Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/11/02 9:54 a.m.50 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...

9.1CVSS8.7AI score0.77766EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/24 2:54 p.m.50 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthorized attacker causing integrity impact (CVE-2021-2163)

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to unauthorized attacker causing integrity impact as described in the vulnerability details section. IBM i has addressed the vulnerabilities with a fix as described in the remediation/fixes...

5.3CVSS6.2AI score0.03566EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/19 9:11 p.m.50 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow a remote attacker to execute...

9.8CVSS9.2AI score0.04581EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.50 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Redis is used by IBM Robotic Processing Automation for Cloud Pak as part of in memory database processing. Vulnerability Details CVEID:CVE-2021-41099 DESCRIPTION: Redis is vulnerable to an heap-based buffer overflow, caused by improper bounds checking in the underlying string library. By...

8.8CVSS8.8AI score0.1578EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.50 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Java is used by IBM Robotic Process Automation for Cloud Pak as part of several container services that run Java applications. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated...

7.5CVSS6.6AI score0.48235EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/01 12:45 a.m.50 views

Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

Summary IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

9.8CVSS9.1AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/30 8:48 p.m.50 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation due to Java (CVE-2022-21541, CVE-2022-21540)

Summary Java is used by IBM Robotic Process Automation as part of the RPA infrastructure to run UMS and license management services CVE-2022-21541, CVE-2022-21540. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could all...

5.9CVSS6.2AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/27 1:44 p.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM App Connect Enterprise and IBM Integration Bus

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 includes Oracle April 2022 CPU. The fix includes IBM Jav...

5.3CVSS5.8AI score0.06468EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.50 views

Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU

Abstract Multiple security vulnerabilites exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server. Content The IBM WebSphere Application Server is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released April 2013 critical patch updates CP...

3.7CVSS7AI score0.86963EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.50 views

Security Bulletin: IBM QRadar SIEM and QRadar Risk Manager can be affected by three vulnerabilities in the IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract CVE-2013-0440 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE. CVE- 2013-0443 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect confidentiality and integrity...

5CVSS6.1AI score0.35584EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.50 views

Security Bulletin: Potential Security exposure in IBM HTTP Server CVE-2013-1896 PM89996

Abstract Potential Security exposure in IBM HTTP Server for WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-1896 DESCRIPTION: IBM HTTP Server may be vulnerable to a denial of service, caused by a malicious request when using the optional moddav module. CVSS: CVSS Base...

4.3CVSS6.8AI score0.29484EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.50 views

Security Bulletin: IBM WebSphere Business Services Fabric – Information regarding a security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in IBM WebSphere Business Services Fabric. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities that...

10CVSS6.7AI score0.86963EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.50 views

Security Bulletin: IBM WebSphere Lombardi Edition – Information regarding security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in IBM WebSphere Lombardi Edition. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities that have...

10CVSS6.9AI score0.86963EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo fo...

5CVSS5AI score0.67234EPSS
Exploits5Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 2:57 a.m.50 views

Security Bulletin: Vulnerabilities in IBM Db2, Golang Go, and Logback may affect the IBM Spectrum Protect Server (CVE-2022-30631, CVE-2022-30633, CVE-2022-1705, CVE-2022-22389, CVE-2022-22390, CVE-2021-42550, CVE-2022-30629)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2, Golang Go, and Logback such as denial of service, HTTP request smuggling, obtaining sensitive information, and execution of arbitrary code. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang Go is...

8.5CVSS9.6AI score0.04439EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/29 2:27 a.m.50 views

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-45346)

Summary A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain...

4.3CVSS5AI score0.01614EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/23 4:46 p.m.50 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Systems Director (CVE-2014-3509, CVE-2014-3511)

Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Systems Director. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details Abstract There are multiple vulnerabilities in OpenSSL that is used by IBM Systems Director. These issues were...

6.8CVSS6.8AI score0.13359EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 11:53 p.m.50 views

Security Bulletin: Multiple vulnerabilities in zlib affects IBM Common Inventory Technology (CIT)

Summary zlib compression library is vulnerable to a denial of service attack. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to...

9.8CVSS9.2AI score0.07489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 11:26 p.m.50 views

Security Bulletin: Vulnerability in Diffie-Helman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis. Vulnerability Details CVEID : CVE-2015-4000 DESCRIPTION : The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure t...

4.3CVSS3.8AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/02 9:8 a.m.50 views

Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.6

Summary IBM® Security SOAR includes an older version of IBM JDK that may be identified and exploited. An update has been released which addresses these issues. The version of IBM JDK included in the latest version of SOAR App Host and IBM Security Soar is 8.0.7.10. Vulnerability Details...

5.3CVSS5.8AI score0.06468EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/25 2:52 p.m.50 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-46143 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...

9CVSS9.3AI score0.042EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/14 2:18 a.m.50 views

Security Bulletin: Vulnerability in Json-schema library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-3918)

Summary Json-schema is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component CVE-2021-3918. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modificatio...

9.8CVSS2.5AI score0.03563EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/20 3:16 a.m.50 views

Security Bulletin: IBM Spectrum Symphony is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Spectrum Symphony is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boo...

9.8CVSS1.6AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 1:0 a.m.50 views

Security Bulletin: IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities ( CVE-2021-44832)

Summary Apache Log4j is used by as part of its logging infrastructure by IBM Analytic Accelerator Framework for Communication Service Providers AAF and IBM Customer and Network Analytics for Communications Service Providers and Datasets CNA. These products are vulnerable to CVE-2021-44832. The fi...

8.5CVSS1.7AI score0.97906EPSS
Exploits9Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 3:52 p.m.50 views

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary cod...

8.5CVSS1.3AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 5:55 p.m.50 views

Security Bulletin: Vulnerabilities in Golang Go, OpenSSL, Python, and XStream affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Golang Go, OpenSSL, Python, and XStream, such as bypassing security restrictions and denial of service, may affect IBM Spectrum Copy Data Management. Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an...

9.1CVSS0.8AI score0.70561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 4:37 p.m.50 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2022 - Includes Oracle January 2022 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...

7.1CVSS2.9AI score0.06868EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 4:21 p.m.50 views

Security Bulletin: IBM® PureData System for Operational Analytics is vulnerable to arbitrary code execution, remote code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

Summary IBM PureData System for Operational Analytics appliance contains a hardware component called Hardware Management Console HMC, MTM: 9042-CR8. This component contains log4j 2.1 at a level lower than 2.17.1 and is vulnerable to arbitrary code execution, remote code execution and denial of...

10CVSS1.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/11 2:31 p.m.50 views

Security Bulletin: Crypto Hardware Initialization and Maintenance is vulnerable to arbitrary code execution due to Apache Log4j (CVE 2021-4104, CVE 2022-23302, CVE 2022-23305, CVE 2022-23307)

Summary Crypto Hardware Initialization and Maintenance CHIM as shipped with IBM Common Cryptographic Architecture CCA for MTM 4767 is affected by several vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2022-23303, CVE 2022-23305 and CVE 2022-23307. CHIM is using Apache Log4j for internal loggi...

9.8CVSS1.4AI score0.81147EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:0 p.m.50 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22947)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID:CVE-2021-22947 DESCRIPTION: cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw when connecting to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to...

5.9CVSS6.8AI score0.02799EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/15 5:37 p.m.50 views

Security Bulletin: A security vulnerability in golang affects IBM Cloud Automation Manager

Summary A security vulnerability in golang affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-23772 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, ...

9.1CVSS8.9AI score0.03015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/14 4:4 p.m.50 views

Security Bulletin: Mobilefirst is affected by a log4j vulnerability (CVE-2021-4104)

Summary A vulnerability in the Apache Log4j open source library has been reported in CVE-2021-4104. The version of log4j bundled within MFP 8.0 is 1.x and hence impacted by vulnerability CVE-2021-4104. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote...

7.5CVSS1.4AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:16 p.m.50 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS9.7AI score0.49727EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/25 8:30 p.m.50 views

Security Bulletin: Vulnerability in Node.js-CVE-2021-23362, CVE-2021-22921, CVE-2021-22918, CVE-2021-27290 may affect IBM Watson Assistant for IBM Cloud Pak for Data.

Summary Potential vulnerabilities in Node.js CVE-2021-23362, CVE-2021-22921, CVE-2021-22918, CVE-2021-27290 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-23362 DESCRIPTION:...

7.8CVSS7.4AI score0.23132EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 8:10 p.m.50 views

Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server -...

7.8CVSS7.2AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/01 11:19 a.m.51 views

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for VMware. IBM Spectrum Protect Snapshot for VMware has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL...

10CVSS8.9AI score0.26335EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/25 1:53 p.m.50 views

Security Bulletin: IBM Cloud Pak for Automationis vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 have been reported for the log4j-core-2.x library, which is packaged in several components of IBM Cloud Pak for Automation. This fix upgrades all copies of log4j-core-2.x to 2.17.0. Vulnerability Details CVEID:...

10CVSS0.6AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 4:26 p.m.50 views

Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components

Summary Cloud Pak for Automation has released cummulative security fixes addressing vulnerabilities in several of its components. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrar...

9.8CVSS10.2AI score0.50732EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 9:18 a.m.50 views

Security Bulletin: A vulnerability in Apache log4j (CVE-2021-45105) affects IBM Operations Analytics Predictive Insights

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. Apache Log4j versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups which allows a Denial...

5.9CVSS1AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/03 4:8 p.m.50 views

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift due to its use of the Strimzi operator. The below fix package includes Apache...

10CVSS0.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/24 3:21 p.m.50 views

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-45105) affects IBM Workload Scheduler 9.5

Summary Apache Log4j 2.16, that is affected by CVE-2021-45105, is installed with IBM Workload Scheduler 9.5.0.5 in jdbc driver for informix/Onedb rdbms. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fro...

5.9CVSS0.6AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/18 2:45 p.m.50 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to log4j (CVE-2021-44228)

Summary A vulnerability has been identified in Apache Log4j. Automation Assets in IBM Cloud Pak for integration utilizes Log4j CVE-2021-44228. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS1.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 10:56 p.m.50 views

Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server

Summary Security Vulnerabilities in WebSphere Liberty affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim t...

7.5CVSS7.5AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/09 4:57 p.m.50 views

Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Versions 7.0, 7.1, and 8.0 used by CICS Transaction Gateway for Multiplatforms CICS TG. CICS TG has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered wi...

9.1CVSS7.4AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.50 views

Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-8610 and CVE-2017-3731 )

Summary OpenSSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By...

7.5CVSS0.4AI score0.57595EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.50 views

Security Bulletin: Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600)

Summary Opensh is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-5600 DESCRIPTION: OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication...

8.5CVSS5.6AI score0.09302EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/12 5:41 p.m.50 views

Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities

Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm main process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to...

9.8CVSS8AI score0.08625EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 9:10 p.m.50 views

Security Bulletin: Potential vulnerability with Node.js lodash module

Summary A potential vulnerability has been identified related to Node.js lodash module. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servic...

5.3CVSS2AI score0.07336EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 9:30 p.m.50 views

Security Bulletin: Vulnerability in SSLv3 affects IBM InfoSphere Optim Performance Manager (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM InfoSphere Optim Performance Manager OPM. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: IBM InfoSphere Optim Performance Manager...

4.3CVSS3.9AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 8:36 p.m.50 views

Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect IBM InfoSphere Optim Masking On Demand

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Optim Masking on Demand. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with th...

7.5CVSS0.9AI score0.95707EPSS
Exploits7Affected Software1
Total number of security vulnerabilities5000