Lucene search
K
IbmMost viewed

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/29 10:43 a.m.•51 views

Security Bulletin: Multiple Vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Vulnerabilities in jettison, jackson mapper and xerces shipped with Platform System Manager PSM affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities Vulnerability Details CVEID:CVE-2022-45685 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by ...

9.8CVSS9.2AI score0.17461EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/15 3:37 p.m.•51 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining - Multiple CVEs

Summary There is a vulnerability in Apache Tomcat that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487...

7.5CVSS8.5AI score0.99999EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/14 11:51 p.m.•51 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition.

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ CVE-2023-21930, CVE-2023-21967, CVE-2023-21939, CVE-2023-21938. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java...

7.4CVSS6.5AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/14 6:33 p.m.•51 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Oracle MySQL Server

Summary IBM Security Guardium has released an update to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-21940 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Components Services component could allow a remote authenticated attacker to...

7.5CVSS5.6AI score0.01501EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/07 10:45 p.m.•51 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in glib2, libxml2 and ntp

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in glib2, libxml2 and ntp. Vulnerability Details CVEID: CVE-2018-16429 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in gmarkupparsecontextparse in...

7.5CVSS1.4AI score0.05726EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/12/01 4:6 p.m.•51 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.6CVSS8.5AI score0.11334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/29 3:18 p.m.•51 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...

7.5CVSS7.5AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/22 3:32 p.m.•51 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of...

7.8CVSS7.5AI score0.62246EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/17 9:4 p.m.•51 views

Security Bulletin: CVE-2022-24434 An issue was discovered in the npm package dicer

Summary This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js...

7.5CVSS7.3AI score0.03035EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/11/09 6:36 p.m.•51 views

Security Bulletin: AIX is affected by a denial of service (CVE-2023-45167) and a security restrictions bypass (CVE-2023-40217) due to Python

Summary A vulnerability in Python could allow a non-privileged local user to cause a denial of service CVE-2023-45167 and a remote attacker to cause a security restrictions bypass CVE-2023-40217. Python is used by AIX as part of Ansible node management automation. Vulnerability Details...

6.2CVSS6AI score0.0079EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/26 6:44 p.m.•51 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to one-time password bypass (CVE-2023-43045)

Summary IBM Sterling Partner Engagement Manager has addressed a reflected one-time password bypass vulnerability. Vulnerability Details CVEID: CVE-2023-43045 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote user to perform unauthorized actions due to improper...

7.5CVSS6.7AI score0.00726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/13 6:27 a.m.•51 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering displays sensitive Information on ADMIN page (CVE-2022-34355).

Summary Application displays Sensitive Information related to the backend technologies like JVM, DB Version, Application Server on ADMIN page. Vulnerability Details CVEID:CVE-2022-34355 DESCRIPTION: IBM Jazz Foundation could disclose sensitive version information to a user that could be used in...

5.5CVSS4.5AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/06 10:52 p.m.•51 views

Security Bulletin: FasterXML jackson-databind vulnerabilites impact IBM Sterling Order Management

Summary Various FasterXML jackson-databind vulnerabilites include the following: could allow a remote attacker to execute arbitrary code on the system, could provide weaker than expected security, could allow a remote attacker to obtain sensitive information, could be vulnerable to a denial of...

9.8CVSS9.6AI score0.26587EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/10/05 8:23 p.m.•51 views

Security Bulletin: IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service

Summary IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, ...

7.5CVSS7.5AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/27 1:24 p.m.•51 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial ...

7.5CVSS7.1AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/26 6:26 p.m.•51 views

Security Bulletin: Okio GzipSource is vulnerable to CVE-2023-3635 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Okio GzipSource which is vulnerable to CVE-2023-3635. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffe...

7.5CVSS6.4AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/19 1:44 p.m.•51 views

Security Bulletin: Vulnerabilities in Linux kernel and Python can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Python and Linux kernel. Vulnerabilities include gaining elevated privileges, executing arbitrary commands, obtaining sensitive information, denial of service, executing arbitrary code, improper validation, and bypassing...

7.8CVSS9.4AI score0.20459EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/15 1:19 p.m.•51 views

Security Bulletin: CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Advanced 11.1

Summary CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to "Go" affect IBM CICS TX Advanced 11.1. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inje...

9.8CVSS10AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/09/05 1:38 p.m.•51 views

Security Bulletin: A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center(CVE-2023-24998)

Summary A vulnerabilitiy has been identified in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability...

7.5CVSS7.7AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/31 7:4 p.m.•51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...

9.8CVSS7.7AI score0.01827EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/29 5:28 p.m.•51 views

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and improper file download via http-cache-semantics, Gin-Gonic, and YAML (CVE-2022-25881, CVE-2023-2251, CVE-2023-29401)

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be vulnerable to denial of service via http-cache-semantics, denial of service via TypeScript's yaml and improper file attachment download for Node.js's http-cache-semantics as...

7.5CVSS6.6AI score0.01613EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/08/18 9:24 p.m.•51 views

Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator

Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.8AI score0.01122EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/28 1:39 p.m.•51 views

Security Bulletin: GNOME libxml2 vulnerability affects IBM Safer Payments (CVE-2023-29469)

Summary Libxml2 is used by IBM Safer Payments as part of PMML models, external queries, and docx file templates for Outgoing Channel Configurations. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29469 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service,...

6.5CVSS6.8AI score0.01013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/11 8:56 p.m.•51 views

Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868)

Summary IBM® Db2® JDBC driver is vulnerable to multiple remote code execution issues. These vulnerabilties are addressed. Vulnerability Details CVEID:CVE-2023-27869 DESCRIPTION: IBM Db2 JDBC Driver could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

8.8CVSS7.9AI score0.01378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/05 9:10 p.m.•51 views

Security Bulletin: IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998)

Summary Apache Commons FileUpload is used by IBM Content Navigator as part of the file upload functionailty. CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of reques...

7.5CVSS7.5AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/29 5:28 p.m.•51 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Go [CVE-2023-24539 and CVE-2023-24540]

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote code injection due to Go CVE-2023-24539 and CVE-2023-24540, with details below. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerabl...

9.8CVSS9.1AI score0.01548EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/28 10:15 p.m.•51 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2019-2602, CVE-2019-2684)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

7.5CVSS7.5AI score0.37618EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/28 10:7 p.m.•51 views

Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-8039)

Summary Apache CXF is shipped with IBM Tivoli Network Manager IP Edition. Information about a security vulnerability affecting Apache CXF has been published here. Vulnerability Details CVE-ID: CVE-2018-8039 Description: Apache CXF could allow a remote attacker to conduct a man-in-the-middle attac...

8.1CVSS6.5AI score0.10348EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/28 10:7 p.m.•51 views

Security Bulletin: A security vulnerability has been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0732).

Summary Open SSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here. Vulnerability Details CVE-ID: CVE-2018-0732 Description: OpenSSL is vulnerable to a denial of service, caused by the sending o...

7.5CVSS7.6AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/16 3:20 p.m.•51 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS10AI score0.99615EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/12 2:27 p.m.•51 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java CVE-2023-28867 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.3AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/26 2:13 p.m.•51 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Go, OpenSSL and Node.js Vulnerability Details CVEID:CVE-2023-0361 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing side-channel flaw in t...

9.8CVSS9.3AI score0.99615EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/15 5:19 p.m.•51 views

Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow (CVE-2023-24998)

Summary IBM Business Automation Workflow packages a vulnerable copy of Apache commons-fileupload in its /BPM/Lombardi/lib directory. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number o...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/08 8:40 a.m.•51 views

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable xstream-1.4.17.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable xstream-1.4.17.jar. Hence xstream-1.4.17.jar upgraded to xstream-1.4.19.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based...

8.8CVSS8.6AI score0.98124EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/02 6:20 p.m.•51 views

Security Bulletin: Potential security bypass in IBM DataPower Gateway (CVE_2023-23920)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICUDATA environment variable, an attacker...

4.2CVSS6AI score0.00471EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/24 3:57 p.m.•51 views

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2023-28528)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2023-28528. Vulnerability Details CVEID:CVE-2023-28528 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...

8.4CVSS8AI score0.01457EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/14 2:32 p.m.•51 views

Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in Linux Kernel. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in Linux Kernel. Vulnerability Details CVEID: CVE-2017-11176...

7.8CVSS7.7AI score0.03631EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/07 6:39 p.m.•51 views

Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x)

Summary Multiple sub-components of IBM i ship log4j version v1.x files making them vulnerable to the issue described in the vulnerability details section. IBM Navigator for i - heritage version uses log4j v1.x and cannot be updated to log4j v2.x. Integrated Web Server IWS V2.6 contains unused...

7.5CVSS8.8AI score0.81147EPSS
Exploits9Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/31 6:0 p.m.•51 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat (CVE-2022-43680).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat caused by a use-after free memory issue CVE-2022-43680. libexpat is included as part of the Base OS used by our service images. Please read the details for remediation below...

7.5CVSS7.4AI score0.02241EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/31 2:17 p.m.•51 views

Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System

Summary Multiple vulnerabilities found in follow-redirect, html-parse-stringify2, nth-check, pycrypto affect Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2...

9.1AI score0.09501EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•51 views

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2014-6593, CVE-2015-0410)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: A fla...

5CVSS4.7AI score0.67234EPSS
Exploits5Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•51 views

Security Bulletin: Vulnerability in zlib affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the zlib package used by IBM Spectrum Virtualize may result in a denial of service for the whole application if an attacker is able to inject crafted input. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...

7.5CVSS8.1AI score0.51733EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•51 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in...

8.6CVSS8.4AI score0.08033EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/28 1:29 p.m.•51 views

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-41854)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a...

6.5CVSS6.4AI score0.01476EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/17 5:13 p.m.•51 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...

8.5CVSS8.6AI score0.14024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/16 3:25 p.m.•51 views

Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard

Summary Multiple CVEs - CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard . IBM CICS TX Standard has addressed the applicable CVEs. Relevant go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION:...

7.5CVSS7.2AI score0.05623EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/10 4:0 p.m.•51 views

Security Bulletin: server-side request forgery vulnerability in Apache CXF (CVE-2022-46364) may affect CICS TX Advanced

Summary CICS TX Advanced has addressed a vulnerability in Apache CXF CVE-2022-46364. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a...

9.8CVSS9.1AI score0.0193EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/07 4:39 p.m.•51 views

Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]

Summary IBM Security Guardium has addressed these vulnerabilities CVE-2022-39166, CVE-2022-34917, CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-39166 DESCRIPTION: IBM Security Guardium could allow a privileged user to obtain sensitive information inside of an HTTP response. CVSS Base score:...

9.8CVSS9.2AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•51 views

Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSSL to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-2177, CVE-2016-2178, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6304, and CVE-2016-6306 could allow a remote attacker to...

9.8CVSS8.6AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:4 p.m.•51 views

Security Bulletin: Multiple vulnerabilities in Java SE affect IBM CICS TX Advanced

Summary Java SE is used by IBM CICS TX Advanced to run WebSphere Liberty, Fix Installer and Java based CICS applications in the product. The following CVEs are applicable: Denial of service CVEs - CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21294,...

5.3CVSS5.1AI score0.08346EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000