Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:34 a.m.53 views

Security Bulletin: Vulnerabilities in PHP affect PowerKVM

Summary PowerKVM is affected by numerous vulnerabilities in PHP. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-5399 DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the bzread function...

9.8CVSS1.3AI score0.09844EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:32 a.m.53 views

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple ntp vulnerabilities

Summary Multiple security vulnerabilities have been discovered in ntp that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2015-7705 DESCRIPTION: Network Time Protocol NTP is vulnerable to a denial of service, caused by an error in the...

9.8CVSS0.9AI score0.44936EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:10 a.m.53 views

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)

Summary Jazz Reporting Service is shipped as a component of Rational Insight. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security Bulletin: Multiple security...

8.8CVSS2AI score0.1838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:1 a.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-0138, CVE-2014-6549, CVE-2015-0408, CVE-2015-0412, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0410, CVE-2015-0407,

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.2 that is supplied with specific versions of Rational Lifecycle Integration Adapter for HP ALM. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also...

10CVSS0.9AI score0.67234EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:46 a.m.53 views

Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0440)

Summary Previous releases of IBM Rational Automation Framework are affected by a vulnerability in Java that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts li...

5CVSS2.4AI score0.05532EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:6 p.m.53 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting the IBM HTTP server component of IBM WebSphere Application Server h...

8.1CVSS0.7AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.53 views

Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2017-9798)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By...

7.5CVSS1.1AI score0.94999EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:4 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™, Version 7 Service Refresh 10 Fix Pack 15 used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION:...

9.6CVSS0.8AI score0.16181EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:0 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Security Network Protection. IBM Security Network Protection has addressed the applicable CVEs. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3514 DESCRIPTION: An unspecified...

9.8CVSS1.2AI score0.07489EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:41 p.m.53 views

Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs)

Summary IBM Security Guardium is vulnerable to several possible remote attacks Vulnerability Details CVEID: CVE-2015-4881 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the CORBA component has complete confidentiality impact, complete integrity impact, and complete...

10CVSS1AI score0.1095EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:20 p.m.53 views

Security Bulletin: Vulnerability in SSLv3 affects Directory Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Tivoli Directory Server TDS and IBM Security Directory Server SDS. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow...

4.3CVSS0.2AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:52 p.m.53 views

Security Bulletin: IBM Forms Viewer may be affected by a known issue with libpng library (CVE-2015-8126, CVE-2015-8472)

Summary An IBM Form XFDL document that contains a specially crafted PNG image can crash IBM Forms Viewer. This can occur based on the Viewer's use of this library. Vulnerability Details CVEID: CVE-2015-8126 DESCRIPTION: libpng is vulnerable to a buffer overflow, caused by improper bounds checking...

7.5CVSS1.6AI score0.10339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:37 p.m.53 views

Security Bulletin: IBM WebSphere Transformation Extender Secure Adapter Collection 8.4.1.1 CPU utilization and insecure Elliptic Curve Digital Signature Algorithm (CVE-2014-0963, CVE-2014-0076)

Summary IBM WebSphere Transformation Extender Secure Adapter Collection product is affected by two issues: one related to the TLS implementation which, under very specific conditions, can cause CPU utilization to rapidly increase, the other related to an insecure Elliptic Curve Digital Signature...

7.1CVSS6.4AI score0.03077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:48 p.m.53 views

Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Counterparty Credit Risk

Summary Apache Tomcat could allow a remote attacker to bypass security restrictions Vulnerability Details CVE-ID: CVE-2017-5647 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An...

9.1CVSS0.4AI score0.1684EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.53 views

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud

Summary There is an information disclosure due to an XML external entity XXE vulnerability when using the OpenSAML features in WebSphere Application Server Liberty. There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by...

7.5CVSS0.4AI score0.94999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.53 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle January 2018 Critical Patch Update, plus one additional vulnerability Vulnerability Details CVE IDs: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603...

8.3CVSS1AI score0.07525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by z/TPF. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you shoul...

9.8CVSS1.1AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.53 views

Security Bulletin: A Security vulnerability has been identified in IBM HTTP Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details Consult the security bulletin: Multiple Security Vulnerabilities in IBM HTTP Server for vulnerability details and information about fixes. Affected Products and Versions...

1.4AI score0.57472EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.53 views

Security Bulletin: CICS Transaction Gateway for Multiplatforms

Summary Multiple security vulnerabilities exist in the JREs shipped with CICS Transaction Gateway CICS TG for client applications. CICS TG itself is not vulnerable to all these risks but client side applications using the CICS TG supplied JREs might be. Vulnerability Details CVEID: CVE-2016-5582...

9.6CVSS6.9AI score0.05437EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.53 views

Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)

Summary A class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus Registry Edition Vulnerability Details This security vulnerability is fixed with available interim fixes and are...

7.5CVSS2.3AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2016/03/31 2:58 p.m.53 views

BGQ_REDBOOKS (Doc Number=4680): Blue Gene/Q Security Bulletin notification

Abstract BGQREDBOOKS Doc Number=4680: Blue Gene/Q Security Bulletin notification Blue Gene Knowledge Base document 773911444 : Security Bulletin: GNU C library glibc vulnerability affects CVE-2015-7547 A GNU C library glibc stack-based buffer overflow in getaddrinfo vulnerability affects Blue...

8.1CVSS1.9AI score0.89557EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.52 views

Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)

Question Security Bulletin: OpenSSH client bug CVE-2016-0777 and CVE-2016-0778 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

8.1CVSS7.3AI score0.63468EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:49 a.m.52 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 005 Vulnerability Details CVEID:CVE-2024-39734 DESCRIPTION: IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers...

9.8CVSS7AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/07 7:17 p.m.52 views

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-22.3.1.dist-info, zipp-3.18.1.dist-info, jinja2-3.1.4.dist-info, jinja2-3.1.4.dist-info, pip-20.2.4.dist-info, cryptography-44.0.0.dist-info, urllib3-1.26.18.dist-info, ansiblecore-2.15.11.dist-info, ansiblecore-2.15.11.dist-info,...

6.5CVSS7AI score0.02782EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:12 a.m.52 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary LibTIFF is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Core and Watson NLP CVE-2022-48281, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, . ncurses is used by IBM Robotic Process Automation for Cloud Pak as part of base container...

7.8CVSS8.7AI score0.69494EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:5 a.m.52 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2018-17336 DESCRIPTION: UDisks could allow a local attacker to obtain sensitive information, caused by a format string vulnerability in udiskslog in udiskslogging.c. By using a...

8.6CVSS9.4AI score0.11334EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 6:14 p.m.52 views

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the systemd library. CVE-2023-48795, CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions,...

6.5CVSS7.8AI score0.9378EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/25 8:59 p.m.52 views

Security Bulletin: IBM Master Data Management is vulnerable to a denial of service from a flaw in DH keys or parameters in OpenSSL (CVE-2023-3817)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a denial of service from a flaw in DH keys or parameters in OpenSSL. OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...

5.3CVSS6.8AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:37 a.m.52 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service vulnerability in Multiple vendors [ CVE-2023-44487]

Summary Potential denial of service vulnerability in Multiple vendors CVE-2023-44487 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-444...

7.5CVSS7.5AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 6:33 p.m.52 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-40680)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-40680 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. CVSS Base score: 6.2 CVSS Temporal Score:...

5.5CVSS5.9AI score0.00188EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 6:20 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Scale System

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Serve...

9.8CVSS7.5AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 5:17 p.m.52 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2024.

Summary In addition to many OS level updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF035 and 24.0.0-IF001. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

8.7CVSS9.9AI score0.02733EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/03 1:5 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-40898, CVE-2024-40725)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

9.1CVSS6.7AI score0.04134EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:33 a.m.52 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Spectrum Control which could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945,...

7.5CVSS7.2AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 6:7 p.m.52 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones CVE-2023-50387. ISC BIND is included as a Base OS package used by our Service...

7.5CVSS7.7AI score0.99995EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/04 6:11 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified...

7.5CVSS5AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 11:31 a.m.52 views

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...

6.5CVSS6.1AI score0.01044EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 11:54 p.m.52 views

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service

Summary Node.js is used by IBM Rational® Application Developer for WebSphere® Software as the SDK and runtime for Apache Cordova projects. CVE-2023-6129,CVE-2024-24806, CVE-2023-5678,CVE-2024-22019,CVE-2023-46809, CVE-2024-0727, CVE-2023-6237,CVE-2024-21892 Vulnerability Details...

7.8CVSS7.5AI score0.04459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/09 4:32 p.m.52 views

Security Bulletin: IBM Operational Decision Manager for March 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2007-4559...

9.8CVSS9.2AI score0.99999EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 11:15 a.m.52 views

Security Bulletin: Vulnerability in libcurl may affect IBM Storage Scale System (CVE-2023-28322)

Summary A vulnerability in libcurl may allow a remote attacker to bypass security restrictions in IBM Storage Scale System. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions...

5.3CVSS6.3AI score0.02211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/21 10:21 a.m.52 views

Security Bulletin: IBM QRadar SIEM M7 Appliances are vulnerable to CVE-2022-21216

Summary IBM QRadar SIEM M7 Appliances could be vulnerable to an Intel CVE. IBM has addressed the relevant CVE. Vulnerability Details CVEID:CVE-2022-21216 DESCRIPTION: IntelAtom and Intel Xeon Scalable Processors could allow a remote authenticated attacker to gain elevated privileges on the system...

7.5CVSS7AI score0.00539EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 6:36 p.m.52 views

Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...

9.8CVSS9.8AI score0.19753EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 5:26 p.m.52 views

Security Bulletin: Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2023-50290)

Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr Vulnerability Details CVEID:CVE-2023-50290 DESCRIPTION: Apache Solr could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending ...

6.5CVSS6.4AI score0.68665EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:48 p.m.52 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Go-git with Instana Agent container image

Summary Vulnerabilities in Go-git were remediated in IBM Observability with Instana with Instana Agent container image build 265. CVE-2023-49569 & CVE-2023-49568 Vulnerability Details CVEID:CVE-2023-49569 DESCRIPTION: go-git could allow a remote attacker to traverse directories on the system. By...

9.8CVSS9.6AI score0.01523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 2:31 p.m.52 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. CVE-2023-5363, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...

7.8CVSS8AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 7:39 p.m.52 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF030 and 23.0.2-IF002. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with...

9.3CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 8:18 a.m.52 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability

Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...

6.9CVSS6.5AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 4:12 a.m.52 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

9.8CVSS10AI score0.04322EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/29 8:48 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

8.3CVSS8.2AI score0.04009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/25 10:11 p.m.52 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to multiple issues due to Eclipse Jetty.

Summary Eclipse Jetty is used by IBM Sterling Connect:Direct for UNIX in product management. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in Eclipse Jetty. IBM Sterling Connect:Direct for UNIX has upgraded Eclipse Jetty to version 9.4.53 to address the issues. Vulnerability...

7.5CVSS8.6AI score0.99999EPSS
Exploits22Affected Software1
Total number of security vulnerabilities5000