Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.51 views

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Security Network Intrusion Prevention System (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...

5.9CVSS5.9AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 5:2 p.m.51 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM QRadar SIEM (CVE-2014-3567, CVE-2014-3568, CVE-2014-3508, CVE-2014-3511)

Summary OpenSSL vulnerabilities were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2014-3567 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a memo...

7.1CVSS5.5AI score0.23598EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 10:30 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 7 and Java™ Version 8 that is used by IBM Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in Oct 2021. Vulnerability Details CVEID: CVE-2021-35578...

5.3CVSS6.3AI score0.06218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:27 p.m.51 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Tivoli Storage Productivity Center (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS4.9AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 5:6 p.m.51 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2022 Critical Patch Update, except for CVE-2022-21299 which will be covered by a future bulletin. For more information please refer to Oracle's January 2022 CPU Advisory and the X-Force database...

5.3CVSS5.2AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/07 5:35 p.m.51 views

Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities

Summary IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities Vulnerability Details CVEID: CVE-2020-36179 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and...

8.8CVSS8.8AI score0.20929EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/01 11:37 a.m.51 views

Security Bulletin: IBM Java Runtime Vulnerability affects IBM Spectrum Protect Snapshot for VMware (CVE-2020-2654)

Summary A denial of service vulnerability in IBM® Runtime Environment Java™ was disclosed as part of the IBM Java SDK updates in January 2020. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Snapshot for VMware. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified...

4.3CVSS5.3AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/31 1:22 p.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary Apache Log4J is used by IBM App Connect Enterprise Certified Container ACEcc for logging when generating a bar file that contains a JDBC connector and when running a Designer flow that contains a JDBC connector. IBM ACEcc Designer Authoring operands and Integration Server operands that us...

10CVSS7.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/31 9:38 a.m.51 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Summary Vulnerabilities in Apache Log4j affect the logging infrastructure in the ATNAAudit node and the XDSConsumer pattern in IBM App Connect for Healthcare. IBM App Connect for Healthcare have addressed these vulnerabilities, the fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID:...

7.5CVSS1.3AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/28 10:49 a.m.51 views

Security Bulletin: Vulnerability in Apache Log4j affects InfoSphere Data Architect (CVE-2021-4104)

Summary Apache Log4j open source library is used by InfoSphere Data Architect. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

7.5CVSS1.4AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/20 6:0 p.m.51 views

Security Bulletin: IBM WebSphere Application Server shipped with IBM WebSphere Application Server Patterns have multiple vulnerabilities in Apache log4j (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server traditional in the Admin Console and UDDI Registry application. This has been addressed in...

8.5CVSS2.9AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 9:33 p.m.51 views

Security Bulletin: CVE-2021-42340 Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections.

Summary Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:...

7.5CVSS1AI score0.10997EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/05 7:9 p.m.51 views

Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44228

Summary IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44228. Log4j is used by various microservices either directly or indirectly through dependent open source software for logging messages to files. Vulnerability Details CVEID: CVE-2021-4422...

10CVSS1AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/26 4:33 p.m.51 views

Security Bulletin: Multiple Remote Attack Vulnerabilities in Apache Log4j affect IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent

Summary There are multiple Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45046, CVE-2021-45105 which is used by IBM LKS Administration And Reporting Tool and its Agent. A fix is available to address the vulnerability. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:39 p.m.52 views

Security Bulletin: IBM Event Streams UI affected by multiple node package vulnerabilities

Summary IBM Event Streams UI affected by multiple node package vulnerabilities Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 ...

9.8CVSS8.4AI score0.37286EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/29 5:53 a.m.51 views

Security Bulletin: A Security Vulnerability in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent

Summary A security vulnerability, related to Apache Commons Compress library, has been found in the IBM® WebSphere Application Server Liberty used by IBM LKS Administration and Reporting Tool and its Agent. A fix has been identified and is being published here. Vulnerability Details CVEID:...

7.5CVSS7.4AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/16 3:38 p.m.51 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By...

9.8CVSS9.1AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/09 4:19 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Ja...

7.5CVSS2.1AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/01 2:26 p.m.51 views

Security Bulletin: IBM Sterling Order Management is affected by Apache Commons BeanUtils security vulnerabilities (CVE-2019-10086)

Summary IBM Sterling Order Management use Apache Commons BeanUtils and are affected by some of the vulnerabilities that exist in this component. Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the syste...

7.5CVSS0.7AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/29 8:15 p.m.51 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in XStream (CVE-2021-29505)

Summary A vulnerability in XStream that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29505 DESCRIPTION: XStream XStream could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation...

8.8CVSS1.4AI score0.77735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/25 12:12 p.m.51 views

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility (CVE-2016-5597)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Installation Manager and IBM Packaging Utility. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVEID: CVE-2016-5597 DESCRIPTION: An unspecified...

5.9CVSS2.2AI score0.03937EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/18 6:26 a.m.51 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-39275)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

1.1AI score0.36339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 9:17 p.m.51 views

Security Bulletin:Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager

Summary IBM WebSphere Application Server WAS is shipped with IBM Security Identity Manager ISIM. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.3CVSS2.6AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 8:11 a.m.51 views

Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341)

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allo...

7.5CVSS1.1AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 6:2 p.m.51 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploi...

9.8CVSS1.8AI score0.37286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 1:35 p.m.51 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Type response...

9.8CVSS1AI score0.94999EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/14 8:7 p.m.51 views

Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2021 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition from July 2021 CPU that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS...

7.5CVSS0.5AI score0.04008EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/01 1:53 p.m.51 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat from v5.5.36 to v7.0.90 in IBM Platform Symphony 6.1.1 and from v6.0.43 to v8.5.32 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerability CVE-2018-8014 in Tomcat. Vulnerability Details CVE-ID:...

9.8CVSS8.7AI score0.21979EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:4 a.m.51 views

Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-25215 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an assertion failure while answering queries fo...

8.1CVSS8.4AI score0.64161EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/14 9:30 p.m.51 views

Security Bulletin: One vulnerability in IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services and IBM FileNet Legacy Content Search Engine (CVE-2014-0114)

Summary A security vulnerability exists in IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services and IBM FileNet Legacy Content Search Engine. See the individual descriptions for the details. Vulnerability Details CVEID: CVE-2014-0114 CVE-2014-0114...

7.5CVSS9.2AI score0.96121EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/03 10:7 p.m.51 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Informix Genero (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Informix Genero. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS4.9AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.51 views

Security Bulletin: Vulnerability in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.6 and 1.7 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational...

7.5CVSS0.5AI score0.95707EPSS
Exploits7Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.51 views

Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

Summary IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. Vulnerability Details CVEID: CVE-2018-18224 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In...

8.1CVSS1.6AI score0.02163EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 3:32 p.m.51 views

Security Bulletin: Multiple vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in various versions of FasterXML jackson-databind that affect Apache Solr. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-14718 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute...

10CVSS1AI score0.45205EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/09 6:28 p.m.51 views

Security Bulletin: Vulnerability in Apache MyFaces affects WebSphere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2021-26296)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

7.5CVSS2.9AI score0.03026EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/26 2:10 p.m.51 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-14803 and CVE-2020-27221

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ is supported by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive...

9.8CVSS1.6AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 7:45 p.m.51 views

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in Libxml2

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in Libxml2. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An...

7.5CVSS1.4AI score0.07836EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/01 10:55 p.m.51 views

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow ...

6.8CVSS1.8AI score0.03392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/12 9:39 p.m.51 views

Security Bulletin: A security vulnerability has been identified in IBM Java Runtime which affects DataQuant for z/OS

Summary An unspecified vulnerability has been identified in IBM Java Runtime that could affect DataQuant for z/OS. Vulnerability Details CVEID: CVE-2018-12547 CVSS Base Score: 9.8 DESCRIPTION: A widely used function in the OpenJ9 JVM is vulnerable to buffer overlows. Multiple Java Runtime...

9.8CVSS0.8AI score0.05074EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/09 9:58 a.m.51 views

Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in Node.js and FasterXML jackson-databind may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly....

8.8CVSS2AI score0.54164EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/04 3:47 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-14779...

5.8CVSS0.9AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/12 2:42 p.m.51 views

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service,...

10CVSS1.3AI score0.77245EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 5:4 p.m.51 views

Security Bulletin: Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation (CVE-2019-12400)

Summary Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation Vulnerability Details CVEID: CVE-2019-12400 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the loading of XML parsing code...

5.5CVSS1.1AI score0.00776EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 6:58 a.m.51 views

Security Bulletin: OSS scan fixes for Content pos

Summary Open Source security issues for Content pod Vulnerability Details CVEID: CVE-2018-20677 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the affix configuration target property. A remote attacker could exploit this...

9.8CVSS1.1AI score0.1686EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/10 11:35 a.m.51 views

Security Bulletin: Vulnerability in httpd affects IBM Integrated Analytics System

Summary Redhat provided httpd is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15710 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory write error. By...

7.5CVSS1.8AI score0.18197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 3:51 p.m.51 views

Security Bulletin: WebSphere Application Server - Oracle CPU shipped with Rational Developer for System z June 2013 (CVE-2013-1571)

Summary The IBM WebSphere Application Server shipped in Rational Developer for System z Software includes an IBM Java SDK that is based on the Oracle JDK. Oracle has released June 2013 critical patch updates CPU which contain security vulnerability fixes and the IBM Java SDK has been updated to...

10CVSS0.2AI score0.98704EPSS
Exploits32Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/13 3:50 p.m.51 views

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-9547 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in...

9.8CVSS1.7AI score0.18671EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/05 8:53 p.m.51 views

Security Bulletin: IBM Security Guardium is affected by Python vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9948 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by improper input validation by the urllib. By sending a specially-crafted request, an...

9.1CVSS0.9AI score0.11844EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/01 1:30 p.m.51 views

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.

Summary Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9. Vulnerability Details CVEID: CVE-2020-8184 DESCRIPTION: Rack could allow a remote attacker to bypass security restrictions, caused by the lack of validation/integrity check security for cookies. By...

7.5CVSS0.7AI score0.04404EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/10 3:49 p.m.51 views

Security Bulletin: A vulnerability in IBM Java SDK affects Rational Software Architect for WebSphere Software (CVE-2014-4263)

Summary The JSSE component's Diffie-Hellman key exchange implementation is vulnerable to a man-in-the-middle attack. The fix adds a new check to prevent the attack. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link...

6.4CVSS0.7AI score0.03501EPSS
Exploits0Affected Software4
Total number of security vulnerabilities5000