Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.51 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-27191 DESCRIPTION: Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certa...

7.5CVSS8.7AI score0.03931EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.51 views

Security Bulletin: Multiple vulnerabilities in Java SE affect IBM CICS TX Advanced

Summary Java SE is used by IBM CICS TX Advanced to run WebSphere Liberty, Fix Installer and Java based CICS applications in the product. The following CVEs are applicable: Denial of service CVEs - CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21294,...

5.3CVSS5.1AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/13 1:13 p.m.51 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2022-34351)

Summary IBM QRadar SIEM is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM QRadar SIEM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2022-34351 DESCRIPTION: IBM QRadar SIEM i...

7.5CVSS6.4AI score0.00388EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 9:38 a.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to [CVE-2022-45907]

Summary PyTorch is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution. This bulletin provides patch information to addres...

9.8CVSS9.7AI score0.01192EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/08 4:15 p.m.51 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache James MIME4J (CVE-2022-45787)

Summary There is a vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated...

5.5CVSS5.9AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 8:48 p.m.51 views

Security Bulletin: IBM Security Verify Governance, Identity Manager virtual appliance component uses weaker than expected cryptography (CVE-2022-22462)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities. Please apply the fixes as described below. Vulnerability Details CVEID:CVE-2022-22462 DESCRIPTION: IBM Security Verify Governance uses weaker than expected cryptograph...

7.5CVSS5.5AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 5:0 p.m.51 views

Security Bulletin: Multiple vulnerability affect IBM Business Automation Workflow - CVE-2022-42003, CVE-2022-42004

Summary Case history event emitters in IBM Business Automation Workflow are affected by multiple vulnerabilities in jackson-databind. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primiti...

7.5CVSS7.7AI score0.02824EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 3:15 a.m.51 views

Security Bulletin: IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2022-41946)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readable files in the...

5.5CVSS4.9AI score0.0048EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.51 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2021-35561, CVE-2021-41041, CVE-2022-21299, CVE-2022-21496, CVE-2022-21434, CVE-2022-21443 Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An...

5.3CVSS6.4AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/13 3:56 p.m.51 views

Security Bulletin: Vulnerabilities in Redis affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift (CVE-2022-24736, CVE-2022-24735)

Summary Vulnerabilities in Redis, such as denial of service and execution of arbitrary code on the system, may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift. Vulnerability Details CVEID:CVE-2022-24736 DESCRIPTION: Redis is vulnerable to a denial of...

7.8CVSS7AI score0.02189EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.51 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, swagger, jQuery, Netty, Apache commons, validator.js, Chalk ansi-regex, Json-schema, Java SE and IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-4453...

9.8CVSS9.7AI score0.99019EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 5:34 p.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-22844

Summary LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability...

5.5CVSS6.5AI score0.01336EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/30 8:48 a.m.51 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Expat, SQlite, libxml2, Libksba, zlib and GnuTLS

Summary Multiple issues were identified in Red Hat UBI ubi8/ubi-minimal v8.6-x packages Expat, SQlite, libxml2, Libksba, zlib and GnuTLS that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. These vulnerabilities have been addressed. Vulnerability Details...

9.8CVSS9.9AI score0.1593EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 4:37 p.m.51 views

Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to use of Apache Commons Collections (multiple vulnerabilities)

Summary IBM Security Verify Governance uses Apache Commons Collections library which is vulnerable to arbitrary code execution by an attacker by sending specially crafted serialized objects CVE-2017-15708, CVE-2015-7501, CVE-2015-6420, CVE-2015-4852, CVE-2019-13116. The fix includes upgrading the...

9.8CVSS8.4AI score0.96032EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 8:8 a.m.51 views

Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis

Summary There are multiple vulnerabilities in various versions of Data-Binding functionality for Jackson that affect IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are listed in the Vulnerability Details section below. Vulnerability Details CVEID:CVE-2020-25649...

9.8CVSS10AI score0.45205EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/21 9:55 p.m.51 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to HTTP request smuggling

Summary These flaws have the potential to affect the API Gateway Sservice. IBM has addressed the CVEs Vulnerability Details CVEID: CVE-2022-32213 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly parse and validate Transfer-Encoding headers by the...

6.5CVSS7.7AI score0.77766EPSS
Exploits3Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/18 3:30 p.m.51 views

Security Bulletin: IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299).

Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager TADDM and is vulnerable to a denial of service CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An...

5.3CVSS6AI score0.06468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/18 12:2 a.m.51 views

Security Bulletin: Vulnerabilities in Golang Go affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift

Summary Golang Go is vulnerable to denial of service, obtaining sensitive information, HTTP request smuggling, and directory traversal which may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift. Vulnerability Details CVEID:CVE-2022-32149...

7.5CVSS7.6AI score0.02513EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/10 12:6 p.m.51 views

Security Bulletin: Multiple security exposures in IBM Cognos Express (CVE-2013-5802, CVE-2013-5825)

Summary IBM Cognos Express is affected by multiple security exposures. Vulnerability Details CVE ID : CVE-2013-5802 DESCRIPTION : If an attacker is able to upload malformed or extremely large streams of XML data to the IBM Cognos BI Server, they may be able to cause the application to crash,...

7.5CVSS7.3AI score0.04464EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 5:48 p.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to HTTP request smuggling due to CVE-2022-26377

Summary modproxyajp is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring operand images as part of the base operating system. Use of modproxyajp within IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be...

7.5CVSS8.6AI score0.19008EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:9 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to July 2022 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code usin...

5.9CVSS7AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.51 views

Security Bulletin: There is an information disclosure vulnerability in Liberty for Java (CVE-2020-4329)

Summary There is an information disclosure in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive...

4.3CVSS4.3AI score0.0112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.51 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-34165)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.4CVSS5.8AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.51 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross site scripting due to jquery-ui (CVE-2022-31160)

Summary jquery-ui is used by IBM Robotic Process Automation as part of the RPA Dashboard. CVE-2022-31160 Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A...

6.1CVSS6.4AI score0.01933EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.51 views

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.5

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.5 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-3304 PM54356 DESCRIPTION: WebSphere Application Server could allow a remote attacker to hijack a valid user’s session, caused by an...

6.8CVSS9.5AI score0.02898EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.51 views

Security Bulletin: IBM Tivoli Security Policy Manager (TSPM) Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool used by TSPM contains a security vulnerability. The vulnerability allows an attacker to craft a malicious lin...

4.3CVSS7.5AI score0.66817EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.51 views

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.47

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 6.1.0.47 Content The following vulnerabilities have been fixed in IBM WebSphere Application Server Fix Pack 6.1.0.47 VULNERABILITY DETAILS: CVE ID:CVE-2012-3305PM62467 DESCRIPTION:...

10CVSS9.2AI score0.35584EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/16 1:39 p.m.51 views

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Configuration [CVE-2022-33980]

Summary Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Configuration and the issue has been addressed. CVE-2022-33980 Vulnerability Details...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 7:23 p.m.51 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-3737 CVE-2017-3738)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL could allow a remo...

5.9CVSS6.6AI score0.83645EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 2:9 p.m.51 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is vulnerable to execute arbitrary commands due to OpenSSL (CVE-2022-2068)

Summary There is a vulnerability in the OpenSSL library used by IBM Sterling Connect:Direct for UNIX Container. IBM Sterling Connect:Direct for UNIX Container has addressed the applicable issue by upgrading OpenSSL to 1.1.1k. Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could...

9.7AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 6:23 p.m.51 views

Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2013, April 2013

Summary Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM Tivoli Storage Productivity Center. Vulnerability Details IBM Tivoli Storage Productivity Center 5.x and 4.x are shipped with an IBM Java SDK that is based on the Oracle JDK. Oracle released February 2013...

10CVSS7AI score0.89987EPSS
Exploits44Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/15 4:26 p.m.51 views

Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2018-5744 CVE-2019-6465 and CVE-2018-5745.

Summary ISC BIND is vulnerable to these security vulnerabilities. IBM i has addressed these vulnerabilities. This security bulletin has been updated, on June 21, 2019, as an additional IBM i PTF is available for IBM i 7.4. Vulnerability Details CVEID: CVE-2018-5745 DESCRIPTION: ISC BIND is...

7.5CVSS7.1AI score0.037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/13 3:18 p.m.51 views

Security Bulletin: Vulnerability in polkit affects Cloud Pak System ( CVE-2021-4034)

Summary Polkit is used by IBM Cloud System OS. This security bulletin service applies to IBM Cloud System , IBM Cloud System Software and IBM Cloud System Software Suite. Vulnerability Details CVEID:CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated...

7.8CVSS8.2AI score0.94921EPSS
Exploits151Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/08 3:33 p.m.51 views

Security Bulletin: IBM Workload Scheduler is potentially vulnerable to denial of service due to CVE-2022-0778 affecting OpenSSL component

Summary OpenSSL vulnerability CVE-2022-0778 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Schedulerfor secure communications between the components. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw i...

7.5CVSS7.7AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/28 6:16 a.m.51 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

6.1CVSS5.1AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/11 3:35 p.m.51 views

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160

Summary MQ for HPE NonStop Server may be using weaker than expected security due to an algorithmic problem within OpenSSL. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64...

5.9CVSS0.9AI score0.03803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/07 11:14 a.m.51 views

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.

Summary IBM QRadar Network Security has addressed following vulnerabilities. Vulnerability Details CVEID: CVE-2017-18551 DESCRIPTION: Linux kernel is vulnerable to a buffer overflow, caused by a missing bounds check in drivers/i2c/i2c-core-smbus.c. An attacker could overflow an array and perform...

9.3CVSS0.8AI score0.09729EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 5:21 a.m.51 views

Security Bulletin: A security vulnerability has been identified in SwaggerUI shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, 221508)

Summary SwaggerUI is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting SwaggerUI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By...

4.3CVSS1.4AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.51 views

Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633 ).

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.7 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details CVEID:CVE-2018-2579 DESCRIPTION: ...

8.3CVSS6.6AI score0.06905EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 12:13 a.m.51 views

Security Bulletin: IBM Security SOAR is affected but not classified as vulnerable to remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Security SOAR is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot...

9.8CVSS1.5AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 2:57 p.m.51 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-27290 DESCRIPTION: Node.js ssri...

9.8CVSS1.3AI score0.37286EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 3:35 p.m.51 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to DNS spoofing

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames...

9.8CVSS2AI score0.21952EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/17 3:41 p.m.51 views

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read ...

9.8CVSS1.2AI score0.69803EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.51 views

Security Bulletin: Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary The vulnerability in CVE-2021-3712 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Please note that this CVE only impacts the MessageBroker Suite of MDM Standard Edition SE. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION:...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.51 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management (CVE-2014-3571, CVE-2015-0206, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 )

Summary SUMMARY: OpenSSL vulnerabilities were disclosed on January 8th, 2015 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Master Data Management. IBM InfoSphere Master Data Management has addressed the applicable CVEs provided by OpenSSL Vulnerability Details CVEID: CVE-2014-3570...

5CVSS7.1AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 5:4 p.m.51 views

Security Bulletin: Vulnerability in Java SE libraries could allow unauthenticated attacker to cause denial of service (CVE-2020-2754, CVE-2020-2755)

Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component used by Global Name Management could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details Refer to the...

4.5AI score0.04128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/19 9:24 p.m.51 views

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22965

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22965? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22965 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

9.8CVSS1.3AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/05 5:33 p.m.51 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

6.1CVSS1AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 4:11 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect SPSS Collaboration and Deployment Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and 8 used by SPSS Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability i...

7.1CVSS6.2AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.51 views

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by a vulnerability in OpenSSL (CVE-2016-2183)

Summary IBM Security Network Intrusion Prevention Systems has addressed the following vulnerability in OpenSSL. The vulnerability is known as the SWEET32 Birthday attack CVE-2016-2183. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitiv...

7.5CVSS0.7AI score0.95707EPSS
Exploits7Affected Software1
Total number of security vulnerabilities5000