Lucene search
K
IbmMost viewed

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 4:23 a.m.56 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Rational Business Developer (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" Attach for SSL/TLS affects IBM Rational Business Developer. Vulnerability Details CVE-ID: CVE-2015-2808 Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS0.8AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/25 2:31 p.m.56 views

Security Bulletin: IBM QRadar Network Security has released fixpack in response to the vulnerabilities known as Spectre and Meltdown

Summary IBM has released the following fixpack for IBM QRadar Network Security in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5754 CVEID: CVE-2017-5715 Affected Products and Versions IBM QRadar Network Security 5.4.0...

5.6CVSS3.2AI score0.93838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/10 8:34 a.m.56 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products and...

9.8CVSS0.9AI score0.57472EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:24 a.m.56 views

Security Bulletin: IBM SDN for Virtual Environments is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...

7.5CVSS0.1AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:32 a.m.56 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796 could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop,...

7.5CVSS0.6AI score0.39633EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.56 views

Security Bulletin: Multiple vulnerabilities in Samba affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by IBM SmartCloud Provisioning for IBM Software Virtual Appliance. IBM SmartCloud Provisioning for IBM Software Virtual Appliance has addressed the applicable CVEs including the vulnerability commonly referred to as...

7.5CVSS0.7AI score0.3693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.56 views

Security Bulletin: Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance. Please note product software support discontinuance as per IBM Withdrawal Announcement 916-016. For withdrawal announcement information details see the Reference section below...

7.5CVSS1.2AI score0.0361EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.56 views

Security Bulletin: Vulnerability in GNU C library (glibc) affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance CVE-2015-0235. IBM recommends that you review your entire environment to identify vulnerable releases of the above packages including your...

10CVSS1.2AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:23 a.m.56 views

Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM Rational License Key Server Administration and Reporting Tool

Summary Apache Tomcat is shipped as a component of RLKS Administration and Reporting Tool RLKS ART which contains multiple security vulnerabilities that could potentially impact ART. Vulnerability Details CVEID: CVE-2017-5647 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

9.8CVSS1.1AI score0.99988EPSS
Exploits37Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:2 p.m.56 views

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in bash (CVE-2016-9401, CVE-2016-7543, CVE-2016-0634)

Summary IBM QRadar Network Security has addressed vulnerabilities in bash. Vulnerability Details CVEID: CVE-2016-9401 DESCRIPTION: GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could exploit this vulnerability using a speciall...

8.4CVSS7.7AI score0.06019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:2 p.m.56 views

Security Bulletin: IBM Security Guardium is affected by Using Components with Known vulnerabilities (multiple CVEs)

Summary IBM Security Guardium is affected by Using Components with Known vulnerabilities. IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2014-3584 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received...

10CVSS1.4AI score0.63029EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:45 p.m.56 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Security Network Controller

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacke...

10CVSS1.3AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:44 p.m.56 views

Security Bulletin: Vulnerabilities in Ntp affect IBM Security Identity Governance

Summary Vulnerabilities in Network Time Protocol NTP that is used by IBM Security Identity Governance Vulnerability Details CVEID: CVE-2015-5194 DESCRIPTION: Network Time Protocol NTP is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By...

7.5CVSS1.1AI score0.15081EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.56 views

Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621)

Summary IBM Security Access Manager for Web is affected by denial of service vulnerabilities in Net-SNMP. Vulnerability Details CVEID: CVE-2014-3565 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the "-OQ" option. By...

7.5CVSS1.3AI score0.40002EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:6 p.m.56 views

Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. IBM Tealeaf Customer Experience on Cloud Network Capture Add-On has addressed the applicable CVEs. Multiple...

9.8CVSS1.2AI score0.63029EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.56 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle October 2016 Critical Patch Update Vulnerability Details CVE IDs: CVE-2016-5582 CVE-2016-5568 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 CVE-2016-5554 CVE-2016-5542 DESCRIPTION: This bulletin covers all applicable Java SE CVEs published by Oracle as...

9.6CVSS6.8AI score0.05437EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/02 3:58 p.m.55 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.99019EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 5:12 p.m.55 views

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...

9.8CVSS9.7AI score0.23293EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:11 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.1 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted packages have...

10CVSS10AI score0.01421EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 6:21 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.9.0 Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by...

9.8CVSS10AI score0.62474EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:32 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in Apache Ivy affect IBM Cloud Pak System

Summary Vulnerabilities found in Apache Ivy affect IBM Cloud Pak SystemCVE-2022-46751, CVE-2022-2765,CVE-2022-37866. Vulnerability Details CVEID:CVE-2022-46751 DESCRIPTION: Apache Ivy could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

9.8CVSS7.9AI score0.01855EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 11:48 a.m.55 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2024 and January 2025

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF039 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2023-48161 DESCRIPTION: GifLib Project GifLib could allow a local attacker to obtain sensitive information, caused by a heap-based buff...

9.2CVSS10AI score0.66594EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 7:32 p.m.55 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included

Summary There are multiple vulnerabilities, used by IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-26643 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to page fault...

7.8CVSS9.6AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 9:5 p.m.55 views

Security Bulletin: Operations Dashboard is vulnerable to denial of service due to Go (CVE-2023-24534)

Summary Operations Dashboard is vulnerable to denial of service due to Go CVE-2023-24534 with details below. Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial o...

7.5CVSS8.4AI score0.01888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 11:11 a.m.55 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID: CVE-2024-21011 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. CVSS...

3.7CVSS4.7AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 4:23 p.m.55 views

Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2023-5981 and CVE-2024-0533)

Summary IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. B...

8.3CVSS6.6AI score0.01731EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/10 3:11 a.m.55 views

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387

Summary IBM Data Virtualization on Cloud Pak for Data embeds a variant of the IBM Db2 database server that runs in MPP mode. For MPP functionality such as scale-out, internally the server uses the secure shell SSH protocol for inter-pod communication. SSH protocol is not exposed to external users...

8.1CVSS8.6AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/11 5:24 p.m.55 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)

Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip464 function. By...

9.8CVSS9.5AI score0.02918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/06 4:19 a.m.55 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to security bypass due to PostgreSQL (CVE-2024-0985)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when...

8CVSS8.3AI score0.01465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/24 3:52 p.m.55 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or...

9.8CVSS9.6AI score0.06889EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 2:11 p.m.55 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.17 LTS and 11.5.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.8CVSS8AI score0.99999EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 4:34 p.m.55 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks in Apache Mina SSHD Common (CVE-2023-48795)

Summary IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks CVE-2023-48795 found in Apache Mina SSHD Common. Apache Mina SSHD Common is used by the Open Source Package Manager feature of IBM i Access Client Solutions when authenticating to the IBM i server...

5.9CVSS6.4AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/11 9:4 p.m.55 views

Security Bulletin: IBM Disconnected Log Collector includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to...

10CVSS8.8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 4:24 p.m.55 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow Event Emitters - CVE-2023-51074

Summary IBM Business Automation Workflow Event Emitters are vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a speciall...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/20 4:10 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.5CVSS7.2AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:43 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/12 7:4 p.m.55 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-20861, CVE-2023-20860]

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework used by InfoSphere Information Server were addressed. CVE-2023-20861, CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...

7.5CVSS7.3AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 9:15 p.m.55 views

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in Grafana (CVE-2023-44487)

Summary Grafana is used by IBM Storage Ceph for visualization of metrics. CVE-2023-44487 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID: CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a...

7.5CVSS9.4AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:42 p.m.55 views

Security Bulletin: Multiple vulnerabilities in containerd may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-25153, CVE-2023-25173)

Summary There are multiple vulnerabilities in containerd used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-25153 DESCRIPTION: containerd is vulnerable to a deni...

7.8CVSS7AI score0.00542EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.55 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only mode. A remote...

7.8CVSS1AI score0.15716EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:31 p.m.55 views

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in GNU C Library

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in GNU C Library. Vulnerability Details CVEID: CVE-2018-6551 DESCRIPTION: GNU glibc could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the malloc...

9.8CVSS1.3AI score0.13614EPSS
Exploits9Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/28 9:53 a.m.55 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)

Summary Red Hat OpenShift on IBM Cloud is affected by security vulnerabilities in the Kubernetes API server that may allow a denial of service attack from unauthenticated clients CVE-2023-39325 and CVE-2023-44487. Vulnerability Details CVEID: CVE-2023-39325 Description: A malicious HTTP/2 client...

7.5CVSS8.2AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 2:39 p.m.55 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to Eclipse Mosquitto.

Summary The built-in MQTT pub/sub broker in IBM App Connect Enterprise and IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto. CVE-2023-5632 Vulnerability Details CVEID: CVE-2023-5632 DESCRIPTION: Eclipse Mosquitto is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.00689EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/27 1:20 p.m.55 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities in components.

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. These have been addressed in the applicable CVEs. CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022,23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493...

9.8CVSS8.7AI score0.81147EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:31 a.m.55 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

5.3CVSS6.2AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 1:16 p.m.55 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to jQuery cross-site scripting (CVE-2020-11022, CVE-2020-11023)

Summary There is a vulnerability in the jQuery OpenSource library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

6.9CVSS6.6AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 10:5 p.m.55 views

Security Bulletin: Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023)

Summary Vulnerability with kernel CVE-2023-2269, CVE-2023-34256, OpenJDK CVE-2023-22041 CVE-2023-22043 CVE-2023-22044 CVE-2023-22006 CVE-2023-22045 CVE-2023-22036 CVE-2023-22049, jna-platform 240628 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details...

5.9CVSS6.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/06 6:6 p.m.55 views

Security Bulletin: Multiple vulnerabilities in guava-14.0.1.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in guava-14.0.1.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, cause...

5.9CVSS6.6AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:29 p.m.55 views

Security Bulletin: Vulnerability found in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-46363)

Summary Vulnerability have been identified in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS8.4AI score0.01193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 12:26 p.m.55 views

Security Bulletin: Vulnerability found in ant-1.8.2.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-36373, CVE-2020-11979, CVE-2021-36374, CVE-2012-2098, CVE-2020-1945)

Summary Multiple vulnerabilities have been identified in ant-1.8.2.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS7.8AI score0.12608EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000