Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:43 p.m.55 views

Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection

Summary There are multiple vulnerabilities in file that is used by IBM Security Network Protection. These vulnerabilities include CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, and CVE-2014-9653. Vulnerability Details CVEID: CVE-2014-3538 DESCRIPTION: Fi...

7.5CVSS0.9AI score0.20237EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:22 p.m.55 views

Security Bulletin: GNU C library (glibc) vulnerability is fixed in IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance ISAM ESSO VA Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: glibc is vulnerable to a heap-based buffer overflow, caused by...

10CVSS1AI score0.94859EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:50 p.m.55 views

Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues

Summary The IBM Tealeaf Customer Experience PCA Web UI uses a version of PHP with reported security issues. Vulnerability Details CVEID: CVE-2015-0273 DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in unserialize with...

10CVSS1.1AI score0.50129EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:18 p.m.55 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Modeler

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ JRE6SR16FP20, JRE7SR9FP30, JRE7R1SR3FP30, JRE8SR2FP10, JRE8SR4FP1, used by Modeler These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details If you run your own Java code using th...

9.6CVSS0.8AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:45 p.m.55 views

Security Bulletin: Multiple OpenSource Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance

Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. Apache Tomcat is used by IBM Algo Audit a...

8.8CVSS0.7AI score0.1838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.56 views

Security Bulletin: Vulnerabilities in Apache Struts has been identified in IBM WebSphere Application Server shipped with IBM Workload Deployer (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server is shipped as a component of IBM Workload Deployer. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Vulnerabilities in Apac...

3AI score0.25737EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.55 views

Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js CVE-2016-2086, CVE-2016-2216, CVE-2015-3197, CVE-2016-0705, CVE-2016-0797,...

10CVSS0.9AI score0.27022EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.55 views

Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time

Summary Java SE issues disclosed in the Oracle July 2015 Critical Patch Update, plus CVE-2015-1931. Vulnerability Details CVE IDs: CVE-2015-2638 CVE-2015-4733 CVE-2015-4732 CVE-2015-2590 CVE-2015-4731 CVE-2015-4760 CVE-2015-4736 CVE-2015-4748 CVE-2015-2664 CVE-2015-2632 CVE-2015-2637 CVE-2015-261...

10CVSS0.4AI score0.44595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.54 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Clie

Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. "Business Unit":"code":"BU059","label":"IBM Software w/o...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:15 a.m.54 views

Security Bulletin: UC Deploy Container images may contain non-unique https certificates and database encryption key. (CVE-2021-39082 )

Summary CVE-2021-39082 The provided UC Deploy Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. Vulnerability Details...

7.5CVSS7.4AI score0.00621EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:3 a.m.54 views

Security Bulletin: IBM Security Guardium is affected by multiple OS level vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple...

7.8CVSS8.9AI score0.05794EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 9:5 p.m.54 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2020-26555 DESCRIPTION: Bluetooth Core and Mesh Specifications could allow a...

7CVSS8.8AI score0.00887EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:41 p.m.54 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to...

8.1CVSS9.1AI score0.01947EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 10:53 p.m.54 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from kerberos 5, libxml2, go-jose, runc

Summary IBM MQ Operator and Queue manager container images are vulnerable to kerberos 5, libxml2, go-jose, runc. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2024-26461 DESCRIPTION: Kerberos 5 is vulnerable to a denial of service,...

8.6CVSS7.6AI score0.18087EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 8:24 p.m.54 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included

Summary There are multiple vulnerabilities used by IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-36005 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to netfilter:...

8.8CVSS8.7AI score0.01565EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 4:23 p.m.54 views

Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2023-5981 and CVE-2024-0533)

Summary IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. B...

8.3CVSS6.6AI score0.01731EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/28 6:58 p.m.54 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)

Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details CVEID:CVE-2023-50308 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server under...

6.5CVSS6.9AI score0.00774EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 5:52 p.m.54 views

Security Bulletin: IBM SPSS Statistics: "IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks"

Summary A combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. IBM SPSS Statistics is not directly affected, but is issuing a patch for the relevant versions. Vulnerability Detai...

7.5CVSS7.4AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 10:31 a.m.54 views

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176).

Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-35176 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content contains...

5.3CVSS5.5AI score0.02064EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 9:22 a.m.54 views

Security Bulletin: Common vulnerabilities fixed in EDB Postgres Advanced Server (EPAS)

Summary Common vulnerabilities fixed in EDB Postgres Advanced Server EPAS Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the accesshistory function. By...

9.8CVSS7.2AI score0.00772EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 8:3 p.m.54 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...

9.8CVSS7.6AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 3:32 p.m.54 views

Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities

Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details CVEID:CVE-2019-13631 DESCRIPTION: Linux Kernel could allow a physical attacker to execute arbitrary code on the...

10CVSS9AI score0.07619EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/05 4:20 p.m.54 views

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to weak TLS security, cross-site scripting, denial of service, and a server-side request forgery due to multiple vulnerabilities.

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable weaker than expected TLS security CVE-2023-50312, cross-site scripting with JavaScript code CVE-2024-27270, and sending specially crated requests to cause denial of service CVE-2024-25026, CVE-2024-27268, CVE-2024-22353 and ...

7.5CVSS7.2AI score0.01278EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/17 1:55 p.m.54 views

Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway

Summary Security Vulnerabilities in Liberty affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection XXE atta...

7.5CVSS6.8AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:57 p.m.54 views

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509)

Summary A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by...

7.5CVSS6.4AI score0.01655EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:21 p.m.54 views

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS10AI score0.9077EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/03 9:4 a.m.54 views

Security Bulletin: Multiple Linux Kernel vulnerabilities affects IBM Storage Scale System.

Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service. Fixes for these vulnerabilities are available. CVE-2023-5178, CVE-2023-3609, CVE-2023-45871, CVE-2023-4732, CVE-2023-1192. Vulnerability Details...

8.8CVSS9.1AI score0.09141EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/24 3:52 p.m.54 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or...

9.8CVSS9.6AI score0.06889EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 7:41 a.m.54 views

Security Bulletin: IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable to CVE-2024-1597

Summary IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable to CVE-2024-1597. This bulletin contains information regarding the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote...

10CVSS9.6AI score0.0481EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 1:26 p.m.54 views

Security Bulletin: Vulnerability of okio-1.13.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE

Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE are vulnerable to okio-1.13.0.jar CVE-2023-3635. The workaround includes okio-1.13.0.jar upgraded to okio-3.5.0.jar . Vulnerability Details...

7.5CVSS6.5AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 1:26 p.m.54 views

Security Bulletin: Multiple vulnerabilities in Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-43642, CVE-2023-34454, CVE-2023-34453, CVE-2023-34455)

Summary snappy-java in Apache Solr, Apache Zookeeper and Logstash is vulnerable to a denial of service. This has been addressed Vulnerability Details CVEID:CVE-2023-34454 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By...

7.5CVSS7AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:21 p.m.54 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 268 Vulnerability Details CVEID:CVE-2023-22041 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local attacker to cause high confidentiality...

9.8CVSS8.1AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 9:36 a.m.54 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to a denial of service attack due to Connect2id Nimbus-JOSE-JWT (CVE-2023-52428)

Summary Integrated File Agent used by IBM Sterling Connect:Direct for Microsoft Windows uses Connect2id Nimbus-JOSE-JWT. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a...

7.5CVSS9.1AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 9:58 p.m.54 views

Security Bulletin: IBM MQ is vulnerable to issues in Eclipse (CVE-2023-4218, CVE-2023-44487)

Summary IBM MQ has addressed vulnerabilities in Eclipse, which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

7.5CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 6:32 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Jan 2024 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.20 and earlier, 8.0.8.15 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecifie...

7.5CVSS7.6AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/27 4:15 p.m.54 views

Security Bulletin: PyArrow is vulnerable to CVE-2023-47248 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses PyArrow which is vulnerable to CVE-2023-47248. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to...

9.8CVSS9.5AI score0.14414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 1:10 p.m.54 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS10AI score0.73461EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 6:57 p.m.54 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused ...

9.1CVSS8.7AI score0.03882EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 7:24 a.m.54 views

Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager

Summary This security bulletin addresses the vulnerabilities in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2022-46364,CVE-2022-46363. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementatio...

9.8CVSS8.8AI score0.0193EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 6:40 p.m.54 views

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in multiple Open Source Software (OSS) components

Summary IBM Cognos Analytics is affected but not classified as vulnerable, based on current information, to vulnerabilities in multiple Open-Source Software OSS packages. These vulnerabilities have been addressed by upgrading to a non-vulnerable version of the OSS package or removing the OSS...

9.8CVSS10AI score0.75792EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 8:25 a.m.54 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF029 and 23.0.2-IF001. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By...

8.8CVSS10AI score0.02775EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 7:18 a.m.54 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF028 and 23.0.1-IF006. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...

9.8CVSS10AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/12 4:32 p.m.54 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. An attacker could exploit these vulnerabilities to cause a kernel panic or cause the system to crash, obtain sensitive information, obtain kernel memory, execute arbitrary code on the system, possibly le...

7.8CVSS8.9AI score0.02211EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:1 p.m.55 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details CVEID:CVE-2023-43020 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to denial of service with a specially crafted query. CVSS Base score: 6.5 CVSS...

8.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.54 views

Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407

Summary IBM has released the following Unified Extensible Firmware Interface UEFI fixes for System x, Flex and BladeCenter systems in response to OpenSSL vulnerability CVE-2018-5407. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors...

4.7CVSS0.4AI score0.03418EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/06 4:18 p.m.54 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple Java and Node.js security vulnerabilities listed herein. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low...

9.8CVSS8.3AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 7:18 p.m.54 views

Security Bulletin: Netty is vulnerable to CVE-2023-4586 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty which is vulnerable to CVE-2023-4586. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by th...

7.4CVSS7.3AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 1:10 p.m.54 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-43578)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting security vulnerability. Vulnerability Details CVEID: CVE-2022-43578 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

5.4CVSS5.3AI score0.00371EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/08 6:36 p.m.54 views

Security Bulletin: Vulnerabilities in Linux Kernel, Samba, Golang, Curl, and openssl can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Samba, cURL, Golang, Openssl, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...

9.8CVSS9.6AI score0.76768EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:32 p.m.54 views

Security Bulletin: IBM Storage Ceph is vulnerable to a stack overflow attack in Golang (CVE-2022-24675)

Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-24675 Vulnerability Details CVEID: CVE-2022-24675 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack-based buffer overflow in encoding/pem in the Decode feature. By...

7.5CVSS7AI score0.05335EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000