Lucene search
K
IbmMost viewed

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:41 p.m.51 views

Security Bulletin: Vulnerability in Apache Taglibs affects IBM InfoSphere Information Server (CVE-2015-0254)

Summary An Apache Taglibs vulnerability while processing XML data was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External...

7.5CVSS1.6AI score0.1326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:6 p.m.51 views

Security Bulletin: Unix File Parameter Alteration vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-3064).

Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to a Unix file parameter alteration vulnerability. This vulnerability might allow unauthorized access to data; specifically, an authorized person might be able to copy files from the InfoSphere MDM - Collaborati...

6.3CVSS1.5AI score0.01114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:46 p.m.51 views

Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload Vulnerabilities IBM Algorithmics AlgoCore

Summary The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service CPU consumption via a long boundary...

7.8CVSS2AI score0.35927EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.51 views

Security Bulletin: Vulnerability in OpenSSL affects IBM DataPower Gateways (CVE-2017-3735)

Summary A potential vulnerability has been reported by the OpenSSL project. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

5.3CVSS6.5AI score0.17699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.51 views

Security Bulletin: CICS Transaction Gateway for Multiplatforms

Summary Multiple security vulnerabilities exist in the JREs shipped with CICS Transaction Gateway CICS TG for client applications. CICS TG itself is not vulnerable to all these risks but client side applications using the CICS TG supplied JREs might be. Vulnerability Details CVEID: CVE-2016-3443...

10CVSS0.8AI score0.92334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.51 views

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006 Vulnerability Details CVE IDs: CVE-2015-4844 CVE-2015-4843 CVE-2015-4805 CVE-2015-4860 CVE-2015-4883 CVE-2015-4835 CVE-2015-4810 CVE-2015-4806 CVE-2015-4871 CVE-2015-4902 CVE-2015-4872...

10CVSS6.5AI score0.13354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.51 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time

Summary Java SE issues disclosed in the Oracle January 2014 Critical Patch Update Vulnerability Details CVE IDs: CVE-2014-0428 CVE-2014-0422 CVE-2013-5907 CVE-2014-0415 CVE-2014-0410 CVE-2013-5889 CVE-2014-0417 CVE-2014-0387 CVE-2014-0424 CVE-2013-5878 CVE-2014-0373 CVE-2014-0375 CVE-2014-0403...

10CVSS0.6AI score0.08383EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 9:36 p.m.50 views

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Question Is the Network IPS system affected by Ruby on Rails vulnerabilities? "Product":"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System","Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Component":"General...

5.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:43 a.m.50 views

Security Bulletin: Improper Unicode Handling in validator isLength() Leads to Input Length Bypass (Pre-13.15.22) affects watsonx.data

Summary Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string...

8.7CVSS6AI score0.00454EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/15 8:2 a.m.50 views

Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC

Summary The openssh and libssh libraries are used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process ...

7.5CVSS6.6AI score0.9378EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:13 p.m.50 views

Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2007-2243 DESCRIPTION: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user...

7.8CVSS8.6AI score0.19433EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 10:53 p.m.50 views

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

9.8CVSS9.8AI score0.45205EPSS
Exploits8Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 10:48 p.m.50 views

Security Bulletin: IBM Spectrum Symphony with Node.js various security issues

Summary IBM Spectrum Symphony with Node.js various security issues Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICUDATA...

7.7CVSS7.3AI score0.02209EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:53 a.m.50 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

7.5CVSS10AI score0.99999EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:54 a.m.50 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-22020 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system. By embedding...

8CVSS10AI score0.11586EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:22 a.m.50 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2020-19909 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by an integer overflow in...

9.8CVSS9.6AI score0.78483EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/09 6:30 a.m.50 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest update to IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...

9.8CVSS9.1AI score0.01827EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:55 a.m.50 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

9.8CVSS10AI score0.03567EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:30 a.m.50 views

Security Bulletin: IBM Security Verify Governance stores user credentials in plain clear text which can be read by a local user (CVE-2022-22470)

Summary IBM Security Verify Governance is vulnerable to exposure of user credentials to local users due to storage of credentials in cleartext CVE-2022-22470. This vulnerability has been removed by a code fix. Vulnerability Details CVEID:CVE-2022-22470 DESCRIPTION: IBM Security Verify Governance...

5.5CVSS5.3AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:25 a.m.50 views

Security Bulletin: Dashboard of IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-22352)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability in Dashboard. Vulnerability Details CVEID:CVE-2022-22352 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

5.4CVSS5.2AI score0.00365EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 12:58 a.m.50 views

Security Bulletin: spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services (CVE-2024-22259)

Summary spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services CVE-2024-22259 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.1CVSS6.2AI score0.03967EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 12:57 a.m.50 views

Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib...

9.8CVSS9.3AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 6:8 p.m.50 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-46984 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw when...

8.4CVSS9AI score0.00413EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 10:14 a.m.50 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-25629 DESCRIPTION: C-ares is vulnerable to a denial of service, caused by an...

10CVSS9.3AI score0.36081EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 5:54 p.m.50 views

Security Bulletin: Vulnerability in Certifi python-certifi

Summary Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the us...

7.5CVSS7.3AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/06 7:15 p.m.50 views

Security Bulletin: IBM watsonx Orchestrate for IBM Cloud Pak for Data affected by vulnerability in OpenSSH CVE-2024-6387

Summary Security Bulletin: IBM watsonx Orchestrate for IBM Cloud Pak for Data affected by vulnerability in OpenSSH CVE-2024-6387. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race...

8.1CVSS8.4AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/12 12:44 p.m.50 views

Security Bulletin: IBM Security QRadar Manager for YARA and SIGMA Rules App for IBM QRadar SIEM is vulnerable to using a component with a known vulnerability (CVE-2024-35195)

Summary The product includes a vulnerable component e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerability. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS5.6AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 11:6 a.m.50 views

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service CVE-2023-4807, CVE-2023-3817 Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in...

7.8CVSS6.8AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 7:47 a.m.50 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in net-ssh-4.2.0.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of net-ssh-4.2.0.gem Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport...

5.9CVSS6.4AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 11:34 p.m.50 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive...

10CVSS9.7AI score0.95764EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 8:37 a.m.50 views

Security Bulletin: An IBM QRadar SIEM JDBC protocol is vulnerable to SQL injection (CVE-2024-1597)

Summary PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection which could allow a remote attacker to send specially crafted SQL statements enabling the attacker to view, add, modify or delete information. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC ...

10CVSS9.8AI score0.0481EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 4:44 p.m.50 views

Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through...

7.5CVSS7.6AI score0.00609EPSS
Exploits0Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/29 9:30 a.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale

Summary There are vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in Jan 2024. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945. Vulnerability Detail...

7.4CVSS6.6AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 2:7 p.m.50 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]

Summary Node.js module follow-redirects is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

6.5CVSS6.4AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 11:29 a.m.50 views

Security Bulletin: Multiple vulnerabilities in Dojo toolkit shipped with IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client

Summary Dojo toolkit is used for UI in IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client. These vulnerabilities are reported in Dojo toolkit CVE-2019-10785, CVE-2018-6561, CVE-2020-4051, CVE-2018-15494, CVE-2020-5259. Vulnerability Details CVEID:CVE-2019-10785 DESCRIPTION:...

9.8CVSS7.3AI score0.02611EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/05 3:13 p.m.50 views

Security Bulletin: There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Asset Management application (CVE-2023-44487)

Summary There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 11:2 a.m.50 views

Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System

Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service, an attacker to obtain sensitive information or gain elevated privileges on the system . Fixes for these vulnerabilities are available. CVE-2023-3772,...

7.8CVSS8.6AI score0.0072EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 6:28 p.m.50 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-22017 DESCRIPTION: Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid to drop all...

9.8CVSS8.4AI score0.03168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/28 6:46 a.m.50 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM MQ which is shipped with IBM Intelligent Operations Center(CVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016)

Summary Multiple security vulnerabilities have been identified in IBM MQ which shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM MQ has been published in a security bulletinCVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016...

9.8CVSS9AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 4:38 p.m.50 views

Security Bulletin: Security vulnerabilities found in IBM WebSphere Application Server Liberty have been addressed in IBM Security Verify Directory Container (CVE-2023-44487, CVE-2023-46158, CVE-2023-44483, CVE-2023-24998)

Summary Multiple Security vulnerabilities found in the IBM WebSphere Application Server Liberty as shipped with IBM Security Verify Directory Container have been addressed. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a...

9.8CVSS8.4AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:49 p.m.50 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to json-path [CVE-2023-51074]

Summary The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to json-path. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/12 8:56 p.m.50 views

Security Bulletin: There is a vulnerability in tinymce-6.7.1.min.js used by IBM Maximo Asset Management application (CVE-2023-48219)

Summary There is a vulnerability in tinymce-6.7.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-48219 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the text nodes. A remote attacke...

6.1CVSS6.1AI score0.00715EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/23 5:15 p.m.50 views

Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation. [CVE-2023-51385]

Summary OpenSSH used by IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section below...

6.5CVSS7.5AI score0.19753EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:1 a.m.50 views

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2023-5676)

Summary There is a vulnerability in IBM® Java™ version 8 and 11 used by IBM CPLEX Optimization Studio. This issue was disclosed as part of the Oracle / OpenJDK October 2023 Critical Patch Updates. Vulnerability Details CVEID:CVE-2023-5676 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of...

5.9CVSS5.1AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/22 2:14 p.m.50 views

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS TX Standard is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

Summary IBM WebSphere Liberty is used by IBM CICS TX Standard to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 9:45 p.m.50 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in the RHEL UBI (CVE-2023-27533)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27533 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID: CVE-2023-27533 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

8.8CVSS6.7AI score0.01993EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/10 8:32 a.m.50 views

Security Bulletin: Vulnerabilities in VMware affect IBM Cloud Pak System [CVE-2023-34048, CVE-2023-34056]

Summary Vulnerabilities in VMware vCenter affect IBM Cloud Pak System. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34048 DESCRIPTION: VMware vCenter Server and Cloud Foundation could allow a remote attacker to execute arbitrary cod...

9.8CVSS8.8AI score0.99428EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/08 1:57 p.m.50 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query Vulnerability Details CVEID:CVE-2023-47141 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user with CONNECT privileges to cause a denial of service using ...

6.5CVSS6.2AI score0.00738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 1:16 p.m.50 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker t...

9.8CVSS9.6AI score0.14663EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/29 7:50 a.m.50 views

Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a...

5.9CVSS6.3AI score0.01854EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000