Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 4:34 p.m.55 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks in Apache Mina SSHD Common (CVE-2023-48795)

Summary IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks CVE-2023-48795 found in Apache Mina SSHD Common. Apache Mina SSHD Common is used by the Open Source Package Manager feature of IBM i Access Client Solutions when authenticating to the IBM i server...

5.9CVSS6.4AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/11 9:4 p.m.55 views

Security Bulletin: IBM Disconnected Log Collector includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to...

10CVSS8.8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/20 4:10 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.5CVSS7.2AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:43 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/12 7:4 p.m.55 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-20861, CVE-2023-20860]

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework used by InfoSphere Information Server were addressed. CVE-2023-20861, CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...

7.5CVSS7.3AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 9:15 p.m.55 views

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in Grafana (CVE-2023-44487)

Summary Grafana is used by IBM Storage Ceph for visualization of metrics. CVE-2023-44487 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID: CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a...

7.5CVSS9.4AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:42 p.m.55 views

Security Bulletin: Multiple vulnerabilities in containerd may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-25153, CVE-2023-25173)

Summary There are multiple vulnerabilities in containerd used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-25153 DESCRIPTION: containerd is vulnerable to a deni...

7.8CVSS7AI score0.00542EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.55 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only mode. A remote...

7.8CVSS1AI score0.15716EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:31 p.m.55 views

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in GNU C Library

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in GNU C Library. Vulnerability Details CVEID: CVE-2018-6551 DESCRIPTION: GNU glibc could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the malloc...

9.8CVSS1.3AI score0.13614EPSS
Exploits9Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/28 9:53 a.m.55 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)

Summary Red Hat OpenShift on IBM Cloud is affected by security vulnerabilities in the Kubernetes API server that may allow a denial of service attack from unauthenticated clients CVE-2023-39325 and CVE-2023-44487. Vulnerability Details CVEID: CVE-2023-39325 Description: A malicious HTTP/2 client...

7.5CVSS8.2AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 2:39 p.m.55 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to Eclipse Mosquitto.

Summary The built-in MQTT pub/sub broker in IBM App Connect Enterprise and IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto. CVE-2023-5632 Vulnerability Details CVEID: CVE-2023-5632 DESCRIPTION: Eclipse Mosquitto is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.00689EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/27 1:20 p.m.55 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities in components.

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. These have been addressed in the applicable CVEs. CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022,23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493...

9.8CVSS8.7AI score0.81147EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:31 a.m.55 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

5.3CVSS6.2AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 1:16 p.m.55 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to jQuery cross-site scripting (CVE-2020-11022, CVE-2020-11023)

Summary There is a vulnerability in the jQuery OpenSource library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

6.9CVSS6.6AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:26 p.m.55 views

Security Bulletin: Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management

Summary BM Spectrum Copy Data Management can be affected by vulnerabilities in Golang Go, openSSH and openJDK. Vulnerabilities include allowing a local attacker to cause high confidentiality impacts, allowing a remote authenticated attacker to cause high and low integrity impacts , allowing a...

9.8CVSS8.5AI score0.76768EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/06 6:6 p.m.55 views

Security Bulletin: Multiple vulnerabilities in guava-14.0.1.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in guava-14.0.1.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, cause...

5.9CVSS6.6AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 10:25 p.m.55 views

Security Bulletin: Security vulnerabilities identified in IBM DB2 used by IBM Security Verify Governance - Identity Manager

Summary IBM Security Verify Governance - Identity Manager supports IBM DB2 database. See this security bulletin for information about multiple vulnerabilities affecting IBM DB2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

8.8CVSS7.4AI score0.01378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 12:26 p.m.55 views

Security Bulletin: Vulnerability found in ant-1.8.2.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-36373, CVE-2020-11979, CVE-2021-36374, CVE-2012-2098, CVE-2020-1945)

Summary Multiple vulnerabilities have been identified in ant-1.8.2.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS7.8AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:37 a.m.55 views

Security Bulletin: IBM Event Streams is vulnerable to denial of service attacks due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454)

Summary IBM Event Streams is affected by snappy-java vulnerabilities CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a special...

7.5CVSS7.1AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/31 6:46 p.m.55 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-protocol attacks due to sendmail (CVE-2021-3618)

Summary sendmail is used by IBM Robotic Process Automation for Cloud Pak as part of the antivirus container. CVE-2021-3618 Vulnerability Details CVEID:CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol...

7.4CVSS7.4AI score0.02037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 11:2 a.m.55 views

Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center(CVEs - Remediation/Fixes)

Summary BM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

8.8CVSS7.4AI score0.01378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/20 1:25 p.m.55 views

Security Bulletin: IBM Workload Scheduler is potentially affected by multiple vulnerabilities in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Summary IBM Workload Scheduler is potentially affected by Denial of Service and information disclosure attacks due to vulnerabilities found in OpenSSL Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

7.5CVSS7.9AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 5:15 p.m.55 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)

Summary Potential Gnome ibxml2 arbitrary code execution vulnerabilities CVE-2022-40304, CVE-2022-40303 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-40304 DESCRIPTION: Gnome...

7.8CVSS7.8AI score0.22791EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 9:52 p.m.55 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities in Golang Go

Summary Potential vulnerabilities in Golang Go has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-41722 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories ...

7.8CVSS9.4AI score0.05623EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 6:43 a.m.55 views

Security Bulletin: IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component has multiple vulnerabilities

Summary Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. IBM Security Verify Governance, Identity Manager virtual appliance component ships with IBM DB2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS7.4AI score0.01513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/07 9:0 p.m.55 views

Security Bulletin: IBM Planning Analytics Workspace has addressed a vulnerability in GNU zlib (CVE-2022-37434)

Summary IBM Planning Analytics Workspace is vulnerable to a heap-based overlow in GNU zlib . GNU zlib has been upgraded in IBM Planning Analytics Workspace. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checki...

9.8CVSS9.9AI score0.1593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/06 5:35 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.4CVSS6.8AI score0.01523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/23 11:18 p.m.55 views

Security Bulletin: This Power System update is being released to address CVE 2023-30438

Summary An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution o...

9.3CVSS8.8AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 6:53 p.m.55 views

Security Bulletin: A vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2023-30441)

Summary A vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensiti...

7.5CVSS7.2AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 6:19 p.m.55 views

Security Bulletin: IBM MQ Appliance affected by multiple OpenSSL vulnerabilities

Summary IBM MQ Appliance has resolved multiple OpenSSL vulnerabilities CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel...

7.5CVSS7.8AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:50 a.m.55 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41725]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41725 Vulnerability Details CVEID:CVE-2022-41725 DESCRIPTION: Golang Go is...

7.5CVSS8.5AI score0.01231EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 9:36 p.m.55 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. (CVE-2023-27559)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Vulnerability Details CVEID:CVE-2023-27559 DESCRIPTION: IBM Db2 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. CVSS Base...

7.5CVSS6.1AI score0.00946EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/06 2:11 p.m.55 views

Security Bulletin: IBM Watson Explorer affected by vulnerability in OpenSSL.

Summary IBM Watson Explorer Foundational Components contains a vulnerable version of OpenSSL. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioe...

7.5CVSS7.5AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 3:6 p.m.55 views

Security Bulletin: Multiple vulnerabilities in Intel Processors affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Intel Processors affect Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-21123 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomple...

6.5CVSS6.8AI score0.06451EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.55 views

Security Bulletin: Multiple vulnerabilities in Apache Struts affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Open Source Apache Struts vulnerabilities were disclosed in Jun 2016. Struts is used by SAN Volume Controller, Storwize family and FlashSystem V9000 products in their Service Assistant GUI. The CVEs are CVE-2016-4430 CVE-2016-4431 CVE-2016-4433 CVE-2016-4436. Vulnerability Details CVEID:...

9.8CVSS8.8AI score0.10013EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 8:7 p.m.55 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial service CVE-2022-3996, CVE-2023-0401, CVE-2022-4203, CVE-2023-0216, CVE-2023-0215, CVE-2023-0217, CVE-2023-0286, CVE-2022-4450 or obtain sensitive information CVE-2022-4304. OpenSSL is used by AIX as part of AIX's...

7.5CVSS8AI score0.59501EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/16 2:18 p.m.55 views

Security Bulletin: Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in the Linux Kernel. Vulnerabilities include obtaining sensitive information, denial of service, elevation of privileges and remote execution of arbitrary code, as described by the CVEs in the "Vulnerability Details" section...

8.6CVSS8.7AI score0.12746EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 2:58 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM HTTP Server affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server and Apache Portable Runtime: CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2006-20001, and CVE-2022-25147. IBM WebSphere Application...

9.8CVSS8AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 11:56 a.m.55 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2023-21830, CVE-2023-21835, CVE-2023-21843]

Summary Java SE is used by IBM App Connect Enterprise Certified Container by the component that stores DesignerAuthoring flows and by the component that provides mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service...

5.3CVSS5.4AI score0.01836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 1:15 p.m.55 views

Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Standard

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...

7.5CVSS7.3AI score0.02121EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.55 views

Security Bulletin: The IBM FlashSystem 840 product is affected by vulnerabilities in Apache Tomcat

Summary Security vulnerabilities have been discovered in Apache Tomcat Vulnerability Details CVE-ID: CVE-2013-4286, CVE-2013-4322, & CVE-2014-0033 DESCRIPTION: FlashSystem 840 uses Apache Tomcat. FlashSystem 840 runs an Apache Tomcat web server which enables the systems’ browser-based...

5.8CVSS8.9AI score0.16833EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.55 views

Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-2183 could make the system susceptible to...

7.5CVSS7.9AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.55 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to expose sensitive information, execute arbitrary code, perform cross-site scripting, and/or cause a...

8.8CVSS9.3AI score0.1838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 6:7 a.m.55 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center (CVE-2023-23477)

Summary IBM WebSphere Application Server traditional is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...

9.8CVSS6.8AI score0.01949EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 8:45 p.m.55 views

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28615)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28615 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read beyond bounds in apstrcmpmatch when provided with an...

9.1CVSS9.2AI score0.05729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 10:8 p.m.55 views

Security Bulletin: Vulnerability in Node.js affects IBM Voice Gateway

Summary Security Vulnerability in Node.js packages affects IBM Voice Gateway. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an insufficient IsAllowedHost...

8.1CVSS8.3AI score0.14024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 12:42 p.m.55 views

Security Bulletin: IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. (CVE-2022-42436)

Summary An issue was identified with IBM MQ Managed File Transfer where sensitive information was printed within diagnostics files. Vulnerability Details CVEID:CVE-2022-42436 DESCRIPTION: IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files...

4CVSS3.8AI score0.0018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 11:30 a.m.55 views

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service due to protobuf-java core and lite

Summary protobuf-java is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service. CVE-2022-3509, CVE-2022-3171, CVE-2022-3510 Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of...

7.5CVSS6.2AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 5:59 a.m.55 views

Security Bulletin: App Connect Professional is affected by JsonErrorReportValve in Apache Tomcat.

Summary App Connect Professional have addressed the JsonErrorReportValve vulnerability reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or...

7.5CVSS7.3AI score0.02505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/16 7:2 a.m.55 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM Java - Eclipse OpenJ9 is vulnerable to CVE-2022-3676

Summary A flaw in Eclipse OpenJ9 leads to type confusion under certain circumstances, which can be exploited to access or modify memory. This may allow malicious untrusted code to elevate its privileges. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it h...

6.5CVSS6.7AI score0.00589EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000