Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/05 3:8 p.m.124 views

Security Bulletin: There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-44487)

Summary There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in t...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/16 2:50 p.m.124 views

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure

Summary IBM QRadar Suite software is vulnerable to information exposure through log files. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...

5.5CVSS5.1AI score0.00195EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:19 p.m.124 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP request splitting attacks due to an error using modproxy as described in the vulnerability details section. IBM i has addressed the vulnerability by providing a fix to the Apache HTTP Server implementation as described in t...

9.8CVSS9.3AI score0.8377EPSS
Exploits5Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.124 views

Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in HTTPD. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in HTTPD. Vulnerability Details CVEID: CVE-2017-3167 Description:...

9.8CVSS9.6AI score0.57472EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 10:44 a.m.124 views

Security Bulletin: Vulnerability in Zlib affects IBM Integrated Analytics System [CVE-2018-25032]

Summary Redhat provided Zlib is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2018-25032 Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate...

7.5CVSS7.8AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:26 a.m.124 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.3

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.5.5.3, IBM WebSphere Application Server Hypervisor 8.5.5.3 and IBM HTTP Server 8.5.5.3. Vulnerability Details CVE ID:CVE-2014-3022 APAR PI09594 DESCRIPTION: WebSphere Application Server allows for...

7.1CVSS7.1AI score0.25999EPSS
Exploits3Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 2:54 p.m.124 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Watson Discovery for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR i...

9.8CVSS1.2AI score0.99939EPSS
Exploits132Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 3:25 a.m.124 views

Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2021-45046 impact IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. The fix addresses the vulnerabilities by removing Apache Log4j. Vulnerability Details Refer to the security bulleti...

9CVSS2.3AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/08 7:39 p.m.124 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite - July 2021 CPU

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Security Directory Suite. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to...

7.5CVSS6.5AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/10 12:57 p.m.124 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC

Summary Log4j is used by IBM Power Hardware Management Console HMC for logging system/application events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading IBM Power Hardware Management Console HMC respective PTF and thus addressing the exposu...

10CVSS0.8AI score0.99999EPSS
Exploits351Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/07 7:3 p.m.124 views

Security Bulletin: Apache Log4j vulnerability affects IBM Secure External Authentication Server (CVE-2021-4104)

Summary IBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-44832. The fix upgrades all Apache Log4j 1.x to Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

10CVSS1.4AI score0.99999EPSS
Exploits358Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 2:4 a.m.124 views

Security Bulletin: Vulnerability in Apache Log4j affects Collaboration and Deployment Services (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library which is used by Collaboration and Deployment Services for logging of messages and traces. This issue has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to...

10CVSS0.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/03 6:41 p.m.124 views

Security Bulletin: Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities

Summary Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2020-12362 DESCRIPTION: Intel Graphics Drivers could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the firmware. An...

8.8CVSS8.5AI score0.01377EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/18 4:26 p.m.123 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2023-3341)

Summary A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2023-3341 AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2023-3341 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a stack exhaustion flaw in...

7.5CVSS7.7AI score0.02626EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 7:2 p.m.123 views

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2023-29469 and CVE-2023-28484)

Summary Vulnerabilities in libxml2 could allow a remote attacker to cause a denial of service CVE-2023-29469 and CVE-2023-28484. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2023-29469 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, cause...

6.5CVSS6.9AI score0.01086EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 7:12 p.m.123 views

Security Bulletin: AIX is vulnerable to denial of service due to zlib (CVE-2022-37434)

Summary A vulnerability in zlib and zlibNX could allow a remote attacker to cause a denial of service CVE-2022-37434. AIX uses zlib and zlibNX as part of its data compression functions. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow,...

9.8CVSS10AI score0.1593EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/16 3:59 p.m.123 views

Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

Summary Multiple Vulnerabilities have been found in Node.js used by the Common UI in Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-23382 DESCRIPTION: Node.js postcss module is vulnerable to a denial of service, caused by a regular...

9.8CVSS9.5AI score0.69062EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 2:47 p.m.123 views

Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23773

Summary Operations Dashboard is vulnerable to Go CVE-2022-23773 with details below Vulnerability Details CVEID: CVE-2022-23773 DESCRIPTION: An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. CVSS...

7.5CVSS0.9AI score0.02698EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 5:25 a.m.123 views

Security Bulletin: Vulnerability in Apache Log4j2 affects IBM Spectrum LSF. (CVE-2021-44228)

Summary There is a vulnerability in Log4j2 used by IBM Spectrum LSF. IBM Spectrum LSF have addressed the applicable CVE. LSF is only vulnerable if resource connector is enabled. Customers are encouraged to take action by executing the mitigation steps. Vulnerability Details CVEID: CVE-2021-44228...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:27 p.m.123 views

Security Bulletin: IBM Cognos Controller 10.4.2 IF15: Apache log4j Vulnerability (CVE-2021-44228)

Summary IBM Cognos Controller is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-44228 vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTIO...

10CVSS1.5AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/14 7:15 p.m.123 views

Security Bulletin: Aspera HSTS, HSTE and Desktop Client application is affected by openSSL vulnerabilities (CVE-2017-3735)

Summary Aspera High-Speed Transfer Server formerly known as Enterprise Server and Connect Server, High-Speed Transfer Endpoint formerly known as Point-to-Point Client and Desktop Client application have addressed the following openSSL vulnerabilities. Vulnerability Details CVEID: CVE-2017-3735...

5.3CVSS1.6AI score0.17699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:3 a.m.123 views

Security Bulletin: Vulnerability in Diffie-Hellman cipher affects Rational Insight (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Jazz Team Server and Cognos Business Intelligence Cognos BI shipped with Rational Insight. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker ...

4.3CVSS0.4AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:39 a.m.122 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass...

7.5CVSS9.6AI score0.0325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/27 2:4 a.m.122 views

Security Bulletin: Vulnerability in libXpm (CVE-2022-4883, CVE-2022-44617 and CVE-2022-46285) affects Power HMC

Summary LibXpm has vulnerabilities and is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4883 DESCRIPTION: libXpm could allow a remote attacker to execute arbitrary code on the system, caused by compression commands depen...

8.8CVSS9.1AI score0.01273EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.122 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by Apache Log4j vulnerability (CVE-2021-44228)

Summary Log4j is used by IBM Cloud Transformation Advisor for generating logs in some components and tools. This bulletin provides a remediation for the reported CVE-2021-44228 by upgrading IBM Cloud Transformation Advisor version to 2.5.1. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION:...

10CVSS9.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 6:9 a.m.122 views

Security Bulletin: Vulnerabilities in Linux Kernel, OpenSSL, Golang Go, and Zlib may affect IBM Spectrum Protect Plus

Summary Linux Kernel, OpenSSL, Golang Go, and Zlib vulnerabilities such as obtaining sensitive information, execution of arbitrary code, denial of service, and bypassing security restrictions may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTION: OpenSSL coul...

10CVSS9.7AI score0.95764EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 4:42 p.m.122 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component

Summary Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Security Verify...

7.5CVSS7AI score0.01453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/21 5:3 p.m.122 views

Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)

Summary Apache Log4j is used by IBM Netcool Agile Service Manager as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration...

10CVSS1.2AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/01 11:3 p.m.122 views

Security Bulletin: OpenSSH for IBM i is affected by CVE-2021-41617

Summary OpenSSH on IBM i is vulnerable to the issue described in the vulnerability details section. The applicability of the vulnerability is determined by an application's specific use of OpenSSH. IBM i has addressed the CVE in the OpenSSH implementation. Vulnerability Details CVEID:...

7CVSS2.5AI score0.02367EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:32 a.m.122 views

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2017-5638 could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could...

10CVSS1.8AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:12 p.m.122 views

Security Bulletin: IBM Informix Client SDK CPU utilization (CVE-2014-0963)

Summary Informix Client SDK is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: Informix Client SDK is affected by a problem with the handling of...

7.1CVSS6.5AI score0.03077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/14 2:14 p.m.121 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed by an ifix, a fixpack release and an option to disable the node CVE-2022-29244, CVE-2022-33987 Vulnerability Details CVEID:CVE-2022-29244 DESCRIPTION: Node....

7.5CVSS7.1AI score0.03465EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/18 6:48 p.m.121 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-23648)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd where specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS7.9AI score0.27392EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/16 3:17 a.m.121 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Log4j. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential...

10CVSS1.1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 7:4 a.m.121 views

Security Bulletin: IBM Business Automation Workflow is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Multiple Apache Log4j vunerabilities impact Process Federation Server that is shipped with IBM Business Automation Workflow. This vulnerability includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused b...

10CVSS0.9AI score0.99999EPSS
Exploits355Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 10:18 p.m.121 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM DataPower Gateway Appliances (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM DataPower Gateway Appliances. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS4.7AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:29 a.m.120 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

Summary IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Vulnerability Details CVEID:CVE-2022-41292 DESCRIPTION: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation o...

6.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 1:0 p.m.120 views

Security Bulletin: IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are vulnerable to arbitrary code execution due to a DLL hijacking flaw (CVE-2023-35897)

Summary IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by a DLL hijacking flaw CVE-2023-35897. The flaw can lead to arbitrary code execution, as described in the "Vulnerability...

8.4CVSS8.1AI score0.00234EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 7:30 a.m.120 views

Security Bulletin: A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed. Vulnerability Details...

10CVSS1.7AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 5:51 p.m.120 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects the IBM Performance Management product

Summary The APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44228 and fixed in Log4j v2.16. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remot...

10CVSS1.5AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.120 views

Security Bulletin: Multiple vulnerabilities in OpenSource NTP affects IBM Netezza Host Management

Summary OpenSource NTP is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-6462 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a buffer overflow in the legacy Datum Programmable Time Server...

7.8CVSS1AI score0.05239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 2:27 p.m.119 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Db2® Warehouse (CVE-2021-44228)

Summary Apache Log4j open source library used by IBM® Db2® Warehouse is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j...

10CVSS0.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 6:45 p.m.118 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference CVE-2024-38477, executing arbitrary code due to an encoding issue in modrewrite CVE-2024-38474, and improper escaping in modrewrite resulting in acces...

9.8CVSS10AI score0.99957EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/13 6:25 p.m.118 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889]

Summary Db2 Web Query is vulnerable to arbitrary code execution due to Apache Commons Text CVE-2022-42889. Apache Commons Text is used by IBM Db2 Web Query for i for string functionality. The fix includes Apache Commons Text 1.10.0. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:8 p.m.118 views

Security Bulletin: IBM Security Verify Access is vulnerable to execute arbitrary code due to jsr-sasign component. [CVE-2022-25898]

Summary jsr-sasign is used by IBM Security Verify Access product. This has been fixed by updating the version used by IBM Security Verify Access. CVE-2022-25898 Vulnerability Details CVEID:CVE-2022-25898 DESCRIPTION: Node.js jsrsasign module could allow a remote attacker to execute arbitrary code...

9.8CVSS9AI score0.01096EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.118 views

Security Bulletin: IBM Security Network Intrusion Prevention System CPU utilization (CVE-2014-0963)

Summary IBM Security Network Intrusion Prevention System is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Security Network Intrusion...

7.1CVSS7.1AI score0.03077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 6:27 p.m.118 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-44228)

Summary Apache Log4j is used by IBM Sterling Control Center. This bulletin provides fixes for the reported CVE-2021-44228 and work around mitigation. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused...

10CVSS1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/12 5:46 a.m.118 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input...

7.8CVSS1.4AI score0.12996EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.118 views

Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs...

5CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 10:42 a.m.118 views

Security Bulletin: Vulnerability found in velocity-1.7.jar which is shipped with IBM® Intelligent Operations Center [CVE-2020-13936]

Summary Vulnerability have been identified in velocity-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. CVE-2020-13936 Vulnerability Details...

9CVSS9.1AI score0.22709EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000