Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:53 a.m.50 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

7.5CVSS10AI score0.99999EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:54 a.m.50 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-22020 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system. By embedding...

8CVSS10AI score0.11586EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:22 a.m.50 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2020-19909 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by an integer overflow in...

9.8CVSS9.6AI score0.78483EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/09 6:30 a.m.50 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest update to IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...

9.8CVSS9.1AI score0.01827EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:55 a.m.50 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

9.8CVSS10AI score0.03567EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:25 a.m.50 views

Security Bulletin: Dashboard of IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-22352)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability in Dashboard. Vulnerability Details CVEID:CVE-2022-22352 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

5.4CVSS5.2AI score0.00365EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 12:58 a.m.50 views

Security Bulletin: spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services (CVE-2024-22259)

Summary spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services CVE-2024-22259 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.1CVSS6.2AI score0.03967EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 12:57 a.m.50 views

Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib...

9.8CVSS9.3AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 6:8 p.m.50 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-46984 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw when...

8.4CVSS9AI score0.00413EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 10:14 a.m.50 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-25629 DESCRIPTION: C-ares is vulnerable to a denial of service, caused by an...

10CVSS9.3AI score0.36081EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/06 7:15 p.m.50 views

Security Bulletin: IBM watsonx Orchestrate for IBM Cloud Pak for Data affected by vulnerability in OpenSSH CVE-2024-6387

Summary Security Bulletin: IBM watsonx Orchestrate for IBM Cloud Pak for Data affected by vulnerability in OpenSSH CVE-2024-6387. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race...

8.1CVSS8.4AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/12 12:44 p.m.50 views

Security Bulletin: IBM Security QRadar Manager for YARA and SIGMA Rules App for IBM QRadar SIEM is vulnerable to using a component with a known vulnerability (CVE-2024-35195)

Summary The product includes a vulnerable component e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerability. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS5.6AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 11:6 a.m.50 views

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service CVE-2023-4807, CVE-2023-3817 Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in...

7.8CVSS6.8AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 7:47 a.m.50 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in net-ssh-4.2.0.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of net-ssh-4.2.0.gem Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport...

5.9CVSS6.4AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 11:34 p.m.50 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive...

10CVSS9.7AI score0.95764EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 8:37 a.m.50 views

Security Bulletin: An IBM QRadar SIEM JDBC protocol is vulnerable to SQL injection (CVE-2024-1597)

Summary PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection which could allow a remote attacker to send specially crafted SQL statements enabling the attacker to view, add, modify or delete information. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC ...

10CVSS9.8AI score0.0481EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 4:44 p.m.50 views

Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through...

7.5CVSS7.6AI score0.00609EPSS
Exploits0Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/29 9:30 a.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale

Summary There are vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in Jan 2024. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945. Vulnerability Detail...

7.4CVSS6.6AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 2:7 p.m.50 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]

Summary Node.js module follow-redirects is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

6.5CVSS6.4AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/05 3:13 p.m.50 views

Security Bulletin: There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Asset Management application (CVE-2023-44487)

Summary There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 11:2 a.m.50 views

Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System

Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service, an attacker to obtain sensitive information or gain elevated privileges on the system . Fixes for these vulnerabilities are available. CVE-2023-3772,...

7.8CVSS8.6AI score0.0072EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 6:28 p.m.50 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-22017 DESCRIPTION: Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid to drop all...

9.8CVSS8.4AI score0.03168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 4:38 p.m.50 views

Security Bulletin: Security vulnerabilities found in IBM WebSphere Application Server Liberty have been addressed in IBM Security Verify Directory Container (CVE-2023-44487, CVE-2023-46158, CVE-2023-44483, CVE-2023-24998)

Summary Multiple Security vulnerabilities found in the IBM WebSphere Application Server Liberty as shipped with IBM Security Verify Directory Container have been addressed. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a...

9.8CVSS8.4AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/12 8:56 p.m.50 views

Security Bulletin: There is a vulnerability in tinymce-6.7.1.min.js used by IBM Maximo Asset Management application (CVE-2023-48219)

Summary There is a vulnerability in tinymce-6.7.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-48219 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the text nodes. A remote attacke...

6.1CVSS6.1AI score0.00715EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/23 5:15 p.m.50 views

Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation. [CVE-2023-51385]

Summary OpenSSH used by IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section below...

6.5CVSS7.5AI score0.19753EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:1 a.m.50 views

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2023-5676)

Summary There is a vulnerability in IBM® Java™ version 8 and 11 used by IBM CPLEX Optimization Studio. This issue was disclosed as part of the Oracle / OpenJDK October 2023 Critical Patch Updates. Vulnerability Details CVEID:CVE-2023-5676 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of...

5.9CVSS5.1AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/22 2:14 p.m.50 views

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS TX Standard is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

Summary IBM WebSphere Liberty is used by IBM CICS TX Standard to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 9:45 p.m.50 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in the RHEL UBI (CVE-2023-27533)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27533 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID: CVE-2023-27533 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

8.8CVSS6.7AI score0.01993EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/10 8:32 a.m.50 views

Security Bulletin: Vulnerabilities in VMware affect IBM Cloud Pak System [CVE-2023-34048, CVE-2023-34056]

Summary Vulnerabilities in VMware vCenter affect IBM Cloud Pak System. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34048 DESCRIPTION: VMware vCenter Server and Cloud Foundation could allow a remote attacker to execute arbitrary cod...

9.8CVSS8.8AI score0.99428EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/08 1:57 p.m.50 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query Vulnerability Details CVEID:CVE-2023-47141 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user with CONNECT privileges to cause a denial of service using ...

6.5CVSS6.2AI score0.00738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 1:16 p.m.50 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker t...

9.8CVSS9.6AI score0.14663EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/29 7:50 a.m.50 views

Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a...

5.9CVSS6.3AI score0.01854EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/26 9:15 p.m.50 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 resolves vulnerabilities reported in GNU gcc, GNU glibc, shadow-maint shadow-utils and RabbitMQ. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION:...

7.5CVSS7AI score0.05804EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 7:57 p.m.51 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. Vulnerability Details CVEID:CVE-2023-38727 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to denial of service with a specially crafted SQL statement. CVSS Base...

7.5CVSS6.3AI score0.01053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 3:37 p.m.50 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining - Multiple CVEs

Summary There is a vulnerability in Apache Tomcat that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487...

7.5CVSS8.5AI score0.99999EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:36 p.m.50 views

Security Bulletin: Vulnerability in Brix crypto-js affects IBM Process Mining CVE-2023-46233

Summary There is a vulnerability in Brix crypto-js that could allow an remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION...

9.1CVSS9AI score0.00635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.50 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libssh2

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilties in libssh2. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length a...

9.3CVSS1AI score0.09219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.50 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in glib2, libxml2 and ntp

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in glib2, libxml2 and ntp. Vulnerability Details CVEID: CVE-2018-16429 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in gmarkupparsecontextparse in...

7.5CVSS1.4AI score0.05726EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.50 views

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in GNU C Library (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180)

Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in GNU C Library. Vulnerability Details CVEID: CVE-2017-15804 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c...

9.8CVSS1.4AI score0.0627EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 2:48 p.m.50 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Nginx. Vulnerability Details CVEID: CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By...

7.5CVSS7.1AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/28 7:36 p.m.50 views

Security Bulletin: IBM Sterling B2B Integrator affected by multiples issues due to Spring Framework

Summary IBM Sterling B2B Integrator uses Spring Framework, which is affected by multiple vulnerabilies. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID: CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of...

7.5CVSS7.4AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/22 8:52 p.m.50 views

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.

Summary Guava is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP CVE-2020-8909, CVE-2023-2976. SQLite is used by IBM Robotic Process Automation for Cloud Pak as part of base container images, WebSphere Liberty and Watson NLP CVE-2020-24736. Golang Go is used by IBM...

9.8CVSS10AI score0.62246EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:44 a.m.50 views

Security Bulletin: There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service (CVE-2021-37533)

Summary There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV...

6.5CVSS6.3AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/14 5:19 p.m.50 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to Node.js CVE-2023-32558, CVE-2023-32003, CVE-2023-32006, CVE-2023-32559, CVE-2023-32005, CVE-2023-32002, CVE-2023-32004 with details below. The vulnerabilities...

9.8CVSS8.3AI score0.01817EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 4:4 p.m.50 views

Security Bulletin: The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Johnzon (CVE-2023-33008)

Summary The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Johnzon CVE-2023-33008. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in...

5.3CVSS5.5AI score0.01098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/21 7:33 p.m.50 views

Security Bulletin: AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159)

Summary AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the...

7.9CVSS6.7AI score0.01193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/16 8:15 p.m.50 views

Security Bulletin: IBM Security Guardium is affected by multiple Oracle® MySQL vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities by upgrading the version of Oracle® MySQL that it uses. Vulnerability Details CVEID:CVE-2023-21881 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote...

6.5CVSS5.8AI score0.01471EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/11 7:31 a.m.50 views

Security Bulletin: Vulnerability in the Flask repo may affect affect IBM Elastic Storage System (CVE-2023-30861)

Summary There is a vulnerability in the flask repo, used by IBM Elastic Storage System, which could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused ...

7.5CVSS7.4AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/07 6:13 a.m.50 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to JetBrains Kotlin weak security [CVE-2022-24329]

Summary There is a vulnerability in the JetBrains Kotlin open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-24329 DESCRIPTION: JetBrains Kotlin could provide weaker than expected security, caused by...

5.3CVSS6.1AI score0.02178EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/31 10:49 p.m.50 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937)

Summary IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM® SDK Java™ Technology Edition, Version 8 CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937. The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache...

5.9CVSS6.6AI score0.02474EPSS
Exploits1Affected Software2
Total number of security vulnerabilities5000