Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/12 4:6 p.m.•50 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-28709)

Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix for CVE-2023-24998 related to the failure to limit the number of request parts to be processed in the file upload function. By...

7.5CVSS7.8AI score0.51547EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/07/11 9:2 p.m.•50 views

Security Bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558)

Summary IBM® Db2® on Windows is vulnerable to privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service...

8.4CVSS8AI score0.00229EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/30 12:33 p.m.•50 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286,CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217)

Summary There is a security advisory for openSSL1.0.2r which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the...

7.5CVSS7AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/29 5:28 p.m.•50 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Go [CVE-2023-24539 and CVE-2023-24540]

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote code injection due to Go CVE-2023-24539 and CVE-2023-24540, with details below. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerabl...

9.8CVSS9.1AI score0.01548EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/28 10:8 p.m.•50 views

Security Bulletin: Multiple security vulnerabilities have been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.

Summary Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about security vulnerabilities affecting Oracle MySQL has been published here. Vulnerability Details CVE-ID: CVE-2018-3156...

6.5CVSS7.1AI score0.03968EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/17 12:4 a.m.•50 views

Security Bulletin: Vulnerabilities in Oracle Java SE might affect IBM Spectrum Copy Data Management (CVE-2023-21968, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21937, CVE-2023-21930)

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Oracle Java SE. Vulnerabilities include allowing an unauthenticated and remote attacker to cause high confidentiality impact, high integrity impact, and high availability impact, as described by the CVEs in the...

7.4CVSS6.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/06/14 1:29 p.m.•50 views

Security Bulletin: IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities

Summary IBM App Connect for Healthcare has multiple vulnerabilities. CVE-2014-0107, CVE-2022-34169, CVE-2013-0248, CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-2186, CVE-2012-5783, CVE-2021-29425, CVE-2023-24998, IBM X-FORCE ID 220723. The fix provided resolves these issues...

9.8CVSS8.9AI score0.83175EPSS
Exploits15
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/30 7:56 p.m.•50 views

Security Bulletin: IBM API Connect is vulnerable to OpenSSL vulnerabilities (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Summary IBM API Connect has addressed the following information disclosure and denial of service vulnerabilities in OpenSSL CVE-2022-4304, CVE-2023-0215, and CVE-2023-0286. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information...

7.5CVSS7.9AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/17 3:25 p.m.•50 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS7.5AI score0.0276EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/15 6:55 p.m.•50 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing an aggregated API server to redirect client traffic to any URL. By...

8.2CVSS5.9AI score0.02464EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/15 1:2 p.m.•50 views

Security Bulletin: IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-1304 DESCRIPTION: e2fsprogs could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write...

9.8CVSS9AI score0.99615EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/03 2:15 p.m.•50 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind (CVE-2022-42003)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled. CVE-2022-42003. FasterXML jackson-databi...

7.5CVSS7.2AI score0.02824EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/02 8:27 p.m.•50 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to spoofing when using Web Server Plug-ins CVE-2022-39161 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

5.3CVSS5.2AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/02 6:40 p.m.•50 views

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components...

7.5CVSS6.3AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/05/02 2:20 p.m.•50 views

Security Bulletin: IBM i is vulnerable to an authenticated administrator gaining elevated privileges due to improper SQL processing. (CVE-2023-23470)

Summary IBM i is vulnerable to an authenticated administrator gaining elevated privileges due to improper SQL processing as described in the vulnerability details section. IBM i has addressed the vulnerability in the SQL processing as described in the remediation/fixes section. Vulnerability...

7.2CVSS6.9AI score0.00513EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/24 3:57 p.m.•50 views

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2023-28528)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2023-28528. Vulnerability Details CVEID:CVE-2023-28528 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...

8.4CVSS8AI score0.01457EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/24 2:12 p.m.•50 views

Security Bulletin: OpenSSL security vulnerability CVE-2021-3449 and CVE-2021-3450 in IBM Safer Payments versions of 6.1 and 6.2 below 6.1.0.08 and 6.2.1.03

Summary CVE-2021-3449: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server t...

7.4CVSS7AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/24 1:10 p.m.•50 views

Security Bulletin: Denial Of Service vulnerability in OpenSSL affects IBM Safer Payments (CVE-2020-1967)

Summary IBM Safer Payments is affected by OpenSSL Segmentation fault vulnerability. This issue has been addressed. Vulnerability Details CVEID:CVE-2020-1967 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By passing specially crafted data to the...

7.5CVSS7.4AI score0.53336EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/20 10:40 a.m.•50 views

Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2023-24998)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

9.8CVSS7.9AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/19 12:45 p.m.•50 views

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.8ESR) have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Firefox ESR CVE-2023-25730, CVE-2023-25729, CVE-2023-25742, CVE-2023-25734, CVE-2023-25738, CVE-2023-25728 . Firefox ESR is used by APM Synthetic Playback Agent for running the selenium scripts. The fix includes support for Firefox 102.8 ESR...

8.8CVSS7.4AI score0.00775EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/04 4:40 p.m.•51 views

Security Bulletin: There are several vulnerabilities in Bootstrap used by IBM Maximo Asset Management

Summary There are several vulnerabilities in Bootstrap used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2018-14040 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the collapse data-parent attribute. A remote...

6.1CVSS6.6AI score0.1686EPSS
Exploits5Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/03 1:26 p.m.•50 views

Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 1.0 . IBM Cloud Pak for Data System 1.0 has addressed the applicable CVEs CVE-2023-25577, CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by ...

7.5CVSS6AI score0.0142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/04/03 1:25 p.m.•50 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Go

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Go with details below. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By...

7.5CVSS7.2AI score0.04561EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/30 5:53 p.m.•50 views

Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server Liberty shipped with Cloud Pak System (CVE-2022-3509, CVE-2022-3171)

Summary Vulnerabilities has been identified in WebSsphere Application Server Liberty pattern pType shipped with Cloud Pak System. IBM Cloud Pak System ships with optional Single- Sign-On SSO feature. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty hav...

7.5CVSS7.1AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/29 1:48 a.m.•50 views

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2014-6593, CVE-2015-0410)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: A fla...

5CVSS4.7AI score0.67234EPSS
Exploits5Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/25 12:48 a.m.•50 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects TS3100/TS3200. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a...

4.3CVSS3.8AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/03/25 12:44 a.m.•50 views

Security Bulletin: Vulnerability in SSLv3 affects TS3100/TS3200 (CVE-2014-3566)

Summary Security Bulletin: Vulnerability in SSLv3 affects TS3100/TS3200 CVE-2014-3566 Vulnerability Details Security Bulletin --- Summary --- SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in...

4.3CVSS3.1AI score0.99999EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/20 5:43 a.m.•50 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to FasterXML jackson-databind

Summary IBM B2B Advanced Communications has addressed vulnerabilities in jackson-databind shipped with product. Vulnerability Details CVEID:CVE-2018-14719 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block...

10CVSS9AI score0.26587EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•50 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2015-0205, CVE-2014-8275, CVE-2014-3569, CVE-2014-3570, and CVE-2014-3572)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by FlashSystem 840. FlashSystem 840 has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the...

5CVSS7AI score0.24626EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•50 views

Security Bulletin: Multiple Vulnerabilities in Java affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Java to which the IBM FlashSystemâ„¢ 840 and FlashSystem 900 are susceptible CVE-2018-2783, CVE-2018-1517, CVE-2018-12539, CVE-2018-3180, and CVE-2018-12547. An exploit of CVE-2018-12547 could make the system susceptible to a buffer overflow which could allow a...

9.8CVSS9AI score0.03981EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/18 1:45 a.m.•50 views

Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900 (CVE-2015-2730)

Summary There is a vulnerability in Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker could exploit this vulnerability to forge signatures. Vulnerability Details CVEID:...

4.3CVSS4.4AI score0.03594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:14 p.m.•50 views

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

6.9CVSS7.3AI score0.99019EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:14 p.m.•50 views

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2020-28852 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while...

7.5CVSS7.6AI score0.02297EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:14 p.m.•50 views

Security Bulletin: IBM CICS TX Standard is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22476)

Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console. The fix removes the identity spoofing vulnerability CVE-2022-22476 from Liberty. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server...

8.8CVSS6.5AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/14 9:14 p.m.•50 views

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2018-17847 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an index out of...

7.5CVSS7.8AI score0.25939EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:57 p.m.•50 views

Security Bulletin: Vulnerability in Node.js IS-SVG affects IBM Process Mining (CVE-2021-29059, CVE-2021-28092)

Summary There is a vulnerability in Node.js that could allow a local attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29059 DESCRIPTION: Node.js IS-SVG...

7.5CVSS7.5AI score0.02813EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 9:34 p.m.•50 views

Security Bulletin: Vulnerability in Moment affects IBM Process Mining . CVE-2022-31129

Summary There is a vulnerability in Moment that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of...

7.5CVSS7.6AI score0.04923EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/02/01 8:7 p.m.•50 views

Security Bulletin: Vulnerability in Jettison affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Jettison that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40150 DESCRIPTION: jettison-jso...

7.5CVSS7.4AI score0.01287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/30 9:9 a.m.•50 views

Security Bulletin: IBM App Connect Enterprise Discovery Connector nodes are vulnerable to a loss of confidentiality due to CVE-2022-42439

Summary IBM App Connect Enterprise contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system's credentials to be exposed to a privileged attacker. The fix provided resolves the vulnerability. Vulnerability Details CVEID:CVE-2022-42439 DESCRIPTION: I...

6.8CVSS5.4AI score0.00671EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/16 2:19 p.m.•50 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to spoofing attacks due to WAS Liberty (CVE-2018-25031, CVE-2021-46708)

Summary IBM Sterling Partner Engagement Manager has addressed all vulnerabilities published by WAS liberty below. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, a...

6.1CVSS5.5AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/12 9:59 p.m.•50 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-24675)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go, caused by a stack-based buffer overflow in encoding/pem in the Decode feature CVE-2022-24675. A remote attacker could exploit this vulnerability to cause the program to crash...

7.5CVSS9AI score0.05335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2023/01/08 4:6 p.m.•50 views

Security Bulletin: Vulnerability in Kernel (CVE-2021-45485) affects Power HMC

Summary Kernel is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-45485 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improperly consider attacks from many IPv6 source...

7.5CVSS7.2AI score0.03585EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/28 8:58 a.m.•50 views

Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2022-34165).

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are...

5.4CVSS5.4AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/21 7:28 p.m.•50 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to unsafe deserialization due to Apache MINA SSHD (CVE-2022-45047)

Summary Apache MINA SSHD is used by IBM Tivoli Netcool Impact as part of the Command Line Manager service. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to execute...

9.8CVSS9.6AI score0.03571EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/12/08 9:20 a.m.•50 views

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in SnakeYAML (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 & CVE-2022-38752)

Summary A denial of service issue was identified within SnakeYAML that is used by Fabric Gateway. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. Vulnerability Details...

6.5CVSS6.6AI score0.02091EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/30 10:21 a.m.•50 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. By attempting to read openssl.cnf from /home/iojs/build/ upon startup, a...

9.1CVSS8.5AI score0.77766EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/22 3:22 p.m.•50 views

Security Bulletin: Apache Commons Text as used by IBM Cloud Pak for Security is vulnerable to code execution [CVE-2022-42889]

Summary Apache Commons Text as used by IBM Cloud Pak for Security is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on th...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/18 12:30 p.m.•50 views

Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-3733)

Summary A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2021-3733 Vulnerability Details CVEID:CVE-2021-3733 DESCRIPTION: Python is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS fla...

6.5CVSS6.9AI score0.04675EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/03 8:16 a.m.•50 views

Security Bulletin: IBM Operations Analytics - Log Analysis susceptible to multiple vulnerabilities in Apache Tika (CVE-2020-9489, CVE-2022-25169, CVE-2021-28657)

Summary Multiple vulnerabilities in Apache Tika affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2020-9489 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by an out ...

5.5CVSS5.9AI score0.02752EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/11/02 9:54 a.m.•50 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...

9.1CVSS8.7AI score0.77766EPSS
Exploits7Affected Software1
Total number of security vulnerabilities5000