Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/01/02 11:59 a.m.137 views

Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System

Summary Vulnerabilities in Golang Go affect Cloud Pak System Software. IBM Cloud Pak System has addresssed vulnerabilities. Vulnerabilities include code execution, HTML injection, denial of service, privilege escalation, P256 Curve unspecified, and obtaining sensitive information as described by...

9.8CVSS9.5AI score0.05623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.137 views

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...

10CVSS9.9AI score0.99999EPSS
Exploits44Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 4:13 p.m.137 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2022-42004. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML...

7.5CVSS7.3AI score0.02656EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/15 2:13 a.m.137 views

Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]

Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Modeler. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execut...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/20 10:43 p.m.137 views

Security Bulletin: IBM MaaS360 Cloud Extender and Modules have various vulnerabilities (CVE-2021-22924, CVE-2021-3712)

Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.106.100.008 and Modules. Vulnerability Details CVEID: CVE-2021-22924 DESCRIPTION: An unspecified error with bad connection reused due to improper path name...

7.4CVSS6.4AI score0.50445EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 1:29 p.m.136 views

Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks (CVE-2023-25690)

Summary Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks. IBM has addressed the relevant vulnerability Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when...

9.8CVSS9.3AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 9:23 a.m.136 views

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to a denial of service due to jackson-databind (CVE-2020-36518)

Summary IBM Integration Bus and IBM App Connect Enterprise are vulnerable to a denial of service due to jackson-databind, caused by a Java StackOverflow exception. The fix includes jackson-databind 2.13.3 Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is...

7.5CVSS7.4AI score0.0486EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.136 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM...

10CVSS1.3AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 2:51 a.m.136 views

Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution CVE-2021-44832 and CVE-2021-45046 and denial of service...

10CVSS1.3AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/19 9:58 p.m.135 views

Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15)

Summary For the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 affecting v2.16 and CVE-2021-45046 affecting v2.15 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION:...

10CVSS9.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 6:30 p.m.135 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)

Summary Spring Framework is used by IBM Watson Explorer Foundational and Analytical Components. IBM Watson Explorer has addressed the applicable CVE CVE-2022-22971, CVE-2022-22968, CVE-2022-22970. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable...

6.5CVSS1AI score0.05666EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 4:44 p.m.135 views

Security Bulletin: AIX is vulnerable to a denial of service due to OpenSSL (CVE-2022-0778)

Summary A vulnerability in OpenSSL could allow a remote attacker to cause a denial of service CVE-2022-0778. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a fla...

7.5CVSS0.8AI score0.70561EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/28 10:2 p.m.134 views

Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary code due to a signal handler race condition. [CVE-2024-6387]

Summary OpenSSH used by IBM i is vulnerable to a remote attacker executing arbitrary code due to a signal handler race condition as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section...

8.1CVSS8.5AI score0.99506EPSS
Exploits68Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 7:54 a.m.134 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]

Summary IBM Sterling Partner Engagement Manager has addressed a Publicly disclosed vulnerability that are published by Apache Commons - Collections v3.2.1 CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/26 6:6 p.m.134 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...

9.8CVSS9.7AI score0.73139EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/15 8:4 p.m.134 views

Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)

Summary IBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgrad...

10CVSS0.7AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.134 views

Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2016-8743)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability in the HTTPD libraries used on the appliance. Vulnerability Details CVEID: CVE-2016-8743 DESCRIPTION: Apache HTTPD is vulnerable to HTTP response splitting attacks, caused by improper validation of user-suppli...

7.5CVSS2.2AI score0.13252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:44 p.m.133 views

Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381) may affect IBM Tivoli Netcool Configuration Manager (ITNCM)

Summary IBM Tivoli Netcool Configuration Manager has addressed the following vulnerability. There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router ODR. This only occurs when the system clock is changed. If the system clock is changed it could cause...

3.3CVSS0.6AI score0.00377EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.132 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-6119) due to OpenSSL

Summary Vulnerability in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-6119. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error...

7.5CVSS7.6AI score0.66594EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:58 a.m.132 views

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server and Apache Portable Runtime: CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2006-20001, and CVE-2022-25147. This has been addressed in...

9.8CVSS9.7AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 6:28 p.m.132 views

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-39275)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-39275 Vulnerability Details CVEID: CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function. By sending specially crafted input, a...

9.8CVSS8.8AI score0.36339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 2:23 p.m.133 views

Security Bulletin: A security vulnerability has been identified in Apache Log4j (CVE-2021-44228) in IBM Maximo Asset Configuration Manager and IBM Maximo for Aviation.

Summary Apache log4j 2 library is used by Build Data Interpreter BDI in IBM Maximo Asset Configuration Manager ACM and IBM Maximo for Aviation Aviation. This bulletin provides a remediation for the Apache log4j 2 vulnerability CVE-2021-44228 Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION...

10CVSS2.1AI score0.99999EPSS
Exploits351Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 4:1 a.m.132 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure Proxy (CVE-2021-44228)

Summary An Apache Log4j vulnerability allowing a remote attacker to execute arbitraty code on the system was addressed by IBM Secure Proxy. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS2AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/21 6:22 p.m.132 views

Security Bulletin: Insecure Transmission Vulnerability with IBM InfoSphere Information Server (CVE-2015-7490)

Summary IBM InfoSphere Information Server could allow a malicious user who can login in IIS using their own user id to change the user cookie to another user id to possibly gain access to information that the other user id had access to. Vulnerability Details CVEID: CVE-2015-7490 DESCRIPTION: IBM...

10CVSS0.5AI score0.97655EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/03 6:50 p.m.132 views

Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2019-4674, CVE-2018-15473, CVE-2019-4675)

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to a remote attacker, user enumeration vulnerability, and hard-coded credentials. Vulnerability Details CVEID: CVE-2019-4674 DESCRIPTION: IBM Security Identity Manager could allow a...

9.8CVSS1.8AI score0.98631EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/08 4:4 p.m.131 views

Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC

Summary Kernel is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation...

8.2CVSS8AI score0.02972EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/11 5:20 p.m.131 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)

Summary Apache Log4j open source library used by IBM® Db2® is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code on the system or cause a denial of service. This library is used by the Db2 Federation feature. The fix for the vulnerability is to updat...

10CVSS10AI score0.99999EPSS
Exploits358Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/14 9:56 a.m.131 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-35618

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Denial of Service attack. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a...

7.5CVSS7.9AI score0.0486EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 8:41 p.m.131 views

Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) shipped with IBM Workload Scheduler

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. Information about security vulnerabilities affecting WAS have been published in security bulletins, and IBM recommends th...

10CVSS0.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:30 p.m.130 views

Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425)

Summary There is a vulnerability in Apache Commons IO that could allow aremote attacker to traverse directories on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425...

5.8CVSS6.5AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 9:49 a.m.130 views

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-3759)

Summary There is a vulnerability in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details CVEID:CVE-2021-3759 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory overflow in the ipc function in the memcg...

5.5CVSS7AI score0.00345EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:4 p.m.130 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Cloud Pak System

Summary Multiple Vulnerabilities have been identified in IBM Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-36090 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large...

7.5CVSS0.5AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/13 10:59 a.m.129 views

Security Bulletin: Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent

Summary APM Linux KVM Agent is vulnerable to Jackson-mapper-asl vulnerabilities described in CVE-2019-10202 and CVE-2019-10172. The fix includes jackson-mapper-asl-1.9.13.jar upgraded to jackson-databind-2.14.0.jar Vulnerability Details CVEID:CVE-2019-10202 DESCRIPTION: Red Hat JBoss Enterprise...

9.8CVSS8.7AI score0.17044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 6:30 a.m.128 views

Security Bulletin: Multiple vulnerabilities in gson-2.2.4.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in gson-2.2.4.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused b...

7.7CVSS7.8AI score0.1158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/29 2:1 p.m.128 views

Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)

Summary Multiple vulnerabilities exist in Zookeeper that are used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Zookeeper and packages that are associated with Zookeeper that resolve the vulnerabilities. Vulnerability Details...

7.5CVSS7.4AI score0.0486EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 12:53 p.m.128 views

Security Bulletin: Due to use of Hibernate Validator version 6.1.2.Final IBM Tivoli Network Manager is vulnerable which allows attackers to bypass input sanitation (escaping, stripping) controls(CVE-2020-10693, CVE-2019-10219).

Summary A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put i...

6.5CVSS0.8AI score0.02294EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:48 a.m.127 views

Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana

Summary Watson Machine Learning Accelerator on Cloud Pak for Data had an internal dependency on Grafana. Grafana dependency is now removed. Grafana component is no longer used or shipped with Watson Machine Learning Accelerator on Cloud Pak for Data. This bulletin identifies the steps to take to...

9.8CVSS9AI score0.68603EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:12 a.m.127 views

Security Bulletin: IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278) Flash

Summary IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not vulnerable to the Bash vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and the two memory corruption vulnerabilities. Vulnerability Details IBM FlashSystem 710, 720,...

10CVSS8.5AI score0.99999EPSS
Exploits158Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 3:44 p.m.126 views

Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to denial of service due to libexpat. This has been addressed. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a use-after free created by overeager...

7.5CVSS7.5AI score0.19433EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 7:56 p.m.126 views

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.4 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-2170 PM56183 DESCRIPTION: WebSphere Application Server could allow a network attacker to obtain sensitive information, caused by...

5.8CVSS7.4AI score0.0388EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 7:2 p.m.126 views

Security Bulletin: CVE-2021-23337

Summary Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command...

7.2CVSS2.6AI score0.2241EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 5:28 p.m.126 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-44228)

Summary IBM Sterling File Gateway is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...

10CVSS2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/09 4:17 p.m.126 views

Security Bulletin: IBM UrbanCode Release is vulnerable to arbitrary code execution due to Apache Log4j( CVE-2021-44228)

Summary IBM UrbanCode Release is impacted by CVE-2021-44228 through the use Apache log4j-1.2 which is part of the logging infrastructure. A logging configuration change can exploit the weakness resulting in unauthorized access to the administrative functions within Settings. An iFix has been...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/01 11:37 a.m.126 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot on Windows (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 1:45 p.m.126 views

Security Bulletin: Rational Test Workbench bundles Rational Performance Tester which is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Rational Test Workbench RTW bundles Rational Performance Tester RPT. The Apache Log4j vulnerability impacts RPT Apache JMeter™ Test Extension. This bulletin addresses the vulnerability by removing Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/29 12:14 a.m.126 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details CVEID: CVE-2021-38951 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0,...

10CVSS10.3AI score0.99999EPSS
Exploits354Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:3 p.m.126 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Websphere Application Server shipped with Tivoli Netcool/Impact. (CVE-2015-4000)

Summary IBM WebSphere Application Server is shipped as a component of Tivoli Netcool Impact . Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. For Tivoli Netcool/Impact version 7.1.0 the shipped archive version of...

4.3CVSS4.3AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.125 views

Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)

Abstract Download update to TS3310 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. Content CVE ID: CVE-2012-2333 DESCRIPTION: OpenSSL versions prior to 1.0.0 do not follow best security practices a...

6.8CVSS7.6AI score0.28154EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/11 8:32 a.m.125 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.125 views

Security Bulletin: Security vulnerability in IBM HTTP Server shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-8743 )

Summary There is a security vulnerability in IBM HTTP Server that is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition. IBM Cloud Orchestrator and IBM HTTP Server have addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-8743 DESCRIPTION: Apache HTTP...

7.5CVSS0.8AI score0.13252EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000