Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/12/23 6:34 p.m.52 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-4104, CVE-2021-45046).

Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

10CVSS1.5AI score0.99999EPSS
Exploits354Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/18 3:42 p.m.52 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies

Summary IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies that were inadvertently missed during previous scans. Vulnerability Details CVEID: CVE-2021-21409 DESCRIPTION: Netty is vulnerable to request smuggling, caused by improper validation of request...

9.8CVSS9.2AI score0.49727EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 4:21 a.m.52 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2021-44228)

Summary WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

10CVSS2.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 10:54 a.m.52 views

Security Bulletin: Multiple vulnerabilities in jQuery-UI affect IBM Tivoli Netcool Impact (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)

Summary The jQuery-UI library is shipped as a component of Tivoli Netcool/Impact. Information about security vulnerabilities affecting jQuery-UI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site...

6.5CVSS0.5AI score0.44515EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/01 2:26 p.m.52 views

Security Bulletin: IBM Sterling Order Management is affected by Apache Commons BeanUtils security vulnerabilities (CVE-2019-10086)

Summary IBM Sterling Order Management use Apache Commons BeanUtils and are affected by some of the vulnerabilities that exist in this component. Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the syste...

7.5CVSS0.7AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/14 1:5 p.m.52 views

Security Bulletin: Operations Dashboard is vulnerable to multiple Go vulnerabilities

Summary Operations Dashboard is vulnerable to multiple Go vulnerabilities with details of each below Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By...

7.5CVSS8.5AI score0.07293EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/08 7:52 a.m.52 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP85 and Version 8 SR6-FP30 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates. Vulnerability Details CVEID: CVE-2021-238...

7.5CVSS0.8AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.52 views

Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability (CVE-2020-11612)

Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a...

7.5CVSS1.7AI score0.09438EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/24 10:34 p.m.52 views

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Summary Apache HTTP Server on IBM i is vulnerabile to the issues described in the vulnerability details section. IBM i has addressed the vulnerabilities in the Apache HTTP Server implementation as described in the remediation/fixes section. Vulnerability Details CVEID: CVE-2021-31618 DESCRIPTION:...

7.5CVSS7.8AI score0.60266EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.52 views

Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109)

Summary Open SSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a buffer underflow when deserializing untrusted...

10CVSS0.7AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.52 views

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect Power Hardware Management Console (CVE-2014-6512, CVE-2014-3566, CVE-2014-6457, CVE-2014-6558)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is used by Power Hardware Management Console. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the...

4.3CVSS4.3AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 12:10 a.m.52 views

Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341)

Summary This Security Bulletin provides steps for updating Java for Db2 Query Management Facility QMF Workstation and QMF Vision. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to...

7.5CVSS0.5AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/26 8:15 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: A...

4.3CVSS1.6AI score0.03625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/26 8:11 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An...

4.3CVSS5.8AI score0.03625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:4 a.m.52 views

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2021-3347 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gai...

7.8CVSS1.4AI score0.01377EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 8:36 p.m.52 views

Security Bulletin: Multiple vulnerabilities in the IBM® Runtime Environments, Java™ Technology Edition, Version 6 affects the IBM InfoSphere Optim Data Masking Solution.

Summary There are multiple vulnerabilities in the IBM Runtime Environments, Java Technology Edition, Version 6 CVE-2015-0488, CVE-2015-2808,CVE-2015-0410, CVE-2015-1916,CVE-2015-0204 that affect the IBM InfoSphere Optim Data Masking Solution. These issues were disclosed as part of the IBM Java SD...

5CVSS5.1AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/02 2:32 a.m.52 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.37 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerability CVE-2018-11784 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2018-11784 Description: Apache Tomcat could allow...

4.3CVSS5.3AI score0.94494EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/01 11:33 a.m.52 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability (CVE-2020-1971)

Summary IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability CVE-2020-1971 with details below. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an...

5.9CVSS5.8AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/29 3:25 p.m.52 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by...

7.5CVSS7.2AI score0.50732EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/03 3:44 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...

4.3CVSS1.3AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/28 3:57 p.m.52 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 7 and 8 used by IBM MQ. IBM MQ has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14581 DESCRIPTION: An unspecifie...

4.3CVSS2AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/25 5:19 p.m.52 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle October 2020 Critical Patch Update minus CVE-2020-14781 and CVE-2020-14782. CVE-2020-14781 and CVE-2020-14782 will be covered by additional bulletins. Vulnerability Details CVEID: CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE...

5.8CVSS0.9AI score0.03713EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/11 3:31 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by TPF Toolkit. TPF Toolkit has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

4.3CVSS1.7AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/08 11:11 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

4.3CVSS1.8AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/16 5:44 p.m.52 views

Security Bulletin: A GNU C Library vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Summary A GNU C Library vulnerability, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-10029 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by ...

5.5CVSS0.4AI score0.00758EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 2:45 p.m.52 views

Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant

Summary Versions of IBP images javaenv and dind before 2.5.1 release on 12082020 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID:...

7.5CVSS0.5AI score0.08235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 4:0 p.m.52 views

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2020-14385 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by ...

7.2CVSS1.4AI score0.00706EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/04 9:4 a.m.52 views

Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...

9.8CVSS0.7AI score0.97399EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 4:8 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java S...

6.8CVSS1.6AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/15 3:22 p.m.52 views

Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the...

9.8CVSS0.9AI score0.87218EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/22 5:29 p.m.52 views

Security Bulletin: IBM Cloud Private is vulnerable to multiple node.js vulnerabilities (CVE-2020-11080, CVE-2020-10531, CVE-2020-8172, CVE-2020-8174)

Summary IBM Cloud Private is vulnerable to multiple node.js vulnerabilities Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32 settings by default. By sending overly large...

9.3CVSS1.4AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.52 views

Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on 5 June 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and...

7.4CVSS1AI score0.95326EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.52 views

Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569

Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...

5.8CVSS0.09386EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.52 views

Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...

6.5CVSS0.2AI score0.14524EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.52 views

Security Bulletin: Spice-server vulnerabilities affect IBM SmartCloud Entry (CVE-2016-0749 CVE-2016-2150 )

Summary SmartCloud Entry is vulerable to Spice-server vulnerabilities. Attackers could exploit them to cause improper bounds checking by smartcard interaction or bypass security restrictions Vulnerability Details CVEID: CVE-2016-0749 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer...

10CVSS0.9AI score0.08492EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/05 6:40 p.m.52 views

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...

10CVSS3.1AI score0.33937EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/01 6:24 p.m.52 views

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by multiple vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 53. Vulnerability Details CVEID: CVE-2018-16492 DESCRIPTION: Node.js extend...

9.8CVSS0.6AI score0.57132EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/12 9:51 a.m.52 views

Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.

Summary IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file...

9.8CVSS0.4AI score0.9927EPSS
Exploits45Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/06 1:2 p.m.52 views

Security Bulletin: Vulnerability in Apache HTTPD affects IBM Integrated Analytics System

Summary Apache HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1312 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the failure to properly...

9.8CVSS1AI score0.15885EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/06 11:0 a.m.52 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary Open Source OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an...

5.3CVSS1.1AI score0.98631EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/17 4:33 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An...

6.8CVSS1.8AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/16 8:57 a.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2958 DESCRIPTION: An...

5.9CVSS2AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/11 9:6 a.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.37 & Versions 7.0.10.45 used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in July 2019 Vulnerability Details CVEID:...

8.4CVSS1.8AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/13 12:15 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.6.0 used by Rational Functional Tester RFT version 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details Rational Functional Tester has addressed the following: If you run your own...

9.1CVSS2.2AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/12 3:57 p.m.52 views

Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903)

Summary Fixes a vulnerability reported in the libexpat parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files as well as parsing soap requests. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a...

7.5CVSS0.5AI score0.06643EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/27 9:57 p.m.52 views

Security Bulletin: A Security Vulnerability Has Been Identified In WebSphere Application Server shipped with IBM Tivoli Access Manager for e-business (CVE-2019-10086)

Summary WebSphere Application Server is shipped with IBM Tivoli Access Manager for e-business. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the...

7.5CVSS2.1AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/24 8:33 p.m.52 views

Security Bulletin: API Connect is impacted by a vulnerability in PHP (CVE-2019-11043)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11043 DESCRIPTION: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocat...

9.8CVSS1AI score0.9947EPSS
Exploits54Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 2:2 p.m.52 views

Security Bulletin: Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-9936 DESCRIPTION: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an...

9.8CVSS0.3AI score0.45426EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.52 views

Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)

Summary OpenSSH vulnerabilities affect IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11...

9.8CVSS2.7AI score0.37016EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.52 views

Security Bulletin: Vulnerability CVE-2017-7494 in Samba affects IBM i

Summary Samba is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7494 DESCRIPTION: Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper access to named pipe endpoints. By uploading a...

10CVSS1.6AI score0.99448EPSS
Exploits24Affected Software1
Total number of security vulnerabilities5000