Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/22 5:47 a.m.51 views

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

5CVSS1.3AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:42 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in October 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-10345...

7.5CVSS1.4AI score0.16181EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:39 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in July 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-10198 DESCRIPTIO...

9.6CVSS9.3AI score0.05034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:38 a.m.51 views

Security Bulletin: A vulnerability in httpd affects PowerKVM

Summary PowerKVM is affected by a vulnerability in the Apache HTTP Server httpd. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...

7.5CVSS6.6AI score0.94999EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:38 a.m.51 views

Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in MariaDB. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3600 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Client mysqldump component could allow an authenticated attacker to...

7.7CVSS1.6AI score0.04945EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.51 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL was used by IBM FSM SMIA configuration tool commonly known as Network Advisor. This bulletin addresses the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3730 DESCRIPTION: OpenSSL is...

7.5CVSS1.4AI score0.57595EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:34 a.m.51 views

Security Bulletin: A vulnerability in expat affects PowerKVM

Summary PowerKVM is affected by a vulnerability in expat. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, ...

9.8CVSS0.8AI score0.13335EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:29 a.m.51 views

Security Bulletin: Vulnerabilities in libuser affect PowerKVM (CVE-2015-3245 and CVE-2015-3246)

Summary PowerKVM is affected by two vulnerabilities CVE-2015-3245 and CVE-2015-3246 in libuser. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline character...

7.2CVSS1.4AI score0.06853EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:36 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Storwize V7000 Unified

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition. IBM Storwize V7000 Unified has addressed the applicable CVEs. Vulnerability Details IBM Storwize V7000 Unified is shipped with Java. Java is required for administration of V7000 Unified, for executing V7000...

9.6CVSS0.8AI score0.03524EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:32 a.m.51 views

Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.

Summary Multiple Apache Tomcat vulnerabilities affect IBM SONAS. Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected. CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat...

9.8CVSS0.9AI score0.90338EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:28 a.m.51 views

Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect u...

9.8CVSS1.1AI score0.44505EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:28 a.m.51 views

Security Bulletin: January 2015 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Java Runtime Environment JRE software libraries. JRE versions up to 8u31 and 7u75 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover including arbitrary code execution, a partial denial o...

10CVSS1.3AI score0.99999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.51 views

Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM SONAS (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296)

Summary A fix is available for IBM SONAS, for the security vulnerabilities in Network Time Protocol NTP being used. Vulnerability Details Network Time Protocol NTP is used in IBM SONAS for synchronizing time. CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd coul...

7.5CVSS0.8AI score0.7809EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.51 views

Security Bulletin: IBM Virtualization Engine TS7700 - SSH Server CBC Mode Ciphers Enabled (CVE-2008-5161)

Summary The SSH server is configured to support Cipher Block Chaining CBC encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Vulnerability Details CVEID: CVE-2008-5161 DESCRIPTION: The SSH server is configured to support Cipher Block Chaining CBC...

2.6CVSS0.6AI score0.15395EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:8 a.m.51 views

Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2014-3493)

Summary A fix is available for IBM Storwize V7000 Unified, for the security issue that an attacker could crash applications by exploiting a vulnerability in Samba Vulnerability Details CVEID: CVE-2014-3493 DESCRIPTION: Samba is used in IBM Storwize V7000 Unified to enable file management and...

2.7CVSS1.3AI score0.07269EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.51 views

Security Bulletin: SSLv3 POODLE Attack (CVE-2014-3566)

Summary SSLv3 POODLE Attack CVE-2014-3566 impacts IBM Service Deliver Manager. Vulnerability Details Review the following security bulletins for vulnerability details and information about fixes: Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server CVE-2014-3566...

4.3CVSS0.1AI score0.99999EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.51 views

Security Bulletin: Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual Appliance

Summary Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual Appliance CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Vulnerability Details Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that...

10CVSS1.6AI score0.99999EPSS
Exploits142Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:39 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID: CVE-2017-3289 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Hotsp...

9.6CVSS0.8AI score0.95707EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:53 p.m.51 views

Security Bulletin: IBM Tivoli Storage FlashCopy Manager 4.1 and 3.2 UNIX and VMware is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-ID: CVE-2014-3470

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

7.4CVSS1.2AI score0.95326EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:39 p.m.51 views

Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450 and CVE-2013-6449)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2013-4353 DESCRIPTION: A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue...

5.8CVSS0.7AI score0.21174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:22 a.m.51 views

Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service

Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-8745 DESCRIPTION: Apache Tomcat could...

9.1CVSS0.1AI score0.1684EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:22 a.m.51 views

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine

Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2017-3514 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE AWT component could allow an unauthenticate...

9.8CVSS0.8AI score0.07489EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:4 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-0410 and CVE-2014-6593 )

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7SR8, that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT...

5CVSS1AI score0.67234EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:1 a.m.51 views

Security Bulletin: OpenSSL vulnerabilities for Rational Automation Framework Security Advisory (CVE-2015-0204)

Summary A vulnerability in the OpenSSL ssl3getkeyexchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using...

4.3CVSS1.4AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.51 views

Security Bulletin: IBM Data Risk Manager has released VM v2.0.1 in response to the vulnerability known as Spectre.

Summary IBM has released the following VM v2.0.1 for IBM Data Risk Manager in response to CVE-2017-5753 and CVE-2017-5715. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 Affected Products and Versions IBM Data Risk Manager - 2.0.0 Remediation/Fixes Customers must install IBM Data...

5.6CVSS4.2AI score0.93838EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:2 p.m.51 views

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openssh (CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515)

Summary IBM QRadar Network Security has addressed vulnerabilities in openssh. Vulnerability Details CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the authpassword function. A remote...

7.8CVSS0.9AI score0.88944EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:2 p.m.51 views

Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters

Summary A vulnerability was found in the OpenSSL release used by the Windows and z/OS Security Identity Adapters. These adapters have been upgraded to a more current OpenSSL release that corrects the CVE CVE-2016-8610 "SSL Death Alert: OpenSSL SSL/TLS SSL3ALWARNING undefined alert Remote DoS"...

7.5CVSS1AI score0.39657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:59 p.m.51 views

Security Bulletin: Multiple vulnerabilities in Open Source openSSL affect IBM Security Identity Governance Appliance

Summary Vulnerabilities in Open Source openssl that is used by IBM Security Identity Governance CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6306 CVE-2016-6304 CVE-2016-2183 Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenS...

9.8CVSS1AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:51 p.m.51 views

Security Bulletin: A vulnerability has been addressed in the GSKit component of IBM Security Directory Server (CVE-2016-2183)

Summary IBM GSKit could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could all...

7.5CVSS1.4AI score0.95707EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:48 p.m.51 views

Security Bulletin: IBM Security Access Manager is affected by vulnerabilities in Python (CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110)

Summary Vulnerabilities have been identified in Python. IBM Security Access Manager appliances use Python and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by...

6.5CVSS1.2AI score0.14524EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:44 p.m.51 views

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection

Summary The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple vulnerabilities have been discovered in libxml2 used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-1762 DESCRIPTION: Apple Safari and Apple iOS could...

10CVSS2.9AI score0.1398EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:40 p.m.51 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Guardium. IBM Security Guardium has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Detail...

5.9CVSS0.5AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM Security Guardium versions 9x and 10 respectively. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-4868...

10CVSS6.2AI score0.13354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4734 DESCRIPTION: An...

10CVSS0.9AI score0.13354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:31 p.m.51 views

Security Bulletin: Open Source Apache Tomcat as used in IBM QRadar SIEM is vulnerable to a security bypass. (CVE-2014-7810)

Summary Open Source Apache Tomcat Security Manager bypass. Vulnerability Details CVE-ID: CVE-2014-7810 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the...

5CVSS0.8AI score0.13872EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:25 p.m.51 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection

Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Security Network Protection. These vulnerabilities include CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216, and CVE-2015-1788. Vulnerability Details CVE ID: CVE-2014-8176 DESCRIPTION...

7.5CVSS1.4AI score0.74483EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:19 p.m.51 views

Security Bulletin: Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)

Summary The PHP language version used by IBM QRadar Incident Forensics 7.2 MR2 contains multiple vulnerabilities. Vulnerability Details CVE ID: CVE-2014-3515 DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion when performing an...

7.5CVSS1.1AI score0.30128EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:18 p.m.51 views

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by vulnerabilities in OpenSSL (CVE-2014-0224)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this...

7.4CVSS2AI score0.95326EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:5 p.m.51 views

Security Bulletin: Vulnerabilities in OpenSSL and PHP affect IBM Tealeaf Customer Experience (CVE-2016-2107, CVE-2016-6290, CVE-2016-7125)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. The IBM Tealeaf Customer Experience Passive Capture Application PCA component uses a version...

10CVSS1AI score0.89058EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:36 p.m.51 views

Security Bulletin: IBM Tealeaf Customer Experience (CX) is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...

7.5CVSS0.8AI score0.99999EPSS
Exploits87Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:34 p.m.51 views

Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure, Price, Quote are affected by multiple Apache Struts 2 security vulnerabilities.

Summary IBM Sterling Order Management and IBM Sterling Configure Price Quote use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2. Vulnerability Details CVEID: CVE-2013-4310 Description: Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to...

10CVSS1.1AI score0.99998EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:19 p.m.51 views

Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench

Summary A Struts vulnerability affects IBM InfoSphere Metadata Workbench. Vulnerability Details CVEID: CVE-2017-15707 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted JSON request using outdated json-lib with the Struts REST plugin, a remote attacker...

6.2CVSS1.9AI score0.04889EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:6 p.m.51 views

Security Bulletin: Unix File Parameter Alteration vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-3064).

Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to a Unix file parameter alteration vulnerability. This vulnerability might allow unauthorized access to data; specifically, an authorized person might be able to copy files from the InfoSphere MDM - Collaborati...

6.3CVSS1.5AI score0.01114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:46 p.m.51 views

Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload Vulnerabilities IBM Algorithmics AlgoCore

Summary The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service CPU consumption via a long boundary...

7.8CVSS2AI score0.35927EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.51 views

Security Bulletin: Vulnerability in OpenSSL affects IBM DataPower Gateways (CVE-2017-3735)

Summary A potential vulnerability has been reported by the OpenSSL project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

5.3CVSS6.5AI score0.17699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.51 views

Security Bulletin: CICS Transaction Gateway for Multiplatforms

Summary Multiple security vulnerabilities exist in the JREs shipped with CICS Transaction Gateway CICS TG for client applications. CICS TG itself is not vulnerable to all these risks but client side applications using the CICS TG supplied JREs might be. Vulnerability Details CVEID: CVE-2016-3443...

10CVSS0.8AI score0.92334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.51 views

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006 Vulnerability Details CVE IDs: CVE-2015-4844 CVE-2015-4843 CVE-2015-4805 CVE-2015-4860 CVE-2015-4883 CVE-2015-4835 CVE-2015-4810 CVE-2015-4806 CVE-2015-4871 CVE-2015-4902 CVE-2015-4872...

10CVSS6.5AI score0.13354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time

Summary Java SE issues disclosed in the Oracle January 2014 Critical Patch Update Vulnerability Details CVE IDs: CVE-2014-0428 CVE-2014-0422 CVE-2013-5907 CVE-2014-0415 CVE-2014-0410 CVE-2013-5889 CVE-2014-0417 CVE-2014-0387 CVE-2014-0424 CVE-2013-5878 CVE-2014-0373 CVE-2014-0375 CVE-2014-0403...

10CVSS0.6AI score0.08383EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 9:36 p.m.50 views

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Question Is the Network IPS system affected by Ruby on Rails vulnerabilities? "Product":"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System","Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Component":"General...

5.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/15 8:2 a.m.50 views

Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC

Summary The openssh and libssh libraries are used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process ...

7.5CVSS6.6AI score0.9378EPSS
Exploits5Affected Software1
Total number of security vulnerabilities5000