Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 6:57 a.m.52 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the...

5.3CVSS5.7AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.52 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

6.9CVSS7.3AI score0.99019EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 8:49 p.m.52 views

Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by IBM CICS TX on Cloud. IBM CICS TX on Cloud has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...

9.1CVSS7.8AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:40 p.m.52 views

Security Bulletin: IBM Aspera Orchestrator was vulnerable to denial of service due to an Apache HTTP Server vulnerability (CVE-2021-34798)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-34798 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in httpd core. By sending a specially crafted request, a...

7.5CVSS8.6AI score0.64509EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 5:0 p.m.52 views

Security Bulletin: IBM Aspera Orchestrator affected by OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary The following vulnerabilities have been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the logic during ...

7.5CVSS7.3AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:58 p.m.52 views

Security Bulletin: IBM Process Mining is vulnerable to Prototype Pollution due to json-schema CVE-2021-3918

Summary json-schema is used by IBM Process Mining. CVE-2021-3918. The fix includes json-schema 0.4.0 Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of object...

9.8CVSS9.8AI score0.03563EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:57 p.m.52 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2021-28165)

Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty i...

7.8CVSS7.5AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:43 p.m.52 views

Security Bulletin: Vulnerability in Lodash affects IBM Process Mining (Multiple CVEs)

Summary There is a vulnerability in Lodash that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable...

9.1CVSS8.3AI score0.2241EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 3:51 p.m.52 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Netty (CVE-2021-37136, CVE-2021-37137)

Summary IBM Sterling B2B Intergrator has addressed the security vulnerabilities in Netty. Vulnerability Details CVEID:CVE-2021-37136 DESCRIPTION: Netty netty-codec is vulnerable to a denial of service, caused by not allow size restrictions for decompressed data in the Bzip2Decoder. By sending a...

7.5CVSS8.1AI score0.0628EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 10:40 a.m.52 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to multiple jsonwebtoken CVEs

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to jsonwebtoken CVE-2022-23541, CVE-2022-23539, CVE-2022-23529, CVE-2022-23540. The resolving fix includes jsonwebtoken version 9.0.0. A mitigation is provided for IBM Integration Bus Vulnerability...

8.1CVSS7.3AI score0.00753EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/17 4:48 p.m.52 views

Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management. Vulnerabilities include denial of service, elevation of privileges, obtaining sensitive information, bypassing security restrictions, buffer overflow, and execution of arbitrary code on system...

8.6CVSS8.8AI score0.12746EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.52 views

Security Bulletin: A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details and a remediation/fix for this issue. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypas...

5.3CVSS5.7AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.52 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2019-11358).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input in Drupal core. CVE-2019-11358. jQuery is used by the runtime components included in IBM Watson Speech. Please read the...

6.1CVSS6.4AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 1:12 p.m.52 views

Security Bulletin: Operations Dashboard is vulnerable to multiple Go CVEs

Summary Operations Dashboard is vulnerable to multiple Go CVEs with details below Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a specially-crafted...

7.5CVSS7.7AI score0.01544EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/21 7:28 p.m.52 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to unsafe deserialization due to Apache MINA SSHD (CVE-2022-45047)

Summary Apache MINA SSHD is used by IBM Tivoli Netcool Impact as part of the Command Line Manager service. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to execute...

9.8CVSS9.6AI score0.03571EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 6:58 p.m.52 views

Security Bulletin: IBM DataPower Gateway subject to a memory leak in TCP source port generation (CVE-2022-1012)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation algorithm in the net/ipv4/tcp.c function. By sending a...

8.2CVSS8.1AI score0.02972EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/30 2:32 p.m.52 views

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]

Summary Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-428...

9.8CVSS9.8AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/10 12:6 p.m.52 views

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Planning Analytics Express and IBM Cognos Express.

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Planning Analytics Express and IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. OpenSSL vulnerabilities were disclosed ...

7.5CVSS8.5AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 1:51 p.m.52 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is...

9.8CVSS9.3AI score0.99019EPSS
Exploits36Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 9:53 p.m.52 views

Security Bulletin: Multiple vulnerabilities in Apache Ant affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Ant used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By...

5.5CVSS6.2AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.52 views

Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by multiple OpenSSL vulnerabilities

Abstract A number of security vulnerabilities have been discovered in the OpenSSL libraries included in IBM Tivoli Netcool System Service Monitors/Application Service Monitors. Content VULNERABILITY DETAILS: CVE Ids: CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108...

9.3CVSS7.2AI score0.54372EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.52 views

Security Bulletin: GSKit TLS Padding Vulnerability affects IBM Tivoli/Security Server on Asset and Service Management (CVE-2014-8730)

Summary IBM Tivoli/Security Directory Server ITDS/ISDS are affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details CVE-ID : CVE-2014-8730 DESCRIPTION : IBM Security Directory Server could allow a remote attacker to obtain...

4.3CVSS3.4AI score0.1372EPSS
Exploits0Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.52 views

Security Bulletin: Potential security vulnerabilities with JavaTM SDKs

Summary Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Vulnerability Details CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041...

10CVSS8.8AI score0.17606EPSS
Exploits0Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:26 a.m.52 views

Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere Application Server and WebSphere Application Server Hypervisor Edition. This vulnerability does not affect the IBM HTTP Server or versions of WebSphere Application Server prior ...

10CVSS10AI score0.97655EPSS
Exploits10Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:9 a.m.52 views

Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1283)

Summary Denial of service may affect IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403....

7.5CVSS8.5AI score0.19069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/23 8:4 a.m.52 views

Security Bulletin: IBM Security Verify Governance is vulnerable to Denial of Service (CVE-2021-35578)

Summary IBM Security Verify Governance is vulnerable to denial of service by an unauthenticated attacker due to a vulnerability in Java SE related to the JSSE component CVE-2021-35578. The fix includes upgrading Java SE and Liberty to patched versions. Vulnerability Details CVEID:CVE-2021-35578...

5.3CVSS5.7AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 7:30 p.m.52 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx. Vulnerability Details CVEID:CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack,...

7.4CVSS7.3AI score0.02037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 12:35 p.m.52 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has multiple vulnerabilities associated with the Go runtime (CVE-2021-29923, CVE-2021-31525, CVE-2021-33194, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198)

Summary The Go runtime is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to interact with the operating system and provide utility functions. Vulnerability Details CVEID:CVE-2021-34558 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the...

9.1CVSS8.5AI score0.07293EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/20 4:53 p.m.52 views

Security Bulletin: OpenSSL vulnerabilities in the IBM Security Verify Information Queue web server (CVE-2021-3711, CVE-2021-3712)

Summary The web server in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older Node.js version with two known OpenSSL vulnerabilities. ISIQ v10.0.3 upgraded to a Node.js version that includes a newer OpenSSL to remediate the vulnerabilities. CVE-2021-3711, CVE-2021-3712 Vulnerability...

9.8CVSS8.9AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 7:18 a.m.52 views

Security Bulletin: Enterprise Content Management System Monitor is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Enterprise Content Management System Monitor is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-45105 and CVE-2021-45046. Apache Log4j is used by Enterprise Content Management System Monitor as part of its logging infrastructure.The fix includes Apache Log4j v2.17.1...

10CVSS0.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 8:1 p.m.52 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Server (CVE-2021-35550, CVE-2021-35603)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Server and may be affected by the below vulnerabilities CVEs. Vulnerability Details CVEID: CVE-2021-35603...

7.1CVSS2.1AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:12 p.m.52 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to various attacks due to its use of redis (CVE-2021-32675, CVE-2021-32626, CVE-2021-32672)

Summary Redis is used by several components in IBM Cloud Pak for Multicloud Management Monitoring as an in-memory shared cache database. It is not exposed outside the cluster. Vulnerability Details CVEID: CVE-2021-32672 DESCRIPTION: Redis could allow a remote authenticated attacker to obtain...

8.8CVSS1.3AI score0.1578EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/23 1:36 p.m.52 views

Security Bulletin: A vulnerability in zlib affects IBM Common Inventory Technology (CIT).

Summary Zlib library before 1.2.12 used by IBM Common Inventory Technology is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruptio...

7.5CVSS1.4AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 3:16 a.m.52 views

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server

Summary GNU Binutils is used by IBM Netezza Platform Server. IBM Netezza Platform Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-18607 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the elflinkinputbfd in...

7.8CVSS8.2AI score0.02752EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/17 2:2 p.m.52 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38944 DESCRIPTION: IBM DataPower Gateway is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable syste...

6.1CVSS1.6AI score0.00536EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/16 4:3 p.m.52 views

Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities

Summary Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM. Vulnerability Details Abstract Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2468 CVSS Base Score:Â...

10CVSS0.6AI score0.98704EPSS
Exploits32
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 11:8 p.m.52 views

Security Bulletin: A vulnerability in Dojo affects IBM InfoSphere Information Server (CVE-2021-23450)

Summary A vulnerability in Dojo that is used by IBM InfoSphere Information Server is addressed. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending...

9.8CVSS7.1AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 9:6 p.m.52 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2022-23772, CVE-2022-23773, CVE-2022-23806)

Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2022-23772 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker...

9.1CVSS0.6AI score0.03015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 2:12 p.m.52 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-23362, CVE-2021-22918)

Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION: Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the fromUrl function in index.js. By...

5.3CVSS1AI score0.23132EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM InfoSphere Global Name Management (CVE-2021-35578, CVE-2021-35550, CVE-2021-35603)

Summary There are multiple vulnerabilities in the Java used in IBM InfoSphere Global Name Management GNM. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere Global Name...

7.1CVSS6.8AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/12 10:52 p.m.52 views

Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management

Summary Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management Vulnerability Details CVEID: CVE-2016-7051 DESCRIPTION: jackson-dataformat-xml is vulnerable to server-side request forgery, caused by a flaw in the XmlMapper. By using vectors related to a DTD, an attacker could...

9.8CVSS2.1AI score0.49727EPSS
Exploits7Affected Software19
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 2:54 p.m.52 views

Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23806

Summary Operations Dashboard is vulnerable to Go CVE-2022-23806 with details below Vulnerability Details CVEID: CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a...

9.1CVSS0.7AI score0.03015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 5:14 p.m.52 views

Security Bulletin: Vulnerabilities in Bash affect Network Intrusion Prevention System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM Security Network Intrusion Prevention System. Vulnerability Detail...

10CVSS9.5AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 5:2 p.m.52 views

Security Bulletin: IBM QRadar SIEM can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)

Summary Previous releases of IBM QRadar Security Information and Event Manager, IBM QRadar Vulnerability Manager and IBM QRadar Risk Manager are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7. Vulnerability Details CVEID: CVE-2014-0453...

4CVSS6.9AI score0.04899EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 5:30 p.m.52 views

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling File Gateway is impacted by Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details CVEID: CVE-2021-4510...

10CVSS0.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 5:36 a.m.52 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104)

Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JMSAppender in Apache Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The fix includes Apache Log4j 2.17.1...

7.5CVSS1.9AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 4:57 p.m.52 views

Security Bulletin: IBM® Disconnected Log Collector is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM® Disconnected Log Collector to log system events. This bulletin provides a remediation for the vulnerabilities, CVE-2021-45105 and CVE-2021-45046 by upgrading IBM® Disconnected Log Collector and thus addressing the exposure to the Apache Log4j vulnerabilities...

10CVSS0.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 11:0 p.m.52 views

Security Bulletin: IBM® Security SOAR is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046).

Summary Apache Log4j, a dependency of Elasticsearch as used in IBM® Security SOAR, has known vulnerabilities CVE-2021-45105, CVE-2021-45046. These are addressed by upgrading IBM Security SOAR to the latest build of v42 or latest build of v43. The fix packages include Apache Log4j 2.17...

10CVSS0.6AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 8:11 p.m.52 views

Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server

Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.5CVSS2.8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/31 3:31 p.m.52 views

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale for logging which is bundled in IBM Elastic Storage System. Vulnerability Details CVEID:...

10CVSS1.6AI score0.99999EPSS
Exploits355Affected Software1
Total number of security vulnerabilities5000