Lucene search
K
IbmMost viewed

35680 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 4:2 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in Java Runtime affects IBM SPSS Statistics Subscription

Summary Multiple vulnerabilities in Java Runtime Environment Version 8.0 used by IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JS...

9.8CVSS6.1AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 3:17 p.m.54 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

7.5CVSS1.4AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 4:20 a.m.54 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID: CVE-2020-35522 DESCRIPTION: libtiff is vulnerable to a denial of service, caused by a memory malloc failure in tifpixarlog.c. By persuading a victim to open a...

7.8CVSS7.9AI score0.01922EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/14 4:15 p.m.54 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...

10CVSS9.1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/13 1:53 p.m.54 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary There is a security advisory for openSSL1.1.1k which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...

9.8CVSS9AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/08 5:2 p.m.54 views

Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-2341)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: A...

4.3CVSS5.6AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/10 3:2 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.20, used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java ...

7.5CVSS2AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/25 4:30 p.m.54 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Federated Identity Manager

Summary IBM SDK, Java Technology Edition is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IIBM SDK, Java Technology Edition has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...

4.3CVSS2.7AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/14 9:21 p.m.54 views

Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson 11.2.1 Vulnerability Details CVEID: CVE-2017-12620 DESCRIPTION: Apache OpenNLP could allow a remote attacker to obtain sensitive information, caused by an XXE attack when loading models or dictionaries that...

9.8CVSS10.6AI score0.48019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/13 1:39 a.m.54 views

Security Bulletin: TS4500 is affected by CVE-2021-25217

Summary TS4500 is affected by CVE-2021-25217 if the product is configured for DHCP. Vulnerability Details CVEID: CVE-2021-25217 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by a buffer overrun in program code used to read and parse stored leases. A remote attacker from withi...

7.4CVSS0.2AI score0.06118EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 4:45 p.m.54 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVEID: CVE-2021-29967,CVEID: CVE-2021-29964,CVEID: CVE-2021-29985,CVEID: CVE-2021-29970,CVEID: CVE-2021-29984,CVEID: CVE-2021-24002,CVEID: CVE-2021-29946,CVEID: CVE-2021-23995,CVEID: CVE-2021-23994,CVEID:...

8.8CVSS3.3AI score0.04028EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 5:5 a.m.54 views

Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management

Summary OpenSSL is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain ...

5.9CVSS5.8AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.54 views

Security Bulletin: Vulnerabilities in autofs affect Power Hardware Management Console (CVE-2014-8169)

Summary autofs is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-8169 DESCRIPTION: Red Hat autofs could allow a local attacker to gain elevated privileges on the system, caused by an error when an interpreted language is...

4.4CVSS5.9AI score0.00335EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/17 6:19 p.m.54 views

Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-11022, CVE-2020-11023).

Summary IBM Aspera Webapps are vulnerable to cross-site scripting. See vulnerability details for more information. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A...

6.9CVSS0.8AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 6:10 p.m.54 views

Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager

Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...

7.4CVSS7.2AI score0.02037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 4:30 a.m.54 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)

Summary App Connect Enterprise Certified Container may be vulnerable to a ReDoS regular expression denial of service flaw when processing URLs due to vulnerability CVE-2021-33502 Vulnerability Details CVEID: CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of...

7.5CVSS1.1AI score0.01705EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/14 6:41 p.m.54 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary There is a security advisory for openSSL1.1.1g which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in...

7.5CVSS1.6AI score0.62906EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/28 3:35 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-26691 DESCRIPTION: Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

9.8CVSS0.9AI score0.68067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/25 4:46 p.m.54 views

Security Bulletin: A Vulnerability in OpenSSH and Multiple Vulnerabilities in OpenSSL affect IBM GPFS V3.5 for Windows

Summary OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used ...

8.2CVSS1AI score0.89058EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/17 7:3 p.m.54 views

Security Bulletin: BIND for IBM i is affected by CVE-2021-25214 and CVE-2021-25215

Summary BIND is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-25214 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a broken inbound incremental zone update IXFR. By sending a specially crafted IXFR, an attacker could exploit...

7.5CVSS7.2AI score0.11296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.54 views

Security Bulletin: IBM DataPower Gateway has released a fixpack in response to the vulnerability known as Spectre.

Summary IBM has released the following fixpack for IBM DataPower Gateways in response to CVE-2017-5753. Vulnerability Details CVEID: CVE-2017-5753 Affected Products and Versions IBM DataPower Gateways appliances, versions 7.1.0.0-7.1.0.21, 7.2.0.0-7.2.0.18, 7.5.0.0-7.5.0.12, 7.5.1.0-7.5.1.11,...

5.6CVSS1.3AI score0.93838EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.54 views

Security Bulletin: Multiple vulnerabilities in SSL affect IBM DataPower Gateways

Summary SSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA privat...

10CVSS2.4AI score0.53655EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:47 p.m.54 views

Security Bulletin: Multiple vulnerabilities may affect JRE in IBM DataPower Gateway

Summary IBM has addressed the relevant CVEs Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using...

9.8CVSS2AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/21 4:58 a.m.54 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

0.8AI score0.19312EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.54 views

Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

Summary IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. Vulnerability Details CVEID: CVE-2019-2756 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technolo...

7.5CVSS1.1AI score0.01264EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/20 6:50 a.m.54 views

Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2019-17558)

Summary Apache Solr is vulnerable to Remote Code Execution. This has been addressed. Vulnerability Details CVEID: CVE-2019-17558 DESCRIPTION: Apache Solr could allow a remote attacker to execute arbitrary code on the system. By providing a Velocity template through the VelocityResponseWriter, an...

7.5CVSS2.2AI score0.98567EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/26 2:8 p.m.54 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-14782

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ is supported by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

4.3CVSS1AI score0.02245EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/02 9:40 a.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (March 2021)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6/7 used by ITCAM for SOA. ITCAM for SOA has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component...

5.8CVSS3.3AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/04 2:36 p.m.54 views

Security Bulletin: Vulnerability in PCRE affects IBM Netezza SQL Extensions Toolkit

Summary PCRE is used by IBM Netezza SQL Extensions Toolkit. IBM Netezza SQL Extensions Toolkit has addressed the applicable CVE by upgrading PCRE to latest version 8.44. Vulnerability Details CVEID: CVE-2020-14155 DESCRIPTION: PCRE could allow a remote attacker to execute arbitrary code on the...

5.3CVSS1.8AI score0.04182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/12 5:22 p.m.54 views

Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.7 and V5.1.0.8

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Application Discovery and Delivery Intelligence V5.1.0.7 and V5.1.0.8 respectively. These issues were disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability...

4.3CVSS1.4AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/19 4:7 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway These issues were disclosed as part of the IBM Java SDK updates in Month, Year. Vulnerability Details CVEID: CVE-2020-14556 DESCRIPTION: An unspecified vulnerability in Java SE relate...

8.3CVSS1.7AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/04 4:18 p.m.54 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. This were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in...

5.3CVSS2.6AI score0.04948EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.54 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Express for Unix (CVE-2016-2842).

Summary This bulletin addresses CVE-2016-2842 for IBM Sterling Connect:Express for Unix. Vulnerability Details OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Express for Unix. IBM Sterling Connect:Express for Unix addressed...

10CVSS0.7AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 5:7 p.m.54 views

Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed multiple security vulnerabilities in jackson-databind Vulnerability Details CVEID: CVE-2019-17267 DESCRIPTION: FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the...

10CVSS1.4AI score0.12679EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.54 views

Security Bulletin: Nss-util vulnerabilities affect IBM SmartCloud Entry( CVE-2016-1950 )

Summary IBM SmartCloud Entry is vulnerable to a nss-tuil vulnerability, attackers could exploit it to cause the application to crash. Vulnerability Details CVEID: CVE-2016-1950 DESCRIPTION: Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when the...

8.8CVSS1.7AI score0.04192EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/18 11:17 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere BigInsights (Applicable CVEs: CVE-2015-7575, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475)

Summary Security vulnerabilities have been identified in IBM SDK Java™ Technology Edition shipped with IBM InfoSphere BigInsights. Information about security vulnerabilities affecting IBM SDK Java has been published in a security bulletin. There are multiple vulnerabilities in IBM® SDK Java™...

5.9CVSS0.5AI score0.05453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/26 12:19 p.m.54 views

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Summary WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker...

7.8CVSS0.9AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 4:13 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take...

8.1CVSS2.1AI score0.04903EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/11 7:10 a.m.54 views

Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.50 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2019-12418 and CVE-2019-17563 in Apache Tomcat. Vulnerability Details CVEID: CVE-2019-12418 DESCRIPTION: Apache Tomcat coul...

7.5CVSS0.8AI score0.10687EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/09 3:46 p.m.54 views

Security Bulletin: OpenSSH as used by IBM QRadar SIEM is vulnerable to information exposure (CVE-2018-15473)

Summary OpenSSH as used by IBM QRadar SIEM is vulnerable to information exposure Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containi...

5.3CVSS0.7AI score0.98631EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/03 9:21 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in Liberty affect IBM WIoTP MessageGateway

Summary There are multiple vulnerabilities in IBM WebSphere Liberty that affect IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream...

7.8CVSS0.8AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/19 4:54 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool/OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack...

5.4CVSS1.7AI score0.67234EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.54 views

Security Bulletin: Vulnerabilities CVE-2018-0732 and CVE-2018-0737 in OpenSSL affect IBM i

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS...

7.5CVSS1AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 5:30 p.m.54 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in libexpat (CVE-2019-15903)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber...

7.5CVSS0.8AI score0.06643EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/24 9:43 p.m.54 views

Security Bulletin: Multiple vulnerabilities in Cloud Pak System

Summary There are vulnerabilities in Cloud Pak System previously known as PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2019-4096 DESCRIPTION: IBM Pure Application System uses a...

9.3CVSS1.2AI score0.9923EPSS
Exploits55Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/22 4:17 a.m.54 views

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...

5.9CVSS1.7AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:36 a.m.54 views

Security Bulletin: Open Source Libvorbis, Patch and Python-paramiko vulnerabilities affect IBM Netezza Host Management

Summary Open Source Libvorbis Patch and Python-paramiko is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-7750 DESCRIPTION: Paramiko could allow a remote attacker to bypass security restrictions, caused by...

9.8CVSS1.5AI score0.27065EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/16 9:0 a.m.54 views

Security Bulletin: Synthetic Playback Agent 8.1.4 is affected by multiple vulnerabilities

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-ID: CVE-2019-11710 CVE-ID: CVE-2019-11721 CVE-ID: CVE-2019-11711 CVE-ID: CVE-2019-11730 CVE-ID: CVE-2019-11720 CVE-ID: CVE-2019-11714 CVE-ID: CVE-2019-11725 CVE-ID: CVE-2019-11715 CVE-ID: CVE-2019-11712 CVE-ID:...

9.8CVSS1.8AI score0.20271EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/11 5:35 p.m.54 views

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-zb

Summary AT&T has released versions 1801-zb for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...

7.8CVSS0.7AI score0.97549EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/13 7:20 p.m.54 views

Security Bulletin: Multiple vulnerabilities in glibc affect IBM MQ Appliance

Summary Vulnerabilities in glibc affect the IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-8778 DESCRIPTION: GNU C Library glibc could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in...

9.8CVSS1.3AI score0.05966EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000