Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 8:36 p.m.54 views

Security Bulletin: IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation

Summary IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression,...

6.5CVSS7.1AI score0.01122EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:40 a.m.54 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using jQuery 3.2.1 is vulnerable to Cross Site Scripting - CVE-2019-11358

Summary Applications using jQuery before 3.4.0 are vulnerable cross site scripting for CVE-2019-11358. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Jazz Reporting Service Vulnerability Details CVEID:CVE-2019-113...

6.1CVSS6.8AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/30 4:29 a.m.54 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to privilege escalation due to IBM WebSphere Application Server Liberty (CVE-2023-0482)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

5.5CVSS5.7AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 10:5 p.m.54 views

Security Bulletin: Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023)

Summary Vulnerability with kernel CVE-2023-2269, CVE-2023-34256, OpenJDK CVE-2023-22041 CVE-2023-22043 CVE-2023-22044 CVE-2023-22006 CVE-2023-22045 CVE-2023-22036 CVE-2023-22049, jna-platform 240628 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details...

5.9CVSS6.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 2:34 p.m.54 views

Security Bulletin: IBM Event Streams is affected by multiple openssl vulnerabilities

Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4304, CVE-2023-0215, CVE-2023-0286. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

7.5CVSS7.5AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 6:51 a.m.54 views

Security Bulletin: Multiple vulnerabilities in ivy-2.4.0.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in ivy-2.4.0.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37865 DESCRIPTION: Apache Ivy could allow a local authenticated attacker to...

9.1CVSS8.4AI score0.01819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:34 p.m.54 views

Security Bulletin: Vulnerabilities found in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center(CVE-2019-10172, CVE-2019-10202)

Summary Multiple vulnerabilities have been identified in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

9.8CVSS8.9AI score0.17044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 10:5 a.m.54 views

Security Bulletin: Due to use of FasterXML Jackson-databind, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial of service.

Summary Jackson-databind is used by IBM Cloud Pak for Multicloud Management Monitoring, as part of converting serializing/deserializing data formats from XML/JSON. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a...

7.5CVSS7.3AI score0.02656EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 4:26 a.m.54 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On

Summary Multiple vulnerabilities exist in the Apache Log4j open source library used by IBM Security Access Manager for Enterprise Single Sign-On. These vulnerabilities have been addressed. Customers are encouraged to immediately update their systems. Vulnerability Details CVEID:CVE-2022-23307...

9.8CVSS9.8AI score0.81147EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 1:51 p.m.54 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to a buffer overflow and unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition (CVE-2023-21930, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968)

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 and 8 applying to IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent is vulnerable to CVE-2023-21930, CVE-2023-21939, CVE-2023-21967 and CVE-2023-21968 and affected by...

9.1CVSS8.5AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 1:38 p.m.54 views

Security Bulletin: Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent

Summary APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent is vulnerable to Google Gson gson-2.8.2.jar 217225, CVE-2022-25647. The fix/workaround includes gson-2.8.2.jar upgraded to gson-2.10.1.jar. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Googl...

7.7CVSS7.6AI score0.1158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:13 p.m.54 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2018-10237)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the...

5.9CVSS6AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:12 p.m.54 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2018-10237)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

5.9CVSS6AI score0.05119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 6:48 p.m.54 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-24998)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/26 4:56 a.m.54 views

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code

Summary Logback could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...

9.8CVSS8.1AI score0.07501EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 1:39 p.m.55 views

Security Bulletin: There is a vulnerability in Prism used by IBM Maximo Asset Management (CVE-2022-23647)

Summary There is a vulnerability in Prism used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-23647 DESCRIPTION: Prism.js Prism is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Command line plugin. A remote attacker could...

7.5CVSS6.7AI score0.01456EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 12:7 p.m.54 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this...

7.5CVSS7.9AI score0.77385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 9:31 p.m.54 views

Security Bulletin: TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2021-37635 DESCRIPTION: TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in...

8.4CVSS7.4AI score0.01804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 10:53 p.m.54 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Thrift

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Thrift. Vulnerability Details CVEID:CVE-2019-0205 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by an error when processing untrusted Thrift payload. A remote attack...

7.8CVSS7.4AI score0.09082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 9:10 p.m.54 views

Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)

Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitiv...

7.5CVSS7.6AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 2:17 p.m.54 views

Security Bulletin: IBM Safer Payments vulnerable to denial of service attack (CVE-2023-27556)

Summary The API and MCI interfaces of IBM Safer Payments are vulnerable to the Slowloris denial of service attack. This vulnerability is addressed Vulnerability Details CVEID:CVE-2023-27556 DESCRIPTION: IBM Counter Fraud Management for Safer Payments does not properly allocate resources without...

7.5CVSS6.9AI score0.01012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.54 views

Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details CVEID: CVE-2017-7376 Descriptio...

10CVSS9.1AI score0.23694EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 9:7 p.m.54 views

Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-37734)

Summary There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a...

7.5CVSS7.3AI score0.02121EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 4:23 p.m.54 views

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2021-3715)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-3715 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4change in net/sched/clsroute.c. By sending a...

7.8CVSS7.8AI score0.00353EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 5:3 p.m.54 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40303)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 caused by an integer overflow in the XMLPARSEHUGE function CVE-2022-40303. Gnome libxml2 is included as part of the Base OS used by our service images. Please read...

7.5CVSS7.6AI score0.22791EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 5:13 p.m.54 views

Security Bulletin: Multiple vulnerabilities in the mongo-tools utility affect IBM WebSphere Automation

Summary There are multiple vulnerabilities in the mongo-tools utility used in IBM WebSphere Automation. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the compilation of regula...

7.8CVSS9.4AI score0.02513EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:34 a.m.54 views

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class...

9.8CVSS9.3AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.54 views

Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)

Summary Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities CVE-2013-4310 CVE-2013-4316 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system via the IP interface may be obtained without authentication. Vulnerability...

10CVSS9.7AI score0.08333EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.54 views

Security Bulletin: Vulnerabilities OpenSSL affect SAN Volume Controller and Storwize Family (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205)

Summary Open Source OpenSSL vulnerabilities were disclosed in January 2015. OpenSSL is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use...

5CVSS7.1AI score0.24626EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.54 views

Security Bulletin: Vulnerability in Pluggable Authentication Modules (PAM) affects IBM SAN Volume Controller and Storwize Family (CVE-2015-3238)

Summary There is a vulnerability in Pluggable Authentication Modules PAM that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed by Red Hat in August 2015. Vulnerability Details CVEID: CVE-2015-3238 DESCRIPTION: Linux-PAM could allow a local attacker to obtain...

6.5CVSS6.7AI score0.02705EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 7:45 p.m.54 views

Security Bulletin: EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Dojo Toolkit. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote...

9.8CVSS8.9AI score0.30367EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 4:16 p.m.54 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-25153 and CVE-2023-25173)

Summary IBM Cloud Kubernetes Service is affected by two security vulnerabilities found in containerd where 1 a maliciously crafted image with a large file could cause a denial of service when importing an OCI image CVE-2023-25153 and 2 supplementary groups are not set up properly inside a contain...

7.8CVSS7.7AI score0.00542EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:43 p.m.54 views

Security Bulletin: Vulnerabilities in OpenSSL affect Bluemix Workflow (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-204, CVE-2015-205, CVE-2015-206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by Bluemix Workflow for internal communication. Bluemix Workflow has addressed the applicable CVEs. Vulnerability Details...

5CVSS7.3AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2014-6593 and CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6.0 that is used by FlashSystem 840. These issues were disclosed as part of the IBM Java SDK updates in January 2015 Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified vulnerability...

5CVSS4.9AI score0.67234EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.54 views

Security Bulletin: Two (2) Vulnerabilities in Apache Tomcat affect IBM FlashSystem 840 and V840 systems (CVE-2014-0075 and CVE-2014-0099)

Summary Apache Tomcat is used by IBM FlashSystem 840 and V840 systems. Apache Tomcat has two vulnerabilities which an attacker could exploit. One vulnerability could be exploited to deny access to the system’s Graphical User Interface GUI administrative interface. An attacker could exploit a seco...

5CVSS8.7AI score0.2006EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 1:45 p.m.54 views

Security Bulletin: Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks (CVE-2018-25031)

Summary Swagger-ui as used by IBM QRadar Advisor With Watson App is vulnerable to spoofing attacks. IBM has addressed the relevant vulnerability. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...

4.3CVSS5.1AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/08 4:6 p.m.54 views

Security Bulletin: Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution.

Summary Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service,...

8.1CVSS9AI score0.02241EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 8:4 p.m.55 views

Security Bulletin: Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701

Summary There is a vulnerability in Microsoft .NET Core and Visual Studio that could allow an attacker to execute arbitrary code on the system The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.8CVSS8.2AI score0.30315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/26 5:1 p.m.54 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow a local authenticated attacker to obtain sensitive information,...

9.8CVSS10AI score0.91354EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/19 1:58 p.m.54 views

Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)

Summary IBM MQ Explorer is vulnerable to an XML External Entity Injection XXE attack due to improper XML validation in the import Wizard. Vulnerability Details CVEID:CVE-2022-22489 DESCRIPTION: IBM MQ is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote...

9.1CVSS8.8AI score0.0141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 4:25 p.m.54 views

Security Bulletin: Security Vulnerability found in zlib fixed in the zlib version shipped with IBM Security Verify for Gateway (RADIUS & WinLogin) and for Bridge (DirSync)

Summary The security vulnerabilityheap-based buffer overflow found in zlib was fixed in the following products: IBM Security Verify Gateway for RADIUS v1.0.8, IBM Security Verify Gateway for Windows Login v1.0.9 and IBM Security Verify Bridge for Directory Sync v1.0.10 Vulnerability Details...

9.8CVSS10AI score0.1593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 11:41 p.m.54 views

Security Bulletin: IBM Content Navigator is vulnerable to a Denial of Service attack due to Xstream (CVE-2022-40151, CVE-2022-40152, CVE-2022-40153)

Summary Xstream is used by IBM Content Navigator as part of the CMIS connector. CVE-2022-40151, CVE-2022-40152, CVE-2022-40153. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...

7.5CVSS7.1AI score0.19653EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 11:45 p.m.54 views

Security Bulletin: This Power System update is being released to address multiple CVEs for vTPM1.2

Summary This update addresses multiple CVEs that impacts any VM configured with a virtual trusted platform module vTPM version 1.2 Vulnerability Details CVEID:CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive...

7.5CVSS6.7AI score0.70561EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/02 2:21 a.m.54 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

7.5CVSS7.8AI score0.19433EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/29 7:1 a.m.54 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2022-42932, CVE-2022-40956, CVE-2022-42928, CVE-2022-42929, CVE-2022-42927, CVE-2022-40962, CVE-2022-40958, CVE-2022-40960, CVE-2022-40957, CVE-2022-40959 Vulnerability Details CVEID:CVE-2022-42932 DESCRIPTION:...

8.8CVSS9.2AI score0.01342EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/14 2:13 p.m.54 views

Security Bulletin: Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus

Summary There are multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus CVE-2022-32223, CVE-2022-32213, CVE-2022-32212, CVE-2022-2097,CVE-2022-32214, CVE-2022-32215. The resolving fix includes node js 14.20.0 and openSSL 1.1.1q...

8.1CVSS8.6AI score0.77766EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/07 4:9 p.m.54 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service due to CVE-2017-15412 and CVE-2016-5131

Summary libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the base operating system packages. IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information...

8.8CVSS7.8AI score0.02963EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 4:2 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2020-10735 DESCRIPTION: Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int type in PyLongFromString. A remo...

8.1CVSS8.3AI score0.08325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 7:54 p.m.54 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to server-side forgery requests due to Kubernetes kube-apiserver (CVE-2022-3172)

Summary Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-3172 Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing a...

8.2CVSS6AI score0.02464EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/10 6:20 a.m.54 views

Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]

Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS9.6AI score0.99999EPSS
Exploits351Affected Software1
Total number of security vulnerabilities5000