Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:14 a.m.52 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence RRDI. RRDI has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to...

10CVSS0.7AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:11 a.m.52 views

Security bulletin: Rational Directory Server (Tivoli) is affected by Apache Tomcat vulnerabilities

Summary The Apache Tomcat application server in installations of IBM Rational Directory Server Tivoli contains security vulnerabilities CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763. Vulnerability Details One version of Rational Directory Server Tivoli i...

8.8CVSS0.3AI score0.1838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.52 views

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerability. CVE-2017-1000366 Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially...

7.8CVSS2.4AI score0.02733EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:3 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7, Java™ Version 8 used by Security Directory Integrator. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10116 DESCRIPTION: An unspecified...

9CVSS1.5AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:59 p.m.52 views

Security Bulletin: IBM Security Network Protection is affected by Vulnerabilities in GNU Bash

Summary Security vulnerabilities have been discovered in GNU Bash, which is used by IBM Security Network Protection. IBM Security Network Protection has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0634 DESCRIPTION: GNU Bash could allow a local attacker to execute arbitrar...

8.4CVSS1.2AI score0.06019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Database Activity Monitor

Summary Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 used by IBM Security Guardium Database Activity Monitor. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017 Vulnerability Details CVEID: CVE-2016-5546...

7.5CVSS1.3AI score0.03533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:48 p.m.52 views

Security Bulletin: IBM Security Guardium is affected by Linux kernel privesc: Dirty COW vulnerability (CVE-2016-5195)

Summary Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition when handling the copy-on-write COW breakage of private read-only memory mappings by the memory subsystem. IBM Security Guardium has provided a fix for this vulnerability...

7.2CVSS1AI score0.83524EPSS
Exploits81Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:48 p.m.52 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2016-5573, CVE-2016-5597)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

8.3CVSS2.5AI score0.03937EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:44 p.m.52 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager

Summary There are multiple security vulnerabilities that have been fixed in the IBM Security Privileged Identity Manager Product Vulnerability Details CVEID: CVE-2016-0366 DESCRIPTION: IBM Security Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information du...

10CVSS1.2AI score0.89058EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:43 p.m.52 views

Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection

Summary There are multiple vulnerabilities in NTP that is used by IBM Security Network Protection. These vulnerabilities include CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7977, CVE-2015-7978,...

7.5CVSS0.9AI score0.15081EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:41 p.m.52 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (CVE-2016-3426, CVE-2016-3427)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An unspecified...

10CVSS1.2AI score0.92334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:25 p.m.52 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Access Manager for Web. IBM Security Access Manager for Web has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL could allow a...

7.5CVSS1.2AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:23 p.m.52 views

Security Bulletin:Vulnerability in RC4 stream cipher affects IBM Security Directory Integrator (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Directory Integrator Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS1.5AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:48 p.m.52 views

Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Core

Summary Apache Tomcat could allow a remote attacker to bypass security restrictions Vulnerability Details CVE-ID: CVE-2017-5664 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static err...

7.5CVSS0.5AI score0.16567EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-2808, CVE-2015-1916, CVE-2015-0204, and CVE-2015-0138)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition Version 6 that is used by IBM Workload Deployer. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: “Factoring Attack on RSA-EXPORT keys" SSL/TLS...

5CVSS1.2AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.52 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.31

Summary Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 7.0.0.31 Vulnerability Details CVE ID: CVE-2013-1862 PM87808 DESCRIPTION: IBM HTTP Server optional modrewrite module does not properly filter terminal escape sequences from logs, which cou...

6.8CVSS0.7AI score0.29484EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.51 views

Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)

Question Security Bulletin: Dirty COW Vulnerability CVE-2016-5195 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

7.2CVSS7.1AI score0.83524EPSS
Exploits81Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:54 a.m.51 views

Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)

Summary Several vulnerabilities have been addressed in IBM Security Directory Server, IBM Security Directory Suite, and IBM Security Verify Directory products. Vulnerability Details CVEID:CVE-2022-33164 DESCRIPTION: IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse...

9.1CVSS7.7AI score0.01476EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:49 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.1 Vulnerability Details CVEID:CVE-2024-27043 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal...

8.8CVSS10AI score0.02224EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:21 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2021-40528 DESCRIPTION: GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a...

9.8CVSS10AI score0.3197EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 11:0 p.m.51 views

Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH.

Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH. Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template...

7.5CVSS8.6AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/05 4:33 p.m.51 views

Security Bulletin: Vulnerability in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

4.8CVSS5.9AI score0.0095EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/04 11:11 p.m.51 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a D...

7.5CVSS6.8AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/13 10:4 a.m.51 views

Security Bulletin: vulnerability in Logback affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in Logback that can cause denial of service CVE-2023-6378 Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the receiver component. By...

7.5CVSS6.5AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 5:51 p.m.51 views

Security Bulletin: Vulnerabilities in Golang Go affect IBM Cloud Pak System

Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. CVE-2023-45284, CVE-2023-45283 Vulnerability Details CVEID:CVE-2023-45284 DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the...

7.5CVSS6.4AI score0.02758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 3:43 p.m.51 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple kernel CVEs

Summary IBM DataPower Gateway has addressed multiple CVEs in 10.5.0.12 Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in drivers/scsi/iscsitcp...

7.5CVSS8.9AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 2:18 p.m.51 views

Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)

Summary Kerberos is used by IBM DataPower Gateway as an optional authentication mechanism. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially craft...

9.1CVSS8.5AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 4:28 p.m.51 views

Security Bulletin: Multiple Vulnerabilities in Golang affect IBM Cloud Pak System

Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large R...

7.5CVSS6.8AI score0.03796EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 10:37 a.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS8.3AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/10 4:30 p.m.51 views

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities

Summary IBM Security Verify Governance uses IBM Db2 and IBM WebSphere Application Server traditional as dependent components. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins...

9.8CVSS7.7AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 8:54 p.m.51 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)

Summary IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability in the administative console. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server could allow a remote authenticated attacker, who has authorized access to the...

7.2CVSS7.6AI score0.01163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 5:44 p.m.51 views

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to curl (CVE-2023-27536, CVE-2023-28321)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. CVE-2023-30630, CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-27536 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, cause...

7.1CVSS7.5AI score0.0181EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:29 a.m.51 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to allow a remote authenticated attacker, denial of service, server-side request forgery SSRF, cross-site scripting, improper resource expiration handling, weaker than expected security for outbound TLS connections. These...

9.8CVSS8.7AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 5:20 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

7.5CVSS4.9AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 5:46 p.m.51 views

Security Bulletin: SANnav software used by IBM b-type SAN directors and switches is affected by Oracle Java SE vulnerabilities

Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...

7.4CVSS6.3AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/21 2:56 p.m.51 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go arbitrary code execution vulnerabilitiy.( CVE-2023-39323)

Summary Potential Golang Go arbitrary code execution vulnerabilitiy. CVE-2023-39323 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39323 DESCRIPTION: Golang G...

8.1CVSS8.4AI score0.01762EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 11:26 a.m.51 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.6AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/29 9:22 p.m.51 views

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory OOM...

7.5CVSS7.6AI score0.91327EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 2:52 p.m.51 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js.

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated...

7.8CVSS7.8AI score0.03168EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:44 p.m.51 views

Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...

10CVSS10AI score0.98094EPSS
Exploits93Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 6:17 p.m.51 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-38709, CVE-2024-24795)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.3CVSS6.6AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 6:16 p.m.51 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details CVEID:CVE-2024-22360 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service with a specially crafted...

6.5CVSS5.8AI score0.00653EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 3:56 p.m.51 views

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to installation denial of service due to grpc ( CVE-2023-44487 )

Summary Grpc is used by IBM Cloud Pak for Data Scheduling as part of the image catalog used for installation. CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the...

7.5CVSS7.6AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:26 a.m.51 views

Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).

Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...

9.1CVSS9.1AI score0.01713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/22 6:13 p.m.51 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. IBM Planning Analytics Workspace 2.0 Release 93 has addressed the applicable CVEs by upgrading or removing the vulnerable libraries. Please refer to the table in the...

9.3CVSS9.5AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/10 1:7 p.m.51 views

Security Bulletin: IBM Facsimile Support for i is vulnerable to a local user gaining elevated privileges due to an unqualified library call (CVE-2023-43064)

Summary IBM Facsimile Support for i is vulnerable to a local user gaining elevated privileges due to an unqualified library call as described in the vulnerability details section. IBM Facsimile Support for i has addressed the vulnerability with a fix as described in the remediation/fixes section...

7.8CVSS7.5AI score0.00171EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 9:30 p.m.51 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Certificate Validation in the RHEL UBI (CVE-2023-28321)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-28321 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID: CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

5.9CVSS7.9AI score0.0181EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 8:33 p.m.51 views

Security Bulletin: IBM OpenPages Is Vulnerable to Security Checks bypass (CVE-2023-40683)

Summary A vulnerability caused by insufficient authorization checks of API requests by an authorized user is addressed. Vulnerability Details CVEID:CVE-2023-40683 DESCRIPTION: IBM OpenPages could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. B...

8.8CVSS8.8AI score0.00701EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/02 6:1 p.m.51 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2023-43646 DESCRIPTION: Chai.js Assertion Library get-func-name is vulnerable to...

9.8CVSS9.8AI score0.02761EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/29 10:43 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Vulnerabilities in jettison, jackson mapper and xerces shipped with Platform System Manager PSM affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities Vulnerability Details CVEID:CVE-2022-45685 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by ...

9.8CVSS9.2AI score0.17461EPSS
Exploits3Affected Software1
Total number of security vulnerabilities5000