Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.50 views

Security Bulletin: Vulnerabilities in GNU C Library Affect Power Hardware Management Console (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)

Summary GNU C Library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2013-7423 DESCRIPTION:The senddg function in resolv/ressend.c in GNU C Library aka glibc or libc6 before 2.20 does not properly reuse file descriptors,...

7.8CVSS8.8AI score0.07688EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.50 views

Security Bulletin: Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600)

Summary Opensh is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-5600 DESCRIPTION: OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication...

8.5CVSS5.6AI score0.09302EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/12 5:41 p.m.50 views

Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities

Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm main process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to...

9.8CVSS8AI score0.08625EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 9:10 p.m.50 views

Security Bulletin: Potential vulnerability with Node.js lodash module

Summary A potential vulnerability has been identified related to Node.js lodash module. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servic...

5.3CVSS2AI score0.07336EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 9:30 p.m.50 views

Security Bulletin: Vulnerability in SSLv3 affects IBM InfoSphere Optim Performance Manager (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM InfoSphere Optim Performance Manager OPM. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: IBM InfoSphere Optim Performance Manager...

4.3CVSS3.9AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 8:36 p.m.50 views

Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect IBM InfoSphere Optim Masking On Demand

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Optim Masking on Demand. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with th...

7.5CVSS0.9AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/28 8:25 p.m.50 views

Security Bulletin: Vulnerabilities in MongoDB, Node.js, Docker, and XStream affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus may be affected by vulnerabilities in MongoDB, Node.js, Docker, and XStream such as server-side request forgery, bypass of security restrictions, denial of service, execution of arbitrary code, elevation of privileges, and arbitrary file deletion. Vulnerability...

9.9CVSS9.4AI score0.85001EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/21 8:26 p.m.50 views

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libexpat

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote...

7.8CVSS2AI score0.07107EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/19 11:56 a.m.50 views

Security Bulletin: IBM MQ is vulnerable to multiple issues with the IBM® Runtime Environment Java™ Technology Edition shipped with IBM MQ. (CVE-2020-14781, CVE-2020-14782).

Summary Multiple issues were identified in the IBM® Runtime Environment Java™ Technology Edition shipped with IBM MQ. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain...

4.3CVSS1.4AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 10:23 a.m.50 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-14145 DESCRIPTION: OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker...

5.9CVSS1.2AI score0.02057EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/18 9:13 a.m.50 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for Microsoft Windows

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and 8 used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579...

5.3CVSS0.9AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 5:48 p.m.50 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. This product has addressed the applicable CVEs. Node.js Update 4-Jan-2021 and 23-Feb-2021 security releases are available. Vulnerability Details CVEID: CVE-2020-1971...

8.1CVSS0.5AI score0.77385EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/03 3:59 p.m.50 views

Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2020-1971)

Summary IBM MQ Appliance has resolved an OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this...

5.9CVSS1.5AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/24 4:55 a.m.50 views

Security Bulletin: Multiple IBM Java Runtime Vulnerabilities Affect IBM Sterling Connect:Direct Browser User Interface

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.0. IBM Sterling Connect:Direct Browser has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component...

8.3CVSS1.1AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 5:41 p.m.50 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in the Java Runtime Environment JRE 6 SR10 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

10CVSS3.4AI score0.68532EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/16 5:49 p.m.50 views

Security Bulletin: A GNU glibc vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Summary A GNU glibc vulnerability, listed below, affects IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-1752 DESCRIPTION: GNU glibc could allow a local attacker to execute arbitrary code on the system, cause...

7CVSS1.3AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 6:35 p.m.50 views

Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.

Summary Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-15168 DESCRIPTION: Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor...

5.3CVSS0.7AI score0.01692EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/08 3:8 p.m.50 views

Security Bulletin: IBM has released AIX and VIOS iFixes in response to a vulnerability in IBM POWER9 (CVE-2020-4788)

Summary IBM has released the following fixes for AIX and VIOS in response to CVE-2020-4788. Vulnerability Details CVEID: CVE-2020-4788 DESCRIPTION: IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. CVSS Ba...

5.1CVSS0.4AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/12 6:6 a.m.50 views

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary Redhat provided HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15715 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the FilesMatch...

8.1CVSS1.2AI score0.86006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/05 7:49 p.m.50 views

Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy

Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...

5.8CVSS0.2AI score0.09386EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/28 9:34 p.m.50 views

Security Bulletin: Dom4j as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000632, CVE-2020-10683)

Summary Dom4j as used by IBM QRadar SIEM contains multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafte...

9.8CVSS2.6AI score0.07269EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/28 5:44 a.m.50 views

Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities (CVE-2020-13935)

Summary IBM Integration Bus ships Apache Tomcat which is susceptible to vulnerabilities which were reported and have been addressed. Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in ...

7.5CVSS0.4AI score0.87553EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/19 9:30 a.m.50 views

Security Bulletin: Multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of the Linux Kernel that are shipped with the Elastic Storage System. A fix for these vulnerabilities in available. Vulnerability Details CVEID: CVE-2020-1749 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive...

7.5CVSS1.2AI score0.0124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/16 7:51 a.m.50 views

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-2968 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to take control of t...

8CVSS6.7AI score0.02031EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/09 7:47 p.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in Jan 2020. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE...

8.1CVSS1.3AI score0.04903EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 4:7 p.m.50 views

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-11884 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the dohidpsockioctl function in net/bluetooth/hidp/sock.c. By using a...

5.5CVSS0.7AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/01 9:55 a.m.50 views

Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2019-11324

Summary The App Connect Enterprise Certified Container Dashboard is vulnerable to CVE-2019-11324 through its use of CouchDB for storing flow data, where the Operator is installed in a Restricted Network cluster. Vulnerability Details CVEID: CVE-2019-11324 DESCRIPTION: urllib3 could allow a remote...

7.5CVSS0.7AI score0.02836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/08 8:36 p.m.50 views

Security Bulletin: Multiple Security Vulnerabilities Impact IBM Predictive Insights

Summary Multiple security vulnerabilities impact IBM Predictive Insights Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially crafted OOXML file, ...

7.5CVSS8.5AI score0.83645EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/07 8:58 p.m.50 views

Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Check Services (CVE-2019-4732)

Summary There is vulnerability in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Check Services. Financial Transaction Manager for Check Services FTM CHK has addressed the applicable CVE.brIf you run your own Java code using the IBM Java Runtime delivered with...

7.2CVSS1.9AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/31 10:2 p.m.50 views

Security Bulletin: Watson Machine Learning Service is impacted by security vulnerabilities in OpenJDK 11

Summary Security vulnerabilities in OpenJDK impacts Watson Machine Learning Service. These vulnerabilities are now addressed. Vulnerability Details CVEID: CVE-2019-2964 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacke...

8.3CVSS1.8AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.50 views

Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct FTP+

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7.0.10.10 used by IBM Sterling Connect:Direct FTP+. This issue was disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability in Oracle...

7.4CVSS0.4AI score0.03966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.50 views

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact,...

9.1CVSS1AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/20 8:12 p.m.50 views

Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization

Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. TensorFlow in WML CE uses SQLite as its embedded SQL database engine. Vulnerability Details CVEID:...

5.5CVSS1.3AI score0.01027EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/18 11:22 p.m.50 views

Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM Infosphere BigInsights (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Infosphere BigInsights. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

4.3CVSS0.2AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/30 8:49 a.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java S...

8.3CVSS1.8AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/20 2:6 a.m.50 views

Security Bulletin: IBM Aspera On Demand products are affected by OpenSSL Vulnerability (CVE-2018-0739)

Summary IBM Aspera On Demand products have addressed the following OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this...

6.5CVSS2.1AI score0.19295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/11 5:36 p.m.51 views

Security Bulletin: IBM API Connect is vulnerable to vulnerabilities in PHP (CVE-2020-7061, CVE-2020-7062, CVE-2020-7063)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7061 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an error while extracting PHAR files on Windows using phar extension. An attacker could exploit...

9.1CVSS0.5AI score0.03976EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.50 views

Security Bulletin: IBM Integration Bus affected by Apache Tomcat vulnerability CVE-2018-8034

Summary IBM Integration Bus ships Apache Tomcat which is susceptible to vulnerabilities which were reported and have been addressed Vulnerability Details CVEID: CVE-2018-8034 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a missing host name...

7.5CVSS0.5AI score0.213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/13 5:55 a.m.50 views

Security Bulletin: IBM TNPM Wireline is vulnerable to Apache Commons Beanutils (CVE-2019-10086)

Summary There is a vulnerability in Apache Commons Beanutils that is used by IBM TNPM Wireline . This has been addressed. Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failur...

7.5CVSS0.7AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/03 2:43 a.m.50 views

Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11035 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by heap-based buffer overflow in the exifiifaddvalue function in the EXIF extension. By persuading ...

9.8CVSS1.6AI score0.65116EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.50 views

Security Bulletin: Vulnerabilities in OpenSSL affects Rational Application Developer for WebSphere Software

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by the Cordova platform packaged with Rational Application Developer for WebSphere Software and has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0207 DESCRIPTION: OpenS...

7.5CVSS0.9AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/03 1:35 p.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0, 7.1 and 8.0 used by IBM Host On-Demand. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017 Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered wi...

9.6CVSS1.1AI score0.02555EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/31 5:21 p.m.50 views

Security Bulletin: Rational Asset Analyzer (RAA) is affected by several WebSphere Application Server vulnerabilities.

Summary Rational Asset Analyzer RAA has addressed the following WebSphere Application Server vulnerabilities. Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a...

7.8CVSS0.4AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 2:22 p.m.50 views

Security Bulletin: Multiple Vulnerabilities in Apache Spark affects IBM Watson Studio Local

Summary Security Bulletin: Multiple Vulnerabilities in Apache Spark affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-11804 DESCRIPTION: Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. ...

9.8CVSS1.1AI score0.08721EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:36 a.m.50 views

Security Bulletin: Public disclosed vulnerability from OpenSSL affect IBM Netezza Host Management

Summary Open Source OpenSSLis used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive...

6.5CVSS0.9AI score0.83645EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:36 a.m.50 views

Security Bulletin: Vulnerabilities in GNU binutils affect IBM Netezza Analytics

Summary Open Source Binutils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-10534 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds memory write in the...

7.8CVSS1.6AI score0.05944EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/19 12:41 a.m.50 views

Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Privileged Identity Manager

Summary IBM Security Privileged Identity Manager has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1719 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS...

9.8CVSS0.9AI score0.37618EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/25 7:0 p.m.50 views

Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics (CVE-2018-3180, CVE-2013-1624, CVE-2018-1933, CVE-2015-1832, CVE-2018-15494)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.7. There is a vulnerability in IBM® Runtime Environment Java™ used by IBM Planning Analytics 2.0.6 and lower. IBM Planning Analytics 2.0.7 has addressed the applicable CVE by...

9.8CVSS0.5AI score0.12173EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/19 10:10 a.m.50 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerabilities 3 issues for OpenSSL: 2 for a denial of service and 1 for an error while parsing an IPAdressFamily extension in an X.509 certificate. Vulnerability Details CVEID:...

7.5CVSS1.5AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/26 4:10 p.m.50 views

Security Bulletin: Security vulnerabilities in IBM Java Runtime affect Rational Publishing Engine

Summary There are multiple vulnerabilities in IBM Java Runtime Environment, Versions 7 and 8 that are used by Rational Publishing Engine. These issues were disclosed as part of the IBM Java SDK updates in January 2019. Vulnerability Details CVEID: CVE-2019-2422 DESCRIPTION: An unspecified...

4.3CVSS1.1AI score0.03374EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000