Lucene search
K
IbmMost viewed

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:50 p.m.50 views

Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638)

Summary An Apache Struts vulnerability was addressed by IBM Social Media Analytics. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta...

10CVSS8.3AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.50 views

Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time

Summary Java SE issues disclosed in the Oracle October 2016 Critical Patch Update Vulnerability Details CVE IDs: CVE-2016-5568 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 CVE-2016-5554 CVE-2016-5542 DESCRIPTION: This bulletin covers all applicable Java SE CVEs published by Oracle as part of their...

9.6CVSS0.5AI score0.04885EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run Java code using the IBM runtim...

9.6CVSS2.5AI score0.0669EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.50 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Deployer (CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Workload Deployer. IBM Workload Deployer has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2105 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow,...

10CVSS8.2AI score0.77906EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.50 views

Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time

Summary Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006 Vulnerability Details CVE IDs: CVE-2015-4844 CVE-2015-4843 CVE-2015-4805 CVE-2015-4860 CVE-2015-4883 CVE-2015-4835 CVE-2015-4810 CVE-2015-4806 CVE-2015-4871 CVE-2015-4902 CVE-2015-4872...

10CVSS0.7AI score0.13354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 5:35 a.m.49 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: bzip2 is vulnerable to a denial of service, caused by an out-of-bounds write flaw when there are many selectors in the BZ2decompress function in...

9.8CVSS9.6AI score0.14859EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/01 11:30 p.m.49 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol...

9.8CVSS8.4AI score0.9378EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:24 a.m.49 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of Azure bot credentials (CVE-2022-22490)

Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of Azure bot credentials CVE-2022-22490 Vulnerability Details CVEID:CVE-2022-22490 DESCRIPTION: IBM Robotic Process Automation could allow a privileged user to obtain sensitive Azure bot credential information. CV...

4.9CVSS4.9AI score0.00661EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:16 a.m.49 views

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)

Summary IBM QRadar SIEM is vulnerable to cross site scripting XSS. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22320 DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

4.8CVSS4.9AI score0.01814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:44 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods API Management 11.1 Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket...

8.8CVSS10AI score0.03005EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:30 a.m.49 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)

Summary Vulnerabilities contained within libcurl a 3rd party component were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Realtime Action and Base Modules. Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote...

6.5CVSS8AI score0.01685EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:47 a.m.49 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

Summary Vulnerabilities in IBM WebSphere Application Server Liberty and FasterXML jackson-databind such as HTTP header injection, identity spoofing, denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0...

8.8CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/22 6:54 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.35 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability...

9.8CVSS8.6AI score0.09393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/17 6:26 p.m.49 views

Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager

Summary IBM Java Runtime as shipped with Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM Java Runtime have been published in a security bulletin. Vulnerability Details CVEID:CVE-2019-2766 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded...

9.8CVSS9.4AI score0.09393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 9:28 a.m.49 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to denial of service, privilege escalation and kerberos 5

Summary Kerberos 5 and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the steps required to address these...

9.1CVSS8.1AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 9:46 p.m.49 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSH

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenSSH Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially...

8.1CVSS8.5AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 5:47 p.m.49 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2015-5739 DESCRIPTION: Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sendin...

10CVSS9.1AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 2:18 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.4CVSS6.7AI score0.01136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 11:1 a.m.49 views

Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.13 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-31684 DESCRIPTION: netplex JSON Smart is vulnerable to a denial of...

9.8CVSS10AI score0.60679EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 7:42 p.m.49 views

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Tomcat (CVE-2023-45648, CVE-2023-42795, CVE-2023-42794)

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer heade...

5.9CVSS7.4AI score0.05848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 5:3 p.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-38355]

Summary Socket.IO is used by IBM App Connect Enterprise Certified Container for real-time UI updates. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.3CVSS7AI score0.0069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 12:28 a.m.49 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary Multiple issues were identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

7.5CVSS7.1AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 12:4 p.m.49 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-24795, CVE-2023-38709]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-24795, CVE-2023-38709 Vulnerability Details Refer to the security bulletins listed in the...

7.3CVSS6.2AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 8:32 p.m.49 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.3CVSS10AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 12:38 a.m.49 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.04903EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 10:3 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

9.8CVSS10AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 10:2 a.m.49 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js(CVE-2024-27983 & CVE-2024-27982)

Summary IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27983 DESCRIPTION: Node.js is vulnerable to a denial of service, caused ...

8.2CVSS6.4AI score0.87211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/03 11:2 a.m.49 views

Security Bulletin: Due to use of Apache Struts, Netcool Operation Insight is vulnerable to arbitrary code execution.

Summary Apache Struts is used by Netcool Operations Insight as part of internal services CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary...

9.8CVSS9.8AI score0.80819EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 5:26 a.m.49 views

Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).

Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...

7.5CVSS6.9AI score0.02758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 11:29 a.m.49 views

Security Bulletin: Multiple vulnerabilities in Dojo toolkit shipped with IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client

Summary Dojo toolkit is used for UI in IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client. These vulnerabilities are reported in Dojo toolkit CVE-2019-10785, CVE-2018-6561, CVE-2020-4051, CVE-2018-15494, CVE-2020-5259. Vulnerability Details CVEID:CVE-2019-10785 DESCRIPTION:...

9.8CVSS7.3AI score0.02611EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:49 p.m.49 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to json-path [CVE-2023-51074]

Summary The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to json-path. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/11 2:52 p.m.49 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795

Summary OpenSSH is used by the IBM Datapower Operations Dashboard for general remote services. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when...

5.9CVSS6.4AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 10:15 a.m.49 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a runc security vulnerability (CVE-2024-21626)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the runc component where an attacker could gain unauthorized access to the host filesystem CVE-2024-21626. Vulnerability Details CVEID: CVE-2024-21626 Description: Open Container Initiative runc could allow a...

8.6CVSS9AI score0.18087EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/28 5:16 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-50447 DESCRIPTION: Pillow could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the...

10CVSS9.9AI score0.02983EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/26 5:8 p.m.49 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2023-22067, CVE-2023-22081, CVE-2023-33850, CVE-2023-5676, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and...

7.5CVSS7.8AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 6:30 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22045, CVE-2023-22049)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: A...

3.7CVSS6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/19 9:59 p.m.49 views

Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal in the RHEL UBI (CVE-2023-27534)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27534 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-27534 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

8.8CVSS8.4AI score0.02195EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 9:30 p.m.49 views

Security Bulletin: Vulnerabilities in Watson NLP and WebSphere Liberty may affect IBM Robotic Process Automation for Cloud Pak

Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty. CVE-2022-48565. GNU gdb is used by IBM Robotic Process Automation for Cloud Pak as part of WebSphere Liberty and base container images. CVE-2023-39129. Vulnerability Details...

9.8CVSS7.7AI score0.04268EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:23 p.m.49 views

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Denial of Service via use of openshift/machine-api-operator, openshift/machine-config-operator (CVE-2020-28851, CVE-2020-28852, CVE-2021-44716)

Summary OpenShift's machine-api-operator and machine-config-operator are used by IBM Storage Fusion HCI to interact with the OpenShift platform, operators, and custom resource definitions. Vulnerabilities in these libraries include an improper validation of array index and possible uncontrolled...

7.5CVSS7.7AI score0.03958EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 7:22 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud

Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code t...

9.8CVSS8.2AI score0.99999EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 11:0 p.m.49 views

Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in OpenSSL

Summary The following vulnerabilites in OpenSSL have been addressed by IBM Flex System switch firmware products. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an...

7.5CVSS7.2AI score0.50732EPSS
Exploits3Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.49 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in curl

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in curl. Vulnerability Details CVEID: CVE-2018-1000120 DESCRIPTION: curl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling FTP URLs. By persuading a vict...

9.8CVSS1.6AI score0.12058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:31 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (SNSC)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM System Networking Switch Center SNSC. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details VEID: CVE-2018-2579 DESCRIPTION: An...

5.3CVSS1.4AI score0.15141EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/30 11:10 p.m.49 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module. When the...

7.5CVSS5.9AI score0.02187EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 3:22 p.m.50 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-30991)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details CVEID:CVE-2023-30991 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to denial of service with a specially crafted query. CVSS Base score: 7.5 CVSS...

7.5CVSS8.2AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/20 3:27 p.m.49 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)

Summary The OpenTelemetry tracing in IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. CVE-2023-38546, CVE-2023-38545 Vulnerability Details CVEID: CVE-2023-38546 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions...

9.8CVSS8.4AI score0.78483EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/18 3:0 p.m.49 views

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM Directory Server for i (CVE-2023-40378).

Summary IBM i is vulnerable to a local privilege escalation due to a flaw in IBM Directory Server for i as described in the vulnerability details section. IBM Directory Server for i has addressed the vulnerability with a fix as described in the remediation/fixes section. Vulnerability Details...

7.8CVSS6.6AI score0.00142EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 6:30 a.m.49 views

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary IBM Security Verify Governance uses various components, such as IBM Java, and Dojo. Security vulnerabilities in multiple components have been addressed in the IBM Security Verify Governance update. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-jav...

9.8CVSS10AI score0.3038EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 9:21 p.m.49 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to elevated privileges in Golang Go [CVE-2023-29403]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to elevated privileges in Golang Go, caused by a flaw when a binary is run with the setuid/setgid bits CVE-2023-29403. Golang Go is included as part of the operators used by our Speech Services. This...

7.8CVSS8.5AI score0.00432EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 8:6 a.m.49 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-toolset and amicontained

Summary Multiple issues were identified in Red Hat UBI packages go-toolset and amicontained that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2020-29652 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a NUL...

7.5CVSS8.6AI score0.03228EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000