Lucene search
K
IbmMost viewed

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/08/29 11:8 a.m.55 views

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID:CVE-2022-27666 DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by...

7.8CVSS8.6AI score0.06846EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/22 3:24 p.m.55 views

Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931)

Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerability. The vulnerability is caused by Node.js being vulnerable to Domain Hijacking and and injection vulnerabilities due to missing input validation of host names returned by Domain Name...

9.8CVSS9.5AI score0.21952EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.55 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM/Cisco Switches and Directors (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects BM/Cisco Switches and Directors Vulnerability Details CVEID:CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, b...

10CVSS7.9AI score0.94859EPSS
Exploits29Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 4:26 p.m.55 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a...

9.8CVSS9.8AI score0.69062EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 5:36 a.m.55 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle April 2022 Critical Patch Update, minus CVE-2022-21426 Vulnerability...

5.3CVSS2.4AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 5:41 p.m.55 views

Security Bulletin: IBM Cognos Controller is affected but not vulnerable to arbitrary code execution and SQL injection due to Apache Log4j v1 vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104)

Summary Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities CVE-2022-23305, CVE-2022-23302, CVE-2021-4104. Although IBM Cognos Controller is not vulnerable to the listed CVEs, all instances o...

9.8CVSS7.6AI score0.81147EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 11:54 a.m.55 views

Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-34798 and CVE-2021-39275) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-34798 and CVE-2021-39275 by upgrading IBM Power Hardware...

9.8CVSS0.4AI score0.64509EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.55 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM InfoSphere Master Data Management Server (CVE-2015-7450)

Summary IBM WebSphere Application Server is shipped as a component of IBM InfoSphere Master Data Management Server . Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin...

10CVSS9AI score0.97655EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:42 p.m.55 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Java (Multiple CVEs)

Summary Security Vulnerabilities affect IBM Cloud Private - Java Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. CVSS Base score: 7.5 CVSS...

9.8CVSS1.2AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 12:59 p.m.55 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22876)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22876 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the...

5.3CVSS0.5AI score0.05301EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/14 3:54 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2021-44532 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were used within a certificate chai...

7.5CVSS7AI score0.70561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 10:7 p.m.55 views

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (CVE-2020-2654, CVE-2020-2781, CVE-2020-2800)

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control . These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU January 2020 and April 2020. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: ...

5.8CVSS6.4AI score0.04948EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 2:35 a.m.55 views

Security Bulletin: Due to use of Apache Log4j, IBM Netcool/OMNIbus Probe DSL Factory Framework is vulnerable to arbitrary code execution (CVE-2022-23302, CVE-2022-23307) and SQL injection (CVE-2022-23305)

Summary Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 is a dependency component shipped with the IBM Netcool/OMNIbus Probe DSL Factory Framework. The latest patch upgraded to Apache Log4j 2.17.1 that remediates the security vulnerabilities. Vulnerability Details CVEID: CVE-2022-2330...

9.8CVSS10.2AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 8:4 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...

9.8CVSS8.8AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/25 5:40 a.m.55 views

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

Summary Samba is used by IBM Cloud Pak for Data System 2.0 . This bulletin provides a remediation for the Samba vulnerability CVE-2021-44142. Vulnerability Details CVEID: CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused ...

9CVSS1.6AI score0.74042EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 9:9 a.m.55 views

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker t...

9.8CVSS8.7AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 6:10 p.m.55 views

Security Bulletin: Vulnerability inApache Log4j - CVE-2021-45046 may affect IBM Watson Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability inApache Log4j - CVE-2021-45046 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to detai...

10CVSS0.8AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 5:31 p.m.55 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary IBM Watson Assistant for IBM Cloud Pak for Data uses Apache Log4j to log diagnostic data. Vulnerabilities in Apache Log4j CVE-2021-45105 and CVE-2021-45046 impacts IBM Watson Assistant for IBM Cloud Pak for Data. The fix includes Apache Log4j v.2.17.0. Vulnerability Details CVEID:...

10CVSS1.1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/30 6:26 p.m.55 views

Security Bulletin: IBM Data Model for Energy and Utilities is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library is used by IBM Data Model for Energy and Utilities. This affects the Industry Models - Glossary Tools optional component. The fix includes Apache Log4j v2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 5:19 p.m.55 views

Security Bulletin: IBM MQ is vulnerable to multiple Jetty vulnerabilities (CVE-2021-34428, CVE-2021-34429, CVE-2021-28169)

Summary Multiple issues were identified in Eclipse Jetty that IBM MQ Explorer uses and is affected by. Vulnerability Details CVEID: CVE-2021-34428 DESCRIPTION: Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an...

5.3CVSS5.3AI score0.99298EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/07 7:14 p.m.55 views

Security Bulletin: This Power System update is being released to address CVE-2018-5391

Summary POWER9: In response to a denial of service vulnerability, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-5391. A remote attacker could use large IP frames to trigger time and calculation expensive calls in the...

7.8CVSS1AI score0.24575EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/05 2:49 p.m.55 views

Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2021-2441 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Cluster: JS module component could allow an authenticated attacker to cause a denial of service resulting in a high...

8CVSS5.4AI score0.41478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/01 3:52 p.m.56 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal core (CVE-2021-32610)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-32610 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary code on the system, caused by the use of the third-party PEAR ArchiveTar library. By persuading a victim to...

7.1CVSS1.3AI score0.73377EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/04 6:40 a.m.55 views

Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Tika

Summary There are vulnerabilities in various versions of Apache Tika that affect Apache Solr. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID: CVE-2019-10094 DESCRIPTION: Apache Tika is vulnerable to a stack-based buffer overflow, caused by a flaw in the...

7.8CVSS1.3AI score0.05934EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/01 6:19 a.m.55 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2021-33196 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim t...

7.5CVSS0.6AI score0.06975EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/01 6:18 a.m.55 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx. Vulnerability Details CVEID: CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error in ngxresolvercopy while processing D...

7.7CVSS2.5AI score0.52838EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 7:3 a.m.55 views

Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation

Summary IBM Business Process Manager and IBM Business Automation Workflow offline documentation packages open source libraries with known vulnerabilities. Do not install offline documentation and remove existing installations with the fix provided below. Vulnerability Details CVEID: CVE-2021-2335...

8.1CVSS0.7AI score0.10608EPSS
Exploits4Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/25 8:23 p.m.55 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-14845 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a hi...

8CVSS6.3AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/16 3:12 p.m.55 views

Security Bulletin: Potential DoS in IBM DataPower Gateway

Summary IBM has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHello message from a clien...

5.9CVSS2.3AI score0.62906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/04 7:39 a.m.55 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by sensitive information exposure vulnerability in IBM Java SE (CVE-2020-14781)

Summary IBM Security Privileged Identity Manager has addressed a sensitive information exposure vulnerability in Java SE. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtai...

4.3CVSS3AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/23 9:9 p.m.55 views

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2020-25695, CVE-2020-25694

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...

8.8CVSS1.2AI score0.4644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/25 10:10 a.m.55 views

Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-1971, CVE-2020-8265, CVE-2020-8287

Summary Security vulnerabilities have been reported for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable t...

8.1CVSS0.8AI score0.77385EPSS
Exploits8Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/23 11:18 a.m.55 views

Security Bulletin: A vulnerability in IBM Java SE affects IBM Elastic Storage Server

Summary There is a vulnerability in IBM SDK Java Technology Edition, used by IBM Elastic Storage Server. This issue was disclosed as part of the IBM Java SDK updates in Oct 2020. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

4.3CVSS1.3AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/15 10:31 a.m.55 views

Security Bulletin: A vulnerability in IBM Java SE affects IBM Spectrum Scale

Summary There is a vulnerability in IBM SDK Java Technology Edition, used by IBM Spectrum Scale. This issue was disclosed as part of the IBM Java SDK updates in Oct 2020. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...

4.3CVSS1.4AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/10 6:30 p.m.55 views

Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by Multiple Vulnerabilities in OpenSSL

Summary Security vulnerabilities have been disclosed on 16th February 2021 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL cou...

7.5CVSS1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/08 6:11 p.m.55 views

Security Bulletin: Multiple security vulnerabilities in JAVA affects IBM Cloud Pak for Multicloud Management Monitoring

Summary Multiple security vulnerabilities in JAVA affects IBM Cloud Pak for Multicloud Management Monitoring Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no...

5.3CVSS2.1AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/19 2:37 p.m.55 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - October 2020

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions including...

5.8CVSS2.1AI score0.03713EPSS
Exploits0Affected Software20
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 5:41 p.m.55 views

Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)

Summary Vulnerabilities in the Java Runtime Environment JRE 6 update 32 and earlier component shipped with IBM Rational Synergy may affect the security of the product. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this...

10CVSS2.5AI score0.98113EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/18 1:33 a.m.55 views

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in July 2020. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEI...

5.3CVSS1.6AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 4:10 p.m.55 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

Summary WebSphere MQ Internet Pass-Thru has addressed the following vulnerability in IBM® Runtime Environment Java™ Version 7.0.10.65 and earlier. This issue was disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: An unspecified...

4.3CVSS1.7AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 1:41 p.m.55 views

Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.

Summary IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload leng...

7.5CVSS0.1AI score0.87553EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/14 4:34 p.m.55 views

Security Bulletin: Security Vulnerabilities in IBM WebSphere Liberty fixed in IBM Security Access Manager Appliance

Summary A Security Vulnerability in IBM WebSphere Liberty has been fixed in the IBM Security Access Manager Appliance Vulnerability Details CVEID: CVE-2019-4441 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive...

5.3CVSS2.4AI score0.01596EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 4:14 p.m.55 views

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2019-10126 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the marvell wifi chip driver. By using a specially-crafted call, a local attacker...

9.8CVSS0.8AI score0.06821EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/03 10:41 p.m.55 views

Security Bulletin: Multiple vulnerabilities affects IBM Jazz Foundation and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Lifecycle Optimization - Engineeri...

9.8CVSS1.5AI score0.45205EPSS
Exploits8Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/29 3:56 p.m.55 views

Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (Apr 2020)

Summary There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition versions 7 and 8, and IBM® Java™ Runtime versions 7 and 8 that are used by IBM® Intelligent Operations Center, IBM® Intelligent Operations Center for Emergency Management, IBM® Intelligent Water, and IBM® Water...

8.3CVSS2AI score0.0623EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 5:7 p.m.55 views

Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed multiple security vulnerabilities in jackson-databind Vulnerability Details CVEID: CVE-2019-17267 DESCRIPTION: FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the...

10CVSS1.4AI score0.12679EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/17 5:50 p.m.55 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities

Summary IBM Security Privileged Identity Manager has addressed 2 issues for nss, nss-softokn, nss-util as follows. Vulnerability Details CVEID: CVE-2019-11729 DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by the improperly validation of empty or malformed p256-ECDH...

8.8CVSS1.7AI score0.02994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/28 9:16 p.m.55 views

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.1 and v6.4.2, which were disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details Refer to the security...

2.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/27 8:42 a.m.55 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-1058, CVE-2018-10936, CVE-2019-9193)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerabilities 3 issues for Postgresql: 1 for a flaw in the searchpath setting2, 1 for a failure to check the host name if a host name verifier was not provided to the driver and...

9CVSS1.6AI score0.91877EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/18 8:17 p.m.55 views

Security Bulletin: A vulnerability in Apache Struts affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Struts used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...

8.1CVSS1.5AI score0.13122EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000