Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 3:21 p.m.55 views

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager v4.2 (CVE-2022-21299).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager v4.2, which was disclosed in the Oracle January 2022 Critical Patch Update, but deferred until the release associated with the August 2022 Update. Vulnerability Details...

5.3CVSS5.2AI score0.03458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 4:9 p.m.55 views

Security Bulletin: IBM Security Verify Governance is vulnerable to denial of service and cross-site scripting due to use of jsoup (CVE-2021-37714, CVE-2015-6748)

Summary IBM Security Verify Governance uses jsoup which is vulnerable to denial of service and cross-site scripting by a remote attacker, caused by improper input validation CVE-2021-37714, CVE-2015-6748. The fix includes upgrading the jsoup jar to the patched version. Vulnerability Details...

7.5CVSS7AI score0.06873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 3:9 p.m.55 views

Security Bulletin: Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-21496, CVE-2022-21434, CVE-2022-21443, CVE-2022-22475, CVE-2022-22476, CVE-2022-21540 & CVE-2022-21541

Summary Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-21496, CVE-2022-21434, CVE-2022-21443, CVE-2022-22475, CVE-2022-22476, CVE-2022-21540 & CVE-2022-21541 Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An...

8.8CVSS7.2AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/23 10:36 a.m.55 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...

5.4CVSS5.9AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/24 2:37 p.m.55 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)

Summary IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. Vulnerability Details CVEID:CVE-2022-35637 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of servic...

6.5CVSS6.7AI score0.0104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/07 4:12 p.m.55 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to arbitrary code execution due to CVE-2022-22721

Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to arbitrary code execution. This bulletin provides patch informatio...

9.1CVSS9.9AI score0.41861EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 2:46 p.m.55 views

Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to no confidentiality impact, high integrity impact, and no availability impact (CVE-2021-2163)

Summary IBM TXSeries for Multiplatforms could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. The fix removes this vulnerability CVE-2021-2163 from IBM TXSeries for Multiplatforms. Vulnerability Details CVEID:CVE-2021-2163...

5.3CVSS5.4AI score0.03566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.55 views

Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161)

Abstract Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 Content VULNERABILITY DETAILS – Directory Traversal CVE ID: CVE-2012-0186 DESCRIPTION: Specially crafted URLs can be sent to the Eclipse Help component of IBM Sales Center for...

5.8CVSS8.6AI score0.05219EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.55 views

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract SONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013-0587| Moderate: openssl security...

10CVSS7.2AI score0.73364EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.55 views

Security Bulletin: Potential Security exposure in IBM HTTP Server CVE-2013-1862 PM87808

Abstract Potential Security exposure in IBM HTTP Server for WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-1862 DESCRIPTION: IBM HTTP Server optional modrewrite module does not properly filter terminal escape sequences from logs, which could make it easier for a remot...

5.1CVSS6.7AI score0.24886EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 10:31 p.m.55 views

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.43

Abstract Cross reference list for security vulnerabilities fixed in WebSphere Application Server Fix Pack 6.1.0.43 Content VULNERABILITY DETAILS: CVE ID:CVE-2011-1376 PM49712 DESCRIPTION: IBM Websphere Application Server, when running on IBM i operating systems, applies insecure permissions to...

9.8CVSS9.7AI score0.0273EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.55 views

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities...

10CVSS6.9AI score0.86963EPSS
Exploits23Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.55 views

Security Bulletin: WebSphere Application Server Community Edition 3.0.0.3 Oracle CPU April 2013

Abstract Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM WebSphere Application Server Community Edition. Content The IBM WebSphere Application Server Community Edition is shipped with an IBM Java SDK that is based on the Oracle JDK. Oracle has released April...

10CVSS7AI score0.86963EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/21 8:55 p.m.55 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Summary Multiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION:...

10CVSS9.1AI score0.95764EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 11:39 p.m.55 views

Security Bulletin: Vulnerability in Fabric OS firmware used by IBM b-type SAN directors and switches.

Summary Public disclosed vulnerability from OpenSSL in the Fabric OS FOS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By usi...

7.5CVSS7.7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 4:36 p.m.55 views

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-20215-0250

Summary IBM TRIRIGA Application Platform discloses CVE-2015-0250 Vulnerability Details CVEID:CVE-2015-0250 DESCRIPTION: Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this...

9.8CVSS8.7AI score0.19523EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/29 11:34 a.m.55 views

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4203)

Summary There is a vulnerability in Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details CVEID:CVE-2021-4203 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free read flaw in the sockgetsockopt functio...

6.8CVSS7AI score0.01747EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/29 11:21 a.m.55 views

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID:CVE-2021-45485 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive...

7.5CVSS6.6AI score0.03585EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/29 11:8 a.m.55 views

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID:CVE-2022-27666 DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by...

7.8CVSS8.6AI score0.06846EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/22 3:24 p.m.55 views

Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931)

Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerability. The vulnerability is caused by Node.js being vulnerable to Domain Hijacking and and injection vulnerabilities due to missing input validation of host names returned by Domain Name...

9.8CVSS9.5AI score0.21952EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.55 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM/Cisco Switches and Directors (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects BM/Cisco Switches and Directors Vulnerability Details CVEID:CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, b...

10CVSS7.9AI score0.94859EPSS
Exploits29Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 4:26 p.m.55 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a...

9.8CVSS9.8AI score0.69062EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 10:49 a.m.55 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

7.1CVSS7AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 5:36 a.m.55 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle April 2022 Critical Patch Update, minus CVE-2022-21426 Vulnerability...

5.3CVSS2.4AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 5:41 p.m.55 views

Security Bulletin: IBM Cognos Controller is affected but not vulnerable to arbitrary code execution and SQL injection due to Apache Log4j v1 vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104)

Summary Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities CVE-2022-23305, CVE-2022-23302, CVE-2021-4104. Although IBM Cognos Controller is not vulnerable to the listed CVEs, all instances o...

9.8CVSS7.6AI score0.81147EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 11:54 a.m.55 views

Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-34798 and CVE-2021-39275) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-34798 and CVE-2021-39275 by upgrading IBM Power Hardware...

9.8CVSS0.4AI score0.64509EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.55 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM InfoSphere Master Data Management Server (CVE-2015-7450)

Summary IBM WebSphere Application Server is shipped as a component of IBM InfoSphere Master Data Management Server . Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin...

10CVSS9AI score0.97655EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:42 p.m.55 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Java (Multiple CVEs)

Summary Security Vulnerabilities affect IBM Cloud Private - Java Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. CVSS Base score: 7.5 CVSS...

9.8CVSS1.2AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 12:59 p.m.55 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22876)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22876 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the...

5.3CVSS0.5AI score0.05301EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/14 3:54 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2021-44532 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were used within a certificate chai...

7.5CVSS7AI score0.70561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 10:7 p.m.55 views

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (CVE-2020-2654, CVE-2020-2781, CVE-2020-2800)

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control . These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU January 2020 and April 2020. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: ...

5.8CVSS6.4AI score0.04948EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 2:35 a.m.55 views

Security Bulletin: Due to use of Apache Log4j, IBM Netcool/OMNIbus Probe DSL Factory Framework is vulnerable to arbitrary code execution (CVE-2022-23302, CVE-2022-23307) and SQL injection (CVE-2022-23305)

Summary Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 is a dependency component shipped with the IBM Netcool/OMNIbus Probe DSL Factory Framework. The latest patch upgraded to Apache Log4j 2.17.1 that remediates the security vulnerabilities. Vulnerability Details CVEID: CVE-2022-2330...

9.8CVSS10.2AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/12 1:53 a.m.55 views

Security Bulletin: Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery can affect IBM Spectrum Copy Data Management. Vulnerabilities include elevated privileges, SQL injection, obtaining sensitive information, cross-site scripting, and man-in-the-middle attacks. Vulnerability Details CVEID:...

8.1CVSS8AI score0.94921EPSS
Exploits157Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 8:4 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...

9.8CVSS8.8AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/25 5:40 a.m.55 views

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

Summary Samba is used by IBM Cloud Pak for Data System 2.0 . This bulletin provides a remediation for the Samba vulnerability CVE-2021-44142. Vulnerability Details CVEID: CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused ...

9CVSS1.6AI score0.74042EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 9:9 a.m.55 views

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker t...

9.8CVSS8.7AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 5:31 p.m.55 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary IBM Watson Assistant for IBM Cloud Pak for Data uses Apache Log4j to log diagnostic data. Vulnerabilities in Apache Log4j CVE-2021-45105 and CVE-2021-45046 impacts IBM Watson Assistant for IBM Cloud Pak for Data. The fix includes Apache Log4j v.2.17.0. Vulnerability Details CVEID:...

10CVSS1.1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 8:12 p.m.55 views

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecifi...

5.3CVSS5.5AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 5:19 p.m.55 views

Security Bulletin: IBM MQ is vulnerable to multiple Jetty vulnerabilities (CVE-2021-34428, CVE-2021-34429, CVE-2021-28169)

Summary Multiple issues were identified in Eclipse Jetty that IBM MQ Explorer uses and is affected by. Vulnerability Details CVEID: CVE-2021-34428 DESCRIPTION: Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an...

5.3CVSS5.3AI score0.99298EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/11 12:37 a.m.55 views

Security Bulletin: Vulnerabilities in XStream affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in XStream, such as execution of arbitrary code, server-side request forgery, denial of service, bypassing security restrictions, and deletion of arbitrary files, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2020-26217 DESCRIPTION: XStream...

9.9CVSS9.3AI score0.98124EPSS
Exploits38Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/01 3:52 p.m.56 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal core (CVE-2021-32610)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-32610 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary code on the system, caused by the use of the third-party PEAR ArchiveTar library. By persuading a victim to...

7.1CVSS1.3AI score0.73377EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/04 6:40 a.m.55 views

Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Tika

Summary There are vulnerabilities in various versions of Apache Tika that affect Apache Solr. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID: CVE-2019-10094 DESCRIPTION: Apache Tika is vulnerable to a stack-based buffer overflow, caused by a flaw in the...

7.8CVSS1.3AI score0.05934EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/01 6:19 a.m.55 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2021-33196 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim t...

7.5CVSS0.6AI score0.06975EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/01 6:18 a.m.55 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx. Vulnerability Details CVEID: CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error in ngxresolvercopy while processing D...

7.7CVSS2.5AI score0.52838EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 7:3 a.m.55 views

Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation

Summary IBM Business Process Manager and IBM Business Automation Workflow offline documentation packages open source libraries with known vulnerabilities. Do not install offline documentation and remove existing installations with the fix provided below. Vulnerability Details CVEID: CVE-2021-2335...

8.1CVSS0.7AI score0.10608EPSS
Exploits4Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/25 8:23 p.m.55 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-14845 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a hi...

8CVSS6.3AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/16 3:12 p.m.55 views

Security Bulletin: Potential DoS in IBM DataPower Gateway

Summary IBM has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHello message from a clien...

5.9CVSS2.3AI score0.62906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/04 7:39 a.m.55 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by sensitive information exposure vulnerability in IBM Java SE (CVE-2020-14781)

Summary IBM Security Privileged Identity Manager has addressed a sensitive information exposure vulnerability in Java SE. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtai...

4.3CVSS3AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/23 9:9 p.m.55 views

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2020-25695, CVE-2020-25694

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...

8.8CVSS1.2AI score0.4644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 12:42 a.m.55 views

Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures

Summary IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures CVE-2020-15095, CVE-2020-8116, CVE-2020-8201 and CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION:...

7.8CVSS1.6AI score0.05093EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000