Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/01/25 10:11 p.m.52 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to multiple issues due to Eclipse Jetty.

Summary Eclipse Jetty is used by IBM Sterling Connect:Direct for UNIX in product management. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in Eclipse Jetty. IBM Sterling Connect:Direct for UNIX has upgraded Eclipse Jetty to version 9.4.53 to address the issues. Vulnerability...

7.5CVSS8.6AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/01 12:43 p.m.52 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487

Summary IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application...

9.8CVSS8.1AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:7 p.m.52 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional groups. By using a specially crafted...

9.8CVSS9.5AI score0.07059EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 7:56 p.m.52 views

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)

Summary IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Vulnerability Details CVEID:CVE-2023-38003 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user with DATAACCESS privileges to execute...

7.2CVSS8AI score0.01086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/19 5:17 p.m.52 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities. [CVE-2022-42889, CVE-2023-35001, CVE-2023-32233]

Summary IBM Security Guardium has addressed the following vulnerabilities with the update recommended below in the remediation / fix section. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw...

9.8CVSS8.8AI score0.99931EPSS
Exploits50Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 7:33 a.m.52 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from shadow-utils, procps-ng, containerd, urllib3, nghttp2 and Golang

Summary Multiple issues were identified in Red Hat UBI packages, go-toolset and OSE are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-25153 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a memory...

8.1CVSS8.9AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:23 p.m.52 views

Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed security vulnerabilities

Summary IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 resolves vulnerabilities in Golang Go, Gin-Gonic Gin and libp2p go-libp2p. A vulnerability where sensitive information could be shared due to insecure network communication has also been addressed. Please refer to the table...

7.5CVSS7.1AI score0.01146EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 10:16 p.m.52 views

Security Bulletin: A vulnerability in jquery may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker obtaining sensitive information. (CVE-2020-23064)

Summary There is a vulnerability in jQuery used by IBM Robotic Process Automation for Cloud Pak as part of the operator, which may result in cross site scripting CVE-2020-23064. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:...

7.3AI score
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 11:23 a.m.52 views

Security Bulletin: Vulnerability in jetty-http-9.4.51.v20230217.jar affects IBM Integrated Analytics System (Sailfish) [CVE-2023-40167]

Summary The jetty-http-9.4.51.v20230217.jar is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-40167 Vulnerability Details CVEID: CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsin...

5.3CVSS6AI score0.01069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 6:52 a.m.52 views

Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Jazz Reporting Service (CVE-2020-1953)

Summary There is a vulnerability in Apache Commons used by IBM Jazz Reporting Service. IBM has addressed the relevant CVE. Vulnerability Details CVEID:CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an issue...

10CVSS9.7AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 8:58 p.m.52 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29402 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the...

9.8CVSS10AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/09 11:0 a.m.52 views

Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866

Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...

6.5CVSS6.2AI score0.0066EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 12:58 p.m.52 views

Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for VMware only, and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache HttpComponents. The vulnerability can lead to spoofing attacks, bypass of...

5.8CVSS5.7AI score0.09149EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:32 a.m.52 views

Security Bulletin: OpenSource Apache Taglibs Vulnerability affects IBM Jazz Reporting Service (CVE-2015-0254)

Summary Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID:CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to...

7.5CVSS9.5AI score0.1326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/02 8:7 p.m.52 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-32006 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of module.constructor.createRequire. By...

9.8CVSS8.4AI score0.01817EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 9:12 p.m.52 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in gRPC

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of gRPC. Vulnerability Details CVEID:CVE-2023-33953 DESCRIPTION: gRPC is vulnerable to a denial of service, caused by hpack table accounting errors. By sending a specially crafted request, a remote...

7.5CVSS7.3AI score0.00412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/20 2:8 p.m.52 views

Security Bulletin: A vulnerability in python-request affects IBM Robotic Process Automation for Cloud Pak and may result in an attacker obtaining sensitive information (CVE-2023-32681)

Summary python-requests is used by IBM Robotic Process Automation as part of base container images. CVE-2023-32681 Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization...

6.1CVSS6.5AI score0.02782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/11 10:10 p.m.52 views

Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

9.1CVSS8.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/08 8:48 a.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified...

9.1CVSS9.2AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/08 8:45 a.m.52 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to a Certifi vulnerability (CVE-2023-37920)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a Certifi vulnerability with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an...

9.8CVSS8.3AI score0.00468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/07 2:2 p.m.52 views

Security Bulletin: IBM DataPower Gateway affected by multiple issues in JRE

Summary IBM has addressed the following CVEs, which potentially affect JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

7.4CVSS6.1AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:6 p.m.52 views

Security Bulletin: Multiple security vulnerabilities have been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.

Summary Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting Oracle MySQL has been published here. Vulnerability Details CVEID: CVE-2018-3079...

7.1CVSS6.8AI score0.03683EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 10:55 p.m.52 views

Security Bulletin: This Power System update is being released to address CVE-2023-25683

Summary The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC Vulnerability Details CVEID:CVE-2023-25683 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the...

7.5CVSS6.5AI score0.00626EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/23 10:27 a.m.52 views

Security Bulletin: Operations Dashboard is vulnerable to multiple vulnerabilities in Golang

Summary Operations Dashboard is vulnerable to multiple vulnerabilities in Golang which is used by the Operations Dashboard operator. Vulnerabilities include code injection and denial of service. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is...

9.8CVSS9.9AI score0.02281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/25 6:50 a.m.52 views

Security Bulletin: Vulnerability from log4j-1.2.16.jar affect IBM Operations Analytics - Log Analysis (CVE-2023-26464)

Summary log4j-1.2.16.jar is vulnerable and it is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender components. By...

7.5CVSS7.2AI score0.01905EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/18 5:28 p.m.52 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by security restriction bypass due to Spring Framework [CVE-2023-20860]

Summary IBM Sterling Connect:Direct for UNIX File Agent component is affected by security restriction bypass due to Spring Framework. Spring Framework has been upgraded in IBM Sterling Connect:Direct for UNIX File Agent component. CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20860...

7.5CVSS7.2AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 2:32 a.m.52 views

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Eclipse Jetty used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a...

7.8CVSS7.9AI score0.99298EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 5:56 p.m.52 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-38561 DESCRIPTION: Golang Go Text is vulnerable to a denial of service, caused by an improper index calculation that allows an incorrectly formatted language tag to panic Parse. A remote...

7.5CVSS7.5AI score0.02297EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 8:27 p.m.52 views

Security Bulletin: Apache Log4j is vulnerable to CVE-2021-45105 and CVE-2021-45046 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Log4j which is vulnerable to CVE-2021-45105 and CVE-2021-45046. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled...

10CVSS9.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 5:50 p.m.52 views

Security Bulletin: Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2022-23592 DESCRIPTION: TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds rea...

8.1CVSS7.5AI score0.0087EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 10:46 p.m.52 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Java . Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of...

5.3CVSS5.1AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/26 12:17 a.m.52 views

Security Bulletin: A security vulnerability has been identified in OpenSSL in IBM® AIX® shipped with IBM PureData System for Operational Analytics ( CVE-2022-1292)

Summary IBM® AIX® is shipped as a component of IBM PureData System for Operational Analytics. Information about the security vulnerability in OpenSSL affecting IBM AIX has been published in a security bulletin CVE-2022-1292. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION: OpenSSL could all...

10CVSS9.7AI score0.83223EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 3:1 p.m.52 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-9281 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

7.4CVSS6.7AI score0.2241EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/20 2:12 p.m.52 views

Security Bulletin: CVE-2022-3676 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-3676 was addressed in Eclipse OpenJ9 version 0.35 Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted...

6.5CVSS6.6AI score0.00589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 1:48 p.m.52 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-41903 DESCRIPTION: Git could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when processin...

9.8CVSS9.3AI score0.62575EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.52 views

Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following...

7.5CVSS7.3AI score0.04888EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.52 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module (IMM) (CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799)

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Integrated Management Module IMM which has addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project...

10CVSS7.1AI score0.82112EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/11 4:14 p.m.52 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a privilege escalation due to RESTEasy CVE-2023-0482 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

5.5CVSS5.8AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/07 3:37 p.m.52 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6306 DESCRIPTION: OpenSSL is...

9.8CVSS8.3AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/03 1:23 p.m.52 views

Security Bulletin: Operations Dashboard is vulnerable to denial of service due to multiple vulnerabilities in Go

Summary Operations Dashboard is vulnerable to denial of service due to multiple vulnerabilities in Go with details below. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sendin...

7.5CVSS7.9AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.52 views

Security Bulletin: Vulnerability in Network Security (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2016-1978)

Summary A vulnerability in Network Security NSS affects the IBM SAN Volume Controller and Storwize Family. Though the CVE descriptions below document the vulnerabilities in the context of Mozilla Firefox, the vulnerability is resolved in the IBM SAN Volume Controller and Storwize Family products ...

7.5CVSS8.5AI score0.02386EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.52 views

Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Multiple vulnerabilities in the Linux kernel could allow a remote attacker to obtain sensitive information from IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: Linux Kernel could allow a...

8.2CVSS7AI score0.03585EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 5:49 p.m.52 views

Security Bulletin: IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec (CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835)

Summary IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835. The fixes include libthrift 0.17.0 & commons-codec version 1.15 Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION:...

7.8CVSS7.8AI score0.09082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/16 4:26 p.m.52 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to sensitive information exposure due to IBM MQ (CVE-2022-42436)

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2022-42436 DESCRIPTION: IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM...

4CVSS4.2AI score0.0018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 5:50 p.m.52 views

Security Bulletin: Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service and remote attack due to OpenSSL and Node.js. CVE-2022-4450, CVE-2023-0216 & CVE-2023-0401, CVE-2022-4203, CVE-2023-0217, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 & CVE-2022-25881. The fix includes...

7.5CVSS7.5AI score0.59501EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 5:24 p.m.52 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.10 and earlier

Summary This fix upgrades to nodejs 14.21.3. Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a...

7.5CVSS6.8AI score0.02209EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 3:6 p.m.52 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID:CVE-2022-1355 DESCRIPTION: libtiff is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the tiffcp.c in main function in the...

6.5CVSS6.6AI score0.01255EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/21 5:42 p.m.52 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Plus (CVE-2019-11777)

Summary IBM Spectrum Protect Plus can be affected by a vulnerability in the Eclipse Paho library used by IBM WebSphere Application Server Liberty. Vulnerability could allow a remote attacker to bypass security restrictions, as described by the CVE in the "Vulnerability Details" section...

7.5CVSS7.4AI score0.00827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.52 views

Security Bulletin: Seven (7) Vulnerabilities in OpenSSL affect IBM FlashSystem 840 and V840 (CVEs)

Summary OpenSSL vulnerabilities affect the IBM FlashSystem 840 and V840 products. These vulnerabilities could allow a remote attacker to execute arbitrary code on the system, to obtain sensitive information, or cause of denial of service. Vulnerability Details 1. CVE-ID:CVE-2014-3509 DESCRIPTION ...

6.8CVSS8.1AI score0.51436EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.52 views

Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Struts to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-4430, CVE-2016-4431, CVE-2016-4433, and CVE-2016-4436 could allow a remote attacker to perform a cross-site script attack, perfo...

9.8CVSS9AI score0.10013EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000