Lucene search
K
IbmMost viewed

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/26 5:1 p.m.54 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2020-17521 DESCRIPTION: Apache Groovy could allow a local authenticated attacker to obtain sensitive information,...

9.8CVSS10AI score0.91354EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/19 1:58 p.m.54 views

Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)

Summary IBM MQ Explorer is vulnerable to an XML External Entity Injection XXE attack due to improper XML validation in the import Wizard. Vulnerability Details CVEID:CVE-2022-22489 DESCRIPTION: IBM MQ is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote...

9.1CVSS8.8AI score0.0141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 4:25 p.m.54 views

Security Bulletin: Security Vulnerability found in zlib fixed in the zlib version shipped with IBM Security Verify for Gateway (RADIUS & WinLogin) and for Bridge (DirSync)

Summary The security vulnerabilityheap-based buffer overflow found in zlib was fixed in the following products: IBM Security Verify Gateway for RADIUS v1.0.8, IBM Security Verify Gateway for Windows Login v1.0.9 and IBM Security Verify Bridge for Directory Sync v1.0.10 Vulnerability Details...

9.8CVSS10AI score0.1593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 11:41 p.m.54 views

Security Bulletin: IBM Content Navigator is vulnerable to a Denial of Service attack due to Xstream (CVE-2022-40151, CVE-2022-40152, CVE-2022-40153)

Summary Xstream is used by IBM Content Navigator as part of the CMIS connector. CVE-2022-40151, CVE-2022-40152, CVE-2022-40153. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...

7.5CVSS7.1AI score0.19653EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 11:45 p.m.54 views

Security Bulletin: This Power System update is being released to address multiple CVEs for vTPM1.2

Summary This update addresses multiple CVEs that impacts any VM configured with a virtual trusted platform module vTPM version 1.2 Vulnerability Details CVEID:CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive...

7.5CVSS6.7AI score0.70561EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/02 2:21 a.m.54 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

7.5CVSS7.8AI score0.19433EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/29 7:1 a.m.54 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2022-42932, CVE-2022-40956, CVE-2022-42928, CVE-2022-42929, CVE-2022-42927, CVE-2022-40962, CVE-2022-40958, CVE-2022-40960, CVE-2022-40957, CVE-2022-40959 Vulnerability Details CVEID:CVE-2022-42932 DESCRIPTION:...

8.8CVSS9.2AI score0.01342EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/14 2:13 p.m.54 views

Security Bulletin: Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus

Summary There are multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus CVE-2022-32223, CVE-2022-32213, CVE-2022-32212, CVE-2022-2097,CVE-2022-32214, CVE-2022-32215. The resolving fix includes node js 14.20.0 and openSSL 1.1.1q...

8.1CVSS8.6AI score0.77766EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/07 4:9 p.m.54 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service due to CVE-2017-15412 and CVE-2016-5131

Summary libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the base operating system packages. IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information...

8.8CVSS7.8AI score0.02963EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 4:2 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2020-10735 DESCRIPTION: Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int type in PyLongFromString. A remo...

8.1CVSS8.3AI score0.08325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 7:54 p.m.54 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to server-side forgery requests due to Kubernetes kube-apiserver (CVE-2022-3172)

Summary Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-3172 Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing a...

8.2CVSS6AI score0.02464EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/10 6:20 a.m.54 views

Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]

Summary There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE. CVE-2021-44228 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

10CVSS9.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.54 views

Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

Abstract IBM Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013:1140|...

10CVSS8.8AI score0.40118EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo...

9.6CVSS7.8AI score0.04885EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/25 1:57 a.m.54 views

Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2022-27782 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an easy connection reuse flaw for TLS and SSH. ...

8.1CVSS9.1AI score0.11586EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/10 2:20 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2022) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2022. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified...

5.3CVSS5.8AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 7:34 p.m.54 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...

5.3CVSS6.5AI score0.01855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 12:2 p.m.54 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-0778, CVE-2022-1292)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in th...

10CVSS9.7AI score0.83223EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 2:4 p.m.54 views

Security Bulletin: IBM Rational Build Forge is affected by Apache Http Server version used in it. (CVE-2022-22719)

Summary IBM Rational Build Forge is affected by the CVE-2022-22719 Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a random memory area, a remote attacker could exploit this...

7.5CVSS0.8AI score0.69803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 6:11 a.m.54 views

Security Bulletin: OpenSSL vulnerability affects App Connect professional v7.5.4.

Summary OpenSSL vulnerability is addressed in ACP v7.5.5.0, customer can migrate to this version without incurring any additional cost. Vulnerability Details CVEID: CVE-2022-1292 DESCRIPTION: OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused b...

10CVSS1.5AI score0.83223EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 5:17 a.m.54 views

Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...

9.8CVSS9.4AI score0.99677EPSS
Exploits104Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.54 views

Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2020-4590 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of...

6.5CVSS1.5AI score0.02294EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/12 3:40 p.m.54 views

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-44142 DESCRIPTION: Samba could allow a remote authenticated attacker to execute...

9CVSS7.6AI score0.74042EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/09 11:57 a.m.54 views

Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...

9.8CVSS2.3AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 7:42 p.m.54 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-37713)

Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by insufficient logic on Windows systems when extracting tar files that...

8.6CVSS0.9AI score0.01263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.54 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Global Name Management (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary WebSphere Application Server is shipped as a component of Global Name Management. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Multiple vulnerabilities in IB...

5.9CVSS6.4AI score0.05453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/13 4:29 p.m.54 views

Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint are vulnerable to exposing sensitive information (CVE-2022-22391)

Summary IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to 4.3.2 may be vulnerable to the exposure of sensitive information CVE-2022-22391 by allowing authenticated users to obtain information they should not be able to access. Vulnerability Details...

4.3CVSS1.5AI score0.00676EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 10:43 p.m.54 views

Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)

Summary When added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. Vulnerability Details CVEID: CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable t...

9.8CVSS9.4AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/15 2:50 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of t...

7.1CVSS5.9AI score0.06886EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/04 7:18 p.m.54 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server

Summary IBM HTTP Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825, CVE-2021-46143,...

9.8CVSS6.8AI score0.04829EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 11:5 p.m.54 views

Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)

Summary There is a vulnerability in the AIX audit user commands. Vulnerability Details CVEID:CVE-2021-38955 DESCRIPTION: IBM AIX could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. CVSS Base score: 4.4 CVSS...

4.4CVSS5.7AI score0.00211EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.54 views

Security Bulletin: Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System

Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Intrusion Prevention System. Vulnerability...

5CVSS9.1AI score0.17942EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:50 p.m.54 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Storage Productivity Center (CVE-2015-1927)

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Storage Productivity Center. Information about a security vulnerability CVE-2015-1927 affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-1927...

6.8CVSS7.8AI score0.02144EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 11:50 a.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...

9.8CVSS7.1AI score0.06886EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 5:4 p.m.54 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Multiple vulnerabilities in the Apache Log4j CVE-2021-45105 and CVE-2021-45046 open source library used by IBM OpenPages for IBM Cloud Pak for Data's logging framework. The fix includes Apache Log4j 12.17.1. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerabl...

10CVSS7.7AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 6:10 p.m.54 views

Security Bulletin: Vulnerability inApache Log4j - CVE-2021-45046 may affect IBM Watson Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability inApache Log4j - CVE-2021-45046 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to detai...

10CVSS0.8AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 11:21 p.m.54 views

Security Bulletin: Cloud Pak for Security is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Cloud Pak for Security CP4S is vulnerable to denial of service and arbitrary code execution CVE-2021-45105, CVE-2021-45046, through the use of Apache Log4j's JNDI logging feature in CP4S Risk Manager component and SOAR component using Elastic Search. The vulnerabilities have been addresse...

10CVSS0.1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 2:19 p.m.54 views

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect for Space Management (CVE-2021-44832)

Summary A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect for Space Management includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix packages include Apache Log4j 2.17.1. Vulnerability Details...

8.5CVSS1.7AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/30 6:26 p.m.54 views

Security Bulletin: IBM Data Model for Energy and Utilities is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library is used by IBM Data Model for Energy and Utilities. This affects the Industry Models - Glossary Tools optional component. The fix includes Apache Log4j v2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 4:2 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in Java Runtime affects IBM SPSS Statistics Subscription

Summary Multiple vulnerabilities in Java Runtime Environment Version 8.0 used by IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JS...

9.8CVSS6.1AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 3:17 p.m.54 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

7.5CVSS1.4AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 4:20 a.m.54 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID: CVE-2020-35522 DESCRIPTION: libtiff is vulnerable to a denial of service, caused by a memory malloc failure in tifpixarlog.c. By persuading a victim to open a...

7.8CVSS7.9AI score0.01922EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/14 4:15 p.m.54 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...

10CVSS9.1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/13 1:53 p.m.54 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary There is a security advisory for openSSL1.1.1k which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...

9.8CVSS9AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/08 5:2 p.m.54 views

Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-2341)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: A...

4.3CVSS5.6AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/10 3:2 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.20, used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java ...

7.5CVSS2AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/25 4:30 p.m.54 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager

Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IIBM SDK, Java Technology Edition has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...

4.3CVSS2.7AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/14 9:21 p.m.54 views

Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson 11.2.1 Vulnerability Details CVEID: CVE-2017-12620 DESCRIPTION: Apache OpenNLP could allow a remote attacker to obtain sensitive information, caused by an XXE attack when loading models or dictionaries that...

9.8CVSS10.6AI score0.48019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/13 1:39 a.m.54 views

Security Bulletin: TS4500 is affected by CVE-2021-25217

Summary TS4500 is affected by CVE-2021-25217 if the product is configured for DHCP. Vulnerability Details CVEID: CVE-2021-25217 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by a buffer overrun in program code used to read and parse stored leases. A remote attacker from withi...

7.4CVSS0.2AI score0.06118EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 4:45 p.m.54 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2021-29967,CVEID: CVE-2021-29964,CVEID: CVE-2021-29985,CVEID: CVE-2021-29970,CVEID: CVE-2021-29984,CVEID: CVE-2021-24002,CVEID: CVE-2021-29946,CVEID: CVE-2021-23995,CVEID: CVE-2021-23994,CVEID:...

8.8CVSS3.3AI score0.04028EPSS
Exploits7Affected Software1
Total number of security vulnerabilities5000