphere Information Server may be vulnerable to various cross-site injection attacks CVE-2019-4727

Summary Potential cross-site injection vulnerabilities were addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4727 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...

0.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/12 1:53 a.m.56 views

Security Bulletin: Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery can affect IBM Spectrum Copy Data Management. Vulnerabilities include elevated privileges, SQL injection, obtaining sensitive information, cross-site scripting, and man-in-the-middle attacks. Vulnerability Details CVEID:...

8.1CVSS8AI score0.94921EPSS
Exploits157Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/10 5:9 p.m.56 views

Security Bulletin: IBM Integration Designer is vulnerable to an attacker obtaining sensitive information (CVE-2021-35550, CVE-2021-35603) and denial of service (CVE-2021-35578)

Summary The fix includes a new version of the IBM Runtime Environment Java Versions 7 and 8 that resolve the specified vulnerabilities. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated...

7.1CVSS5.5AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:59 p.m.56 views

Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)

Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote...

5.9CVSS5.9AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 1:39 p.m.56 views

Security Bulletin: Polkit as used by IBM® QRadar SIEM is vulnerable to privilege escalation (CVE-2021-4034)

Summary There is a privilege escalation vulnerability in Polkit which is used by IBM® QRadar SIEM indirectly as a dependency. Vulnerability Details CVEID: CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect...

7.8CVSS1.7AI score0.94921EPSS
Exploits151Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 6:26 p.m.56 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-33193)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-33193 Vulnerability Details CVEID: CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker could explo...

7.5CVSS7.4AI score0.46179EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/16 4:6 a.m.56 views

Security Bulletin: Due to use of Apache Log4j, IBM Robotic Process Automation with Automation Anywhere is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary There are vulnerabilities in the Apache Log4j library used by IBM Robotic Process Automation with Automation Anywhere. This affects the IBM Robotic Process Automation with Automation Anywhere control room application. This vulnerability has been addressed by upgrading the Apache Log4j...

10CVSS7.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:58 a.m.56 views

Security Bulletin: Vulnerability in Apache Log4j affects the components (Elastic Search and Hadoop) of IBM Financial Crimes Insight for Claims Fraud

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability CVE-2021-44228 by applying the applicable workaround ste...

10CVSS0.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 2:2 p.m.56 views

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics Desktop (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics Desktop. IBM SPSS Statistics Desktop has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS1.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 1:57 p.m.56 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects MaaS360 Enterprise Gateway

Summary There is a vulnerability in the Apache Log4j open source library. This library is not used within the MaaS360 Enterprise Gateway code, but is contained within the package of the MaaS360 Enterprise Gateway module. The Enterprise Gateway module is contained within the MaaS360 Cloud Extender...

10CVSS0.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/05 5:17 p.m.56 views

Security Bulletin:Multiple Security Vulnerabilities fixed in Openssl as shipped with IBM Security Verify products (CVE-2021-3711, CVE-2021-3712)

Summary Security Vulnerabilities found in OpenSSL were fixed in the following products: IBM Security Verify Gateway for Windows Login, IBM Security Verify Bridge for Directory Sync, IBM Security Verify Gateway for RADIUS Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerabl...

9.8CVSS1.2AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.56 views

Security Bulletin: Vulnerabilities in openssl affect Power Hardware Management Console ( CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797)

Summary OpenSSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSL...

10CVSS7.7AI score0.27022EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:38 p.m.56 views

Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)

Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities...

8.8CVSS9.2AI score0.02994EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/17 5:41 p.m.56 views

Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary Aspera Web Applications Shares, Console have addressed the following OpenSSL Vulnerabilities. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the...

7.5CVSS1.3AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/16 3:33 p.m.56 views

Security Bulletin: IBM DataPower Gateway vulnerable to a DoS

Summary IBM has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the applicati...

7.5CVSS7.8AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/04 7:48 a.m.56 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by denial of service vulnerability in Java SE (CVE-2020-2654)

Summary IBM Security Privileged Identity Manager has addressed a denial of service vulnerability in Java SE. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause ...

4.3CVSS5.4AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 8:37 p.m.56 views

Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHel...

7.4CVSS1.1AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/14 6:25 p.m.56 views

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Apache Commons ( CVE-2021-29425)

Summary The product includes an older version of Apache Commons that may be identified and exploited with a specially-crafted URL request. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...

5.8CVSS1.8AI score0.10608EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/29 3:32 p.m.56 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in January 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

9.8CVSS2AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/21 8:35 p.m.56 views

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2

Summary BM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this...

7.5CVSS1.7AI score0.07836EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 12:42 a.m.56 views

Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures

Summary IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures CVE-2020-15095, CVE-2020-8116, CVE-2020-8201 and CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION:...

7.8CVSS1.6AI score0.05093EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000