Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 4:6 p.m.51 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.6CVSS8.5AI score0.11334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 3:18 p.m.51 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...

7.5CVSS7.5AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/22 3:32 p.m.51 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of...

7.8CVSS7.5AI score0.62246EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 9:4 p.m.51 views

Security Bulletin: CVE-2022-24434 An issue was discovered in the npm package dicer

Summary This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js...

7.5CVSS7.3AI score0.03035EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/09 6:36 p.m.51 views

Security Bulletin: AIX is affected by a denial of service (CVE-2023-45167) and a security restrictions bypass (CVE-2023-40217) due to Python

Summary A vulnerability in Python could allow a non-privileged local user to cause a denial of service CVE-2023-45167 and a remote attacker to cause a security restrictions bypass CVE-2023-40217. Python is used by AIX as part of Ansible node management automation. Vulnerability Details...

6.2CVSS6AI score0.0079EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 6:44 p.m.51 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to one-time password bypass (CVE-2023-43045)

Summary IBM Sterling Partner Engagement Manager has addressed a reflected one-time password bypass vulnerability. Vulnerability Details CVEID: CVE-2023-43045 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote user to perform unauthorized actions due to improper...

7.5CVSS6.7AI score0.00726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/13 6:27 a.m.51 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering displays sensitive Information on ADMIN page (CVE-2022-34355).

Summary Application displays Sensitive Information related to the backend technologies like JVM, DB Version, Application Server on ADMIN page. Vulnerability Details CVEID:CVE-2022-34355 DESCRIPTION: IBM Jazz Foundation could disclose sensitive version information to a user that could be used in...

5.5CVSS4.5AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/09 11:0 a.m.51 views

Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866

Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...

6.5CVSS6.2AI score0.0066EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 10:52 p.m.51 views

Security Bulletin: FasterXML jackson-databind vulnerabilites impact IBM Sterling Order Management

Summary Various FasterXML jackson-databind vulnerabilites include the following: could allow a remote attacker to execute arbitrary code on the system, could provide weaker than expected security, could allow a remote attacker to obtain sensitive information, could be vulnerable to a denial of...

9.8CVSS9.6AI score0.26587EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 8:23 p.m.51 views

Security Bulletin: IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service

Summary IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, ...

7.5CVSS7.5AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 1:24 p.m.51 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial ...

7.5CVSS7.1AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/26 6:26 p.m.51 views

Security Bulletin: Okio GzipSource is vulnerable to CVE-2023-3635 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Okio GzipSource which is vulnerable to CVE-2023-3635. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffe...

7.5CVSS6.4AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 1:44 p.m.51 views

Security Bulletin: Vulnerabilities in Linux kernel and Python can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Python and Linux kernel. Vulnerabilities include gaining elevated privileges, executing arbitrary commands, obtaining sensitive information, denial of service, executing arbitrary code, improper validation, and bypassing...

7.8CVSS9.4AI score0.20459EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:19 p.m.51 views

Security Bulletin: CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Advanced 11.1

Summary CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Advanced 11.1. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inje...

9.8CVSS10AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/08 1:58 p.m.51 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to Natural Intelligence fast-xml-parser denial of service (CVE-2023-34104)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a denial of service of Natural Intelligence fast-xml-parser with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-34104 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerabl...

7.5CVSS7.4AI score0.01135EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:38 p.m.51 views

Security Bulletin: A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center(CVE-2023-24998)

Summary A vulnerabilitiy has been identified in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability...

7.5CVSS7.7AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 11:59 p.m.51 views

Security Bulletin: IBM MQ Appliance potentially vulnerable to a denial of service (CVE-2023-2650)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or ...

6.5CVSS7AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 7:4 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...

9.8CVSS7.7AI score0.01827EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 5:28 p.m.51 views

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and improper file download via http-cache-semantics, Gin-Gonic, and YAML (CVE-2022-25881, CVE-2023-2251, CVE-2023-29401)

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be vulnerable to denial of service via http-cache-semantics, denial of service via TypeScript's yaml and improper file attachment download for Node.js's http-cache-semantics as...

7.5CVSS6.6AI score0.01613EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/18 9:24 p.m.51 views

Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator

Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.8AI score0.01122EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 1:39 p.m.51 views

Security Bulletin: GNOME libxml2 vulnerability affects IBM Safer Payments (CVE-2023-29469)

Summary Libxml2 is used by IBM Safer Payments as part of PMML models, external queries, and docx file templates for Outgoing Channel Configurations. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29469 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service,...

6.5CVSS6.8AI score0.01013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/11 8:56 p.m.51 views

Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868)

Summary IBM® Db2® JDBC driver is vulnerable to multiple remote code execution issues. These vulnerabilties are addressed. Vulnerability Details CVEID:CVE-2023-27869 DESCRIPTION: IBM Db2 JDBC Driver could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

8.8CVSS7.9AI score0.01378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 9:10 p.m.51 views

Security Bulletin: IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998)

Summary Apache Commons FileUpload is used by IBM Content Navigator as part of the file upload functionailty. CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of reques...

7.5CVSS7.5AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 7:13 p.m.51 views

Security Bulletin: ICP Match 360 is vulnerable to the following CVEs

Summary ICP Match 360 is vulnerable to the following CVEs CVE-2022-3697, CVE-2022-41721, CVE-2022-41723, CVE-2015-3627, CVE-2022-23471, CVE-2023-25153, CVE-2023-25173 Vulnerability Details CVEID:CVE-2022-3697 DESCRIPTION: Ansible Collections Amazon AWS Collection could allow a remote attacker to...

7.8CVSS8.2AI score0.04561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:15 p.m.51 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2019-2602, CVE-2019-2684)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

7.5CVSS7.5AI score0.37618EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:7 p.m.51 views

Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-8039)

Summary Apache CXF is shipped with IBM Tivoli Network Manager IP Edition. Information about a security vulnerability affecting Apache CXF has been published here. Vulnerability Details CVE-ID: CVE-2018-8039 Description: Apache CXF could allow a remote attacker to conduct a man-in-the-middle attac...

8.1CVSS6.5AI score0.10394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:7 p.m.51 views

Security Bulletin: A security vulnerability has been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0732).

Summary Open SSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here. Vulnerability Details CVE-ID: CVE-2018-0732 Description: OpenSSL is vulnerable to a denial of service, caused by the sending o...

7.5CVSS7.6AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/16 3:20 p.m.51 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS10AI score0.99615EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/26 2:13 p.m.51 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Go, OpenSSL and Node.js Vulnerability Details CVEID:CVE-2023-0361 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing side-channel flaw in t...

9.8CVSS9.3AI score0.99615EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 5:19 p.m.51 views

Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow (CVE-2023-24998)

Summary IBM Business Automation Workflow packages a vulnerable copy of Apache commons-fileupload in its /BPM/Lombardi/lib directory. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number o...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 8:40 a.m.51 views

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable xstream-1.4.17.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable xstream-1.4.17.jar. Hence xstream-1.4.17.jar upgraded to xstream-1.4.19.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based...

8.8CVSS8.6AI score0.98124EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 6:20 p.m.51 views

Security Bulletin: Potential security bypass in IBM DataPower Gateway (CVE_2023-23920)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICUDATA environment variable, an attacker...

4.2CVSS6AI score0.00471EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 2:14 p.m.51 views

Security Bulletin: IBM Safer Payments is vulnerable to multiple OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary IBM Safer Payments uses OpenSSL. These OpenSSL vulnerabilities are addressed in IBM Safer Payments. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of t...

7.5CVSS7.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.51 views

Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in Linux Kernel. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in Linux Kernel. Vulnerability Details CVEID: CVE-2017-11176...

7.8CVSS7.7AI score0.03631EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.51 views

Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in HTTPD. Vulnerability Details CVEID: CVE-2016-10011 Description...

7.8CVSS8.4AI score0.88944EPSS
Exploits22
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/07 6:39 p.m.51 views

Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x)

Summary Multiple sub-components of IBM i ship log4j version v1.x files making them vulnerable to the issue described in the vulnerability details section. IBM Navigator for i - heritage version uses log4j v1.x and cannot be updated to log4j v2.x. Integrated Web Server IWS V2.6 contains unused...

7.5CVSS8.8AI score0.81147EPSS
Exploits9Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 6:0 p.m.51 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat (CVE-2022-43680).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat caused by a use-after free memory issue CVE-2022-43680. libexpat is included as part of the Base OS used by our service images. Please read the details for remediation below...

7.5CVSS7.4AI score0.02241EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 2:17 p.m.51 views

Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System

Summary Multiple vulnerabilities found in follow-redirect, html-parse-stringify2, nth-check, pycrypto affect Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2...

9.1AI score0.09501EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 11:43 a.m.51 views

Security Bulletin: Vulnerability in ant-1.8.1.jar affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)

Summary The ant-1.8.1.jar package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2012-2098, CVE-2020-11979, CVE-2021-36374, CVE-2021-36373, CVE-2020-1945. Vulnerability Details CVEID:CVE-2012-2098 DESCRIPTION: Apache Commons...

7.5CVSS7.2AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.51 views

Security Bulletin: Multiple vulnerabilities in Network Security Services (NSS) component affect SAN Volume Controller, Storwize family and FlashSystem V9000 products.

Summary Vulnerabilities in Network Security Services NSS component affect IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products. Though the CVE descriptions below document the vulnerabilities in the context of the Mozilla product, the IBM SAN Volume Controller, Storwize Family...

9.3CVSS9.1AI score0.0338EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.51 views

Security Bulletin: Vulnerability in zlib affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the zlib package used by IBM Spectrum Virtualize may result in a denial of service for the whole application if an attacker is able to inject crafted input. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...

7.5CVSS8.1AI score0.51733EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.51 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in...

8.6CVSS8.4AI score0.07538EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/28 1:29 p.m.51 views

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-41854)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a...

6.5CVSS6.4AI score0.01476EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/17 5:13 p.m.51 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...

8.5CVSS8.6AI score0.14024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/16 3:25 p.m.51 views

Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard

Summary Multiple CVEs - CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard . IBM CICS TX Standard has addressed the applicable CVEs. Relevant go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION:...

7.5CVSS7.2AI score0.05623EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 4:0 p.m.51 views

Security Bulletin: server-side request forgery vulnerability in Apache CXF (CVE-2022-46364) may affect CICS TX Advanced

Summary CICS TX Advanced has addressed a vulnerability in Apache CXF CVE-2022-46364. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a...

9.8CVSS9.1AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 4:39 p.m.51 views

Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]

Summary IBM Security Guardium has addressed these vulnerabilities CVE-2022-39166, CVE-2022-34917, CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-39166 DESCRIPTION: IBM Security Guardium could allow a privileged user to obtain sensitive information inside of an HTTP response. CVSS Base score:...

9.8CVSS9.2AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.51 views

Security Bulletin: The IBM FlashSystem 840 and V840 product model number AE1 nodes are affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem 840 MTM 9840-AE1, and FlashSystem V840 MTMs 9846-AE1 and 9848-AE1 use the Apache Struts library. Struts is used onl...

7.5CVSS8.9AI score0.99614EPSS
Exploits15Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.51 views

Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-2177, CVE-2016-2178, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6304, and CVE-2016-6306 could allow a remote attacker to...

9.8CVSS8.6AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.51 views

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem models 840 and 900 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)

Summary There are unspecified vulnerabilities revealed in the July 2015 Java Critical Patch Update CPU which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to obtain sensitive information and which could allow a...

5.5CVSS6.6AI score0.0381EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000