Lucene search
K
IbmMost viewed

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:21 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2021-40528 DESCRIPTION: GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a...

9.8CVSS10AI score0.3197EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 11:0 p.m.51 views

Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH.

Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH. Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template...

7.5CVSS8.6AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/05 4:33 p.m.51 views

Security Bulletin: Vulnerability in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

4.8CVSS5.9AI score0.0095EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/04 11:11 p.m.51 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a D...

7.5CVSS6.8AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/13 10:4 a.m.51 views

Security Bulletin: vulnerability in Logback affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in Logback that can cause denial of service CVE-2023-6378 Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the receiver component. By...

7.5CVSS6.5AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 5:51 p.m.51 views

Security Bulletin: Vulnerabilities in Golang Go affect IBM Cloud Pak System

Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. CVE-2023-45284, CVE-2023-45283 Vulnerability Details CVEID:CVE-2023-45284 DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the...

7.5CVSS6.4AI score0.02758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 3:43 p.m.51 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple kernel CVEs

Summary IBM DataPower Gateway has addressed multiple CVEs in 10.5.0.12 Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in drivers/scsi/iscsitcp...

7.5CVSS8.9AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 2:18 p.m.51 views

Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)

Summary Kerberos is used by IBM DataPower Gateway as an optional authentication mechanism. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially craft...

9.1CVSS8.5AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 4:28 p.m.51 views

Security Bulletin: Multiple Vulnerabilities in Golang affect IBM Cloud Pak System

Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large R...

7.5CVSS6.8AI score0.03796EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 10:37 a.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS8.3AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/10 4:30 p.m.51 views

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities

Summary IBM Security Verify Governance uses IBM Db2 and IBM WebSphere Application Server traditional as dependent components. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins...

9.8CVSS7.7AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 8:54 p.m.51 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)

Summary IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability in the administative console. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server could allow a remote authenticated attacker, who has authorized access to the...

7.2CVSS7.6AI score0.01163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 5:44 p.m.51 views

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to curl (CVE-2023-27536, CVE-2023-28321)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. CVE-2023-30630, CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-27536 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, cause...

7.1CVSS7.5AI score0.0181EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:29 a.m.51 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to allow a remote authenticated attacker, denial of service, server-side request forgery SSRF, cross-site scripting, improper resource expiration handling, weaker than expected security for outbound TLS connections. These...

9.8CVSS8.7AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 5:20 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

7.5CVSS4.9AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 5:46 p.m.51 views

Security Bulletin: SANnav software used by IBM b-type SAN directors and switches is affected by Oracle Java SE vulnerabilities

Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...

7.4CVSS6.3AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/21 2:56 p.m.51 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go arbitrary code execution vulnerabilitiy.( CVE-2023-39323)

Summary Potential Golang Go arbitrary code execution vulnerabilitiy. CVE-2023-39323 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39323 DESCRIPTION: Golang G...

8.1CVSS8.4AI score0.01762EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 11:26 a.m.51 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.6AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/29 9:22 p.m.51 views

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory OOM...

7.5CVSS7.6AI score0.91327EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 2:52 p.m.51 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js.

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated...

7.8CVSS7.8AI score0.03168EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:44 p.m.51 views

Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...

10CVSS10AI score0.98094EPSS
Exploits93Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 6:17 p.m.51 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-38709, CVE-2024-24795)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.3CVSS6.6AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 6:16 p.m.51 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details CVEID:CVE-2024-22360 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service with a specially crafted...

6.5CVSS5.8AI score0.00653EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 3:56 p.m.51 views

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to installation denial of service due to grpc ( CVE-2023-44487 )

Summary Grpc is used by IBM Cloud Pak for Data Scheduling as part of the image catalog used for installation. CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the...

7.5CVSS7.6AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:26 a.m.51 views

Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).

Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...

9.1CVSS9.1AI score0.01713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/22 6:13 p.m.51 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. IBM Planning Analytics Workspace 2.0 Release 93 has addressed the applicable CVEs by upgrading or removing the vulnerable libraries. Please refer to the table in the...

9.3CVSS9.5AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/10 1:7 p.m.51 views

Security Bulletin: IBM Facsimile Support for i is vulnerable to a local user gaining elevated privileges due to an unqualified library call (CVE-2023-43064)

Summary IBM Facsimile Support for i is vulnerable to a local user gaining elevated privileges due to an unqualified library call as described in the vulnerability details section. IBM Facsimile Support for i has addressed the vulnerability with a fix as described in the remediation/fixes section...

7.8CVSS7.5AI score0.00171EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 9:30 p.m.51 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Certificate Validation in the RHEL UBI (CVE-2023-28321)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-28321 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID: CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

5.9CVSS7.9AI score0.0181EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 8:33 p.m.51 views

Security Bulletin: IBM OpenPages Is Vulnerable to Security Checks bypass (CVE-2023-40683)

Summary A vulnerability caused by insufficient authorization checks of API requests by an authorized user is addressed. Vulnerability Details CVEID:CVE-2023-40683 DESCRIPTION: IBM OpenPages could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. B...

8.8CVSS8.8AI score0.00701EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/02 6:1 p.m.51 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2023-43646 DESCRIPTION: Chai.js Assertion Library get-func-name is vulnerable to...

9.8CVSS9.8AI score0.02761EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/29 10:43 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Vulnerabilities in jettison, jackson mapper and xerces shipped with Platform System Manager PSM affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities Vulnerability Details CVEID:CVE-2022-45685 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by ...

9.8CVSS9.2AI score0.17461EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 3:37 p.m.51 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining - Multiple CVEs

Summary There is a vulnerability in Apache Tomcat that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487...

7.5CVSS8.5AI score0.99999EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 11:51 p.m.51 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition.

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ CVE-2023-21930, CVE-2023-21967, CVE-2023-21939, CVE-2023-21938. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java...

7.4CVSS6.5AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 6:33 p.m.51 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Oracle MySQL Server

Summary IBM Security Guardium has released an update to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-21940 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Components Services component could allow a remote authenticated attacker to...

7.5CVSS5.6AI score0.01501EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.51 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in glib2, libxml2 and ntp

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in glib2, libxml2 and ntp. Vulnerability Details CVEID: CVE-2018-16429 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in gmarkupparsecontextparse in...

7.5CVSS1.4AI score0.05726EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 4:6 p.m.51 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.6CVSS8.5AI score0.11334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 3:18 p.m.51 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...

7.5CVSS7.5AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/22 3:32 p.m.51 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of...

7.8CVSS7.5AI score0.62246EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 9:4 p.m.51 views

Security Bulletin: CVE-2022-24434 An issue was discovered in the npm package dicer

Summary This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js...

7.5CVSS7.3AI score0.03035EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/09 6:36 p.m.51 views

Security Bulletin: AIX is affected by a denial of service (CVE-2023-45167) and a security restrictions bypass (CVE-2023-40217) due to Python

Summary A vulnerability in Python could allow a non-privileged local user to cause a denial of service CVE-2023-45167 and a remote attacker to cause a security restrictions bypass CVE-2023-40217. Python is used by AIX as part of Ansible node management automation. Vulnerability Details...

6.2CVSS6AI score0.0079EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 6:44 p.m.51 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to one-time password bypass (CVE-2023-43045)

Summary IBM Sterling Partner Engagement Manager has addressed a reflected one-time password bypass vulnerability. Vulnerability Details CVEID: CVE-2023-43045 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote user to perform unauthorized actions due to improper...

7.5CVSS6.7AI score0.00726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/13 6:27 a.m.51 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering displays sensitive Information on ADMIN page (CVE-2022-34355).

Summary Application displays Sensitive Information related to the backend technologies like JVM, DB Version, Application Server on ADMIN page. Vulnerability Details CVEID:CVE-2022-34355 DESCRIPTION: IBM Jazz Foundation could disclose sensitive version information to a user that could be used in...

5.5CVSS4.5AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 10:52 p.m.51 views

Security Bulletin: FasterXML jackson-databind vulnerabilites impact IBM Sterling Order Management

Summary Various FasterXML jackson-databind vulnerabilites include the following: could allow a remote attacker to execute arbitrary code on the system, could provide weaker than expected security, could allow a remote attacker to obtain sensitive information, could be vulnerable to a denial of...

9.8CVSS9.6AI score0.26587EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 8:23 p.m.51 views

Security Bulletin: IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service

Summary IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, ...

7.5CVSS7.5AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 1:24 p.m.51 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial ...

7.5CVSS7.1AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/26 6:26 p.m.51 views

Security Bulletin: Okio GzipSource is vulnerable to CVE-2023-3635 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Okio GzipSource which is vulnerable to CVE-2023-3635. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffe...

7.5CVSS6.4AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 1:44 p.m.51 views

Security Bulletin: Vulnerabilities in Linux kernel and Python can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Python and Linux kernel. Vulnerabilities include gaining elevated privileges, executing arbitrary commands, obtaining sensitive information, denial of service, executing arbitrary code, improper validation, and bypassing...

7.8CVSS9.4AI score0.20459EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:19 p.m.51 views

Security Bulletin: CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Advanced 11.1

Summary CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Advanced 11.1. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inje...

9.8CVSS10AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/08 1:58 p.m.51 views

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to Natural Intelligence fast-xml-parser denial of service (CVE-2023-34104)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a denial of service of Natural Intelligence fast-xml-parser with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-34104 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerabl...

7.5CVSS7.4AI score0.01135EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:38 p.m.51 views

Security Bulletin: A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center(CVE-2023-24998)

Summary A vulnerabilitiy has been identified in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability...

7.5CVSS7.7AI score0.46836EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000