Lucene search
K
IbmMost viewed

35715 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/28 9:53 a.m.•55 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)

Summary Red Hat OpenShift on IBM Cloud is affected by security vulnerabilities in the Kubernetes API server that may allow a denial of service attack from unauthenticated clients CVE-2023-39325 and CVE-2023-44487. Vulnerability Details CVEID: CVE-2023-39325 Description: A malicious HTTP/2 client...

7.5CVSS8.2AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/15 2:39 p.m.•55 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to Eclipse Mosquitto.

Summary The built-in MQTT pub/sub broker in IBM App Connect Enterprise and IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto. CVE-2023-5632 Vulnerability Details CVEID: CVE-2023-5632 DESCRIPTION: Eclipse Mosquitto is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.00689EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/27 1:20 p.m.•55 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities in components.

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. These have been addressed in the applicable CVEs. CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022,23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493...

9.8CVSS8.7AI score0.81147EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/04 10:31 a.m.•55 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

5.3CVSS6.2AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/28 1:16 p.m.•55 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to jQuery cross-site scripting (CVE-2020-11022, CVE-2020-11023)

Summary There is a vulnerability in the jQuery OpenSource library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

6.9CVSS6.6AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/25 10:5 p.m.•55 views

Security Bulletin: Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023)

Summary Vulnerability with kernel CVE-2023-2269, CVE-2023-34256, OpenJDK CVE-2023-22041 CVE-2023-22043 CVE-2023-22044 CVE-2023-22006 CVE-2023-22045 CVE-2023-22036 CVE-2023-22049, jna-platform 240628 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details...

5.9CVSS6.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/06 6:6 p.m.•55 views

Security Bulletin: Multiple vulnerabilities in guava-14.0.1.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in guava-14.0.1.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, cause...

5.9CVSS6.6AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/05 1:29 p.m.•55 views

Security Bulletin: Vulnerability found in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-46363)

Summary Vulnerability have been identified in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS8.4AI score0.01193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/04 12:26 p.m.•55 views

Security Bulletin: Vulnerability found in ant-1.8.2.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-36373, CVE-2020-11979, CVE-2021-36374, CVE-2012-2098, CVE-2020-1945)

Summary Multiple vulnerabilities have been identified in ant-1.8.2.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS7.8AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/25 11:2 a.m.•55 views

Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center(CVEs - Remediation/Fixes)

Summary BM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

8.8CVSS7.4AI score0.01378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/20 1:25 p.m.•55 views

Security Bulletin: IBM Workload Scheduler is potentially affected by multiple vulnerabilities in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Summary IBM Workload Scheduler is potentially affected by Denial of Service and information disclosure attacks due to vulnerabilities found in OpenSSL Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

7.5CVSS7.9AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/06 5:15 p.m.•55 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)

Summary Potential Gnome ibxml2 arbitrary code execution vulnerabilities CVE-2022-40304, CVE-2022-40303 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-40304 DESCRIPTION: Gnome...

7.8CVSS7.8AI score0.22791EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/05 9:52 p.m.•55 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities in Golang Go

Summary Potential vulnerabilities in Golang Go has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-41722 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories ...

7.8CVSS9.4AI score0.05623EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/30 6:43 a.m.•55 views

Security Bulletin: IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component has multiple vulnerabilities

Summary Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. IBM Security Verify Governance, Identity Manager virtual appliance component ships with IBM DB2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS7.4AI score0.01513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/07 9:0 p.m.•55 views

Security Bulletin: IBM Planning Analytics Workspace has addressed a vulnerability in GNU zlib (CVE-2022-37434)

Summary IBM Planning Analytics Workspace is vulnerable to a heap-based overlow in GNU zlib . GNU zlib has been upgraded in IBM Planning Analytics Workspace. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checki...

9.8CVSS9.9AI score0.1593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/06 5:35 p.m.•55 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.4CVSS6.8AI score0.01523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/23 11:18 p.m.•55 views

Security Bulletin: This Power System update is being released to address CVE 2023-30438

Summary An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution o...

9.3CVSS8.8AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/28 6:53 p.m.•55 views

Security Bulletin: A vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2023-30441)

Summary A vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensiti...

7.5CVSS7.2AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/28 6:19 p.m.•55 views

Security Bulletin: IBM MQ Appliance affected by multiple OpenSSL vulnerabilities

Summary IBM MQ Appliance has resolved multiple OpenSSL vulnerabilities CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel...

7.5CVSS7.8AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/06 2:11 p.m.•55 views

Security Bulletin: IBM Watson Explorer affected by vulnerability in OpenSSL.

Summary IBM Watson Explorer Foundational Components contains a vulnerable version of OpenSSL. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioe...

7.5CVSS7.5AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/31 3:6 p.m.•55 views

Security Bulletin: Multiple vulnerabilities in Intel Processors affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Intel Processors affect Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-21123 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomple...

6.5CVSS6.8AI score0.06451EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 5:13 p.m.•55 views

Security Bulletin: Multiple vulnerabilities in the mongo-tools utility affect IBM WebSphere Automation

Summary There are multiple vulnerabilities in the mongo-tools utility used in IBM WebSphere Automation. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the compilation of regula...

7.8CVSS9.4AI score0.02607EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/21 8:7 p.m.•55 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial service CVE-2022-3996, CVE-2023-0401, CVE-2022-4203, CVE-2023-0216, CVE-2023-0215, CVE-2023-0217, CVE-2023-0286, CVE-2022-4450 or obtain sensitive information CVE-2022-4304. OpenSSL is used by AIX as part of AIX's...

7.5CVSS8AI score0.59501EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/16 2:18 p.m.•55 views

Security Bulletin: Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in the Linux Kernel. Vulnerabilities include obtaining sensitive information, denial of service, elevation of privileges and remote execution of arbitrary code, as described by the CVEs in the "Vulnerability Details" section...

8.6CVSS8.7AI score0.12746EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/09 2:58 a.m.•55 views

Security Bulletin: Multiple Vulnerabilities in IBM HTTP Server affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server and Apache Portable Runtime: CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2006-20001, and CVE-2022-25147. IBM WebSphere Application...

9.8CVSS8AI score0.57941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/03 11:56 a.m.•55 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2023-21830, CVE-2023-21835, CVE-2023-21843]

Summary Java SE is used by IBM App Connect Enterprise Certified Container by the component that stores DesignerAuthoring flows and by the component that provides mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service...

5.3CVSS5.4AI score0.01836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/24 1:15 p.m.•55 views

Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Standard

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...

7.5CVSS7.3AI score0.02121EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•55 views

Security Bulletin: The IBM FlashSystem 840 product is affected by vulnerabilities in Apache Tomcat

Summary Security vulnerabilities have been discovered in Apache Tomcat Vulnerability Details CVE-ID: CVE-2013-4286, CVE-2013-4322, & CVE-2014-0033 DESCRIPTION: FlashSystem 840 uses Apache Tomcat. FlashSystem 840 runs an Apache Tomcat web server which enables the systems’ browser-based...

5.8CVSS8.9AI score0.16833EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•55 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to expose sensitive information, execute arbitrary code, perform cross-site scripting, and/or cause a...

8.8CVSS9.3AI score0.1838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/10 6:7 a.m.•55 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center (CVE-2023-23477)

Summary IBM WebSphere Application Server traditional is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...

9.8CVSS6.8AI score0.01949EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/02 10:8 p.m.•55 views

Security Bulletin: Vulnerability in Node.js affects IBM Voice Gateway

Summary Security Vulnerability in Node.js packages affects IBM Voice Gateway. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an insufficient IsAllowedHost...

8.1CVSS8.3AI score0.14024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 8:4 p.m.•56 views

Security Bulletin: Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701

Summary There is a vulnerability in Microsoft .NET Core and Visual Studio that could allow an attacker to execute arbitrary code on the system The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.8CVSS8.2AI score0.30315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 11:30 a.m.•55 views

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service due to protobuf-java core and lite

Summary protobuf-java is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service. CVE-2022-3509, CVE-2022-3171, CVE-2022-3510 Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of...

7.5CVSS6.2AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 5:59 a.m.•55 views

Security Bulletin: App Connect Professional is affected by JsonErrorReportValve in Apache Tomcat.

Summary App Connect Professional have addressed the JsonErrorReportValve vulnerability reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or...

7.5CVSS7.3AI score0.02505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/16 7:2 a.m.•55 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM Java - Eclipse OpenJ9 is vulnerable to CVE-2022-3676

Summary A flaw in Eclipse OpenJ9 leads to type confusion under certain circumstances, which can be exploited to access or modify memory. This may allow malicious untrusted code to elevate its privileges. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it h...

6.5CVSS6.7AI score0.00589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/06 9:52 p.m.•55 views

Security Bulletin: An issue was identified in IBM WebSphere Application Server Liberty that IBM MQ ships (CVE-2022-34165)

Summary An issue was identified in IBM WebSphere Application Server Liberty that IBM MQ ships to provide MQ Console and MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server...

5.4CVSS5.3AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/05 3:21 p.m.•55 views

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager v4.2 (CVE-2022-21299).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager v4.2, which was disclosed in the Oracle January 2022 Critical Patch Update, but deferred until the release associated with the August 2022 Update. Vulnerability Details...

5.3CVSS5.2AI score0.03458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/04 4:9 p.m.•55 views

Security Bulletin: IBM Security Verify Governance is vulnerable to denial of service and cross-site scripting due to use of jsoup (CVE-2021-37714, CVE-2015-6748)

Summary IBM Security Verify Governance uses jsoup which is vulnerable to denial of service and cross-site scripting by a remote attacker, caused by improper input validation CVE-2021-37714, CVE-2015-6748. The fix includes upgrading the jsoup jar to the patched version. Vulnerability Details...

7.5CVSS7AI score0.06873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/30 3:9 p.m.•55 views

Security Bulletin: Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-21496, CVE-2022-21434, CVE-2022-21443, CVE-2022-22475, CVE-2022-22476, CVE-2022-21540 & CVE-2022-21541

Summary Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-21496, CVE-2022-21434, CVE-2022-21443, CVE-2022-22475, CVE-2022-22476, CVE-2022-21540 & CVE-2022-21541 Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An...

8.8CVSS7.2AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/23 10:36 a.m.•55 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...

5.4CVSS5.9AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/24 2:37 p.m.•55 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)

Summary IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. Vulnerability Details CVEID:CVE-2022-35637 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of servic...

6.5CVSS6.7AI score0.0104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/07 4:12 p.m.•55 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to arbitrary code execution due to CVE-2022-22721

Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to arbitrary code execution. This bulletin provides patch informatio...

9.1CVSS9.9AI score0.41861EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 5:45 a.m.•55 views

Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161)

Abstract Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 Content VULNERABILITY DETAILS – Directory Traversal CVE ID: CVE-2012-0186 DESCRIPTION: Specially crafted URLs can be sent to the Eclipse Help component of IBM Sales Center for...

5.8CVSS8.6AI score0.05219EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 4:23 a.m.•55 views

Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

Abstract IBM Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013:1140|...

10CVSS8.8AI score0.40118EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 4:23 a.m.•55 views

Security Bulletin: IBM Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities.

Abstract IBM Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013-0981|...

9.8CVSS8.2AI score0.99998EPSS
Exploits47Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 11:13 p.m.•55 views

Security Bulletin: Potential Security exposure in IBM HTTP Server CVE-2013-1862 PM87808

Abstract Potential Security exposure in IBM HTTP Server for WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-1862 DESCRIPTION: IBM HTTP Server optional modrewrite module does not properly filter terminal escape sequences from logs, which could make it easier for a remot...

5.1CVSS6.7AI score0.24886EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 9:6 p.m.•55 views

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities...

10CVSS6.9AI score0.87227EPSS
Exploits23Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/21 8:55 p.m.•55 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Summary Multiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION:...

10CVSS9.1AI score0.95764EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/30 4:36 p.m.•55 views

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-20215-0250

Summary IBM TRIRIGA Application Platform discloses CVE-2015-0250 Vulnerability Details CVEID:CVE-2015-0250 DESCRIPTION: Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this...

9.8CVSS8.7AI score0.19523EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/29 11:34 a.m.•55 views

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4203)

Summary There is a vulnerability in Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details CVEID:CVE-2021-4203 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free read flaw in the sockgetsockopt functio...

6.8CVSS7AI score0.01747EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000