Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:39 p.m.54 views

Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a Denial of Service attack, and Sensitive Information Exposure. (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)

Summary OpenSSL vulnerabilities announced 12-3-15 this will also cover Node.js which consumes OpenSSL Vulnerability Details CVE-ID: CVE-2015-3194 Description: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when verifying certificates via a malformed routine. An...

7.5CVSS1.4AI score0.44016EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:26 p.m.54 views

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM InfoSphere Guardium

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM InfoSphere Guardium. IBM InfoSphere Guardium has addressed the applicable...

7.5CVSS1.3AI score0.9986EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:10 p.m.54 views

Security Bulletin: Multiple vulnerabilities addressed in the IBM Emptoris Sourcing product (CVE-2017-1447, CVE-2017-1449, CVE-2017-1450, CVE-2017-1444)

Summary The security bulletin includes multiple vulnerabilities found and addressed in IBM Emptoris Sourcing across various versions of the product. Vulnerability Details CVEID: CVE-2017-1447 DESCRIPTION: IBM Emptoris Sourcing is vulnerable to cross-site scripting. This vulnerability allows users...

6.1CVSS5.8AI score0.008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:3 p.m.54 views

Security Bulletin: Multiple vulnerabilities in PHP and memcached libraries affect IBM Tealeaf Customer Experience

Summary The IBM Tealeaf Customer Experience PCA component uses versions of PHP and memcached with reported security issues. Vulnerability Details CVEID: CVE-2013-0179 DESCRIPTION: memcached is vulnerable to a denial of service, caused by an error in the processbindelete function within memcached....

10CVSS8.5AI score0.10997EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:19 p.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: An...

9.6CVSS0.7AI score0.16181EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:9 p.m.54 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0799 DESCRIPTION: OpenSSL could allow a remote...

10CVSS0.6AI score0.53655EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:44 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Controller. IBM Cognos Controller has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2105 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow,...

10CVSS1.3AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:36 p.m.55 views

Security Bulletin: Vulnerabilities in OpenSSL affect Cognos Insight (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by Cognos Insight. Cognos Insight has addressed the applicable CVEs. Vulnerability Details...

4.3CVSS1.1AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.54 views

Security Bulletin: Security vulnerability in OpenSSL (CVE-2017-3736)

Summary A potential vulnerability has been reported by the OpenSSL project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

6.5CVSS6.8AI score0.10133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.54 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle January 2018 Critical Patch Update, plus one additional vulnerability Vulnerability Details CVE IDs: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603...

8.3CVSS1AI score0.07525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.54 views

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2016-0736 CVE-2016-2161 CVE-2016-8743)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypt...

7.5CVSS0.7AI score0.49024EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.54 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7 that is used by IBM Integration Designer IID and WebSphere Integration Developer WID. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses...

5CVSS6.7AI score0.67234EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.54 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Message Broker shipped with IBM WebSphere Remote Server (CVE-2014-3566 and CVE-ID: CVE-2014-3568)

Summary IBM WebSphere Message Broker is shipped as a component of IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Message Broker has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM WebSphere...

4.3CVSS6.4AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.53 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand,

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 ... "Business Unit":"code":"BU059","label":"IBM...

9.8CVSS7.7AI score0.63029EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.53 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream,

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 ... "Business...

9.8CVSS7.5AI score0.63029EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/20 5:59 p.m.53 views

Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics

Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...

7.8CVSS6.4AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 7:23 a.m.53 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002. Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time...

9.8CVSS9.5AI score0.03153EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:27 a.m.53 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to Cross-Site Scripting (CVE-2022-34330)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2022-34330 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code i...

6.1CVSS5.9AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 10:21 a.m.53 views

Security Bulletin: Vulnerabilities in JetBrains Kotlin affects watsonx.data

Summary jetBrains Kotlin is vulnerable to sensitive data disclosure and to weaker than expected security. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: JetBrains Kotlin could allow a local authenticated attacker to obtain sensitive information, caused by...

5.3CVSS5.9AI score0.02572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/17 9:14 a.m.53 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 287 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

8.7CVSS7.7AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/14 12:3 p.m.53 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-45802) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45802 DESCRIPTION: When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources...

5.9CVSS7.2AI score0.03024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 10:37 a.m.53 views

Security Bulletin: Multiple Vulnerabilities in http-server affect Cloud Pak System

Summary Multiple Vulnerabilities in http-server affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution encoding issue in modrewrite. By sending a specially...

9.8CVSS8.4AI score0.99957EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 4:3 p.m.53 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by a arbitrary code execution in OpenSSH server [CVE-2024-6387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by arbitrary code execution in OpenSSH server, caused by a signal handler race condition CVE-2024-6387. Open SSH is a component of a glibc library that is included in our Speech Service Runtimes, but not actively...

8.1CVSS8.4AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/16 8:12 a.m.53 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed mutiple CVEs. Vulnerability Details CVEID:CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...

6.5CVSS6.8AI score0.04459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:24 a.m.53 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control

Summary Node.js is vulnerable to remote attacker to obtain sensitive information, denial of service, HTTP request smuggling and allow a local authenticated attacker to gain elevated privileges on the system. These vulnerabilities affect IBM Spectrum Control. CVE-2024-27983, CVE-2024-22019,...

8.2CVSS9AI score0.87211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/21 3:45 p.m.53 views

Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System

Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...

8.8CVSS9AI score0.04322EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 8:47 p.m.53 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details CVEID:CVE-2024-37532 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS Tempora...

8.8CVSS8.3AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 11:59 a.m.53 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticate...

7.5CVSS8AI score0.01421EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/24 2:17 p.m.53 views

Security Bulletin: Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing...

8.6CVSS8.7AI score0.36081EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 8:36 a.m.53 views

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775)

Summary The Jose4j library is vulnerable to a denial of service, caused by improper input validation. It could also allow a remote attacker to obtain sensitive information using cryptographic attacks. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to...

7.5CVSS7.8AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:55 p.m.53 views

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerab...

8.1CVSS7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/26 2:47 p.m.53 views

Security Bulletin: IBM MQ Appliance is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2024-20952 and CVE-2023-33850)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped in IBM MQ Appliance. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...

7.5CVSS7.5AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 3:56 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

7.3CVSS6.8AI score0.03914EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 1:12 p.m.53 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.26 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a...

7.5CVSS9.2AI score0.70595EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 10:45 a.m.53 views

Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining WS-2023-0429

Summary There is a vulnerability in Enterprise Security API for Java that could allow an remote attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...

7.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:12 p.m.53 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...

9.8CVSS9.2AI score0.04561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 5:25 p.m.53 views

Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a special...

7.5CVSS7.8AI score0.23072EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:52 p.m.53 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 267 Vulnerability Details CVEID:CVE-2024-20919 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause hi...

7.5CVSS8.3AI score0.00857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 2:29 p.m.53 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642

Summary snappy-java is used by the IBM Datapower Operations Dashboard as a compressor/decompressor for Java Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/28 5:18 p.m.53 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store...

8.7CVSS9.7AI score0.76875EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 7:37 p.m.53 views

Security Bulletin: IBM Copy Services manager is affected by IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676

Summary IBM Copy Services Manager is affected by All applicable Java SE CVEs published by Oracle as part of their October 2023 Critical Patch Update plus CVE-2023-5676. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.9CVSS6.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 2:15 p.m.53 views

Security Bulletin: App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.8CVSS9.5AI score0.03869EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 9:51 p.m.53 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to multiple Eclipse Jetty vulnerabilities (CVE-2023-36478, CVE-2023-44487)

Summary IBM UrbanCode Deploy UCD is susceptible to multiple Eclipse Jetty denial of service vulnerabilities. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize...

7.5CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/08 8:43 a.m.53 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)

Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the Kubernetes API server that may allow a denial of service attack from unauthenticated clients CVE-2023-39325 and CVE-2023-44487. Vulnerability Details CVEID: CVE-2023-39325 Description: A malicious HTTP/2 client...

7.5CVSS8.1AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in OpenSSL (CVE-2019-1559)

Summary IBM Flex System switch firmware products have addressed the following OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after t...

5.9CVSS0.7AI score0.17139EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977)

Summary The following vulnerabilities in PHP have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2019-6978 DESCRIPTION: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c...

9.8CVSS0.7AI score0.65116EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0732)

Summary IBM Flex System switch firmware products have addressed the following vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server durin...

7.5CVSS0.4AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0737)

Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server durin...

7.5CVSS1AI score0.49268EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 2:7 p.m.53 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. ...

7.5CVSS8.4AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/07 11:23 p.m.53 views

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686).

Summary IBM i is vulnerable to a local privilege escalation due to flaws in a Management Central as described in the vulnerability details section. The vulnerabilities exist even when Management Central is not being used for systems management tasks. IBM i has addressed the vulnerabilities with...

7.8CVSS7.2AI score0.0015EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000