Lucene search
K
IbmMost viewed

35715 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:38 p.m.50 views

Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities

Summary The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. IBM Security Access Manager for Web uses NTP and is affected by multiple NTP vulnerabilities. Vulnerability Details CVEID: CVE-2014-9297 DESCRIPTION: Network Time Protocol NTP Proje...

7.5CVSS0.9AI score0.05292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:13 p.m.50 views

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement

Summary The IBM Emptoris Strategic Supply Management suite of products are affected by multiple security vulnerabilities that exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. The security bulletin includes issues that were disclosed as part of th...

8.3CVSS8.2AI score0.06905EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:9 p.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.

Summary The IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by multiple security vulnerabilities that exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. The security bulletin includes issue...

9CVSS7.7AI score0.95707EPSS
Exploits11Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:4 p.m.50 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Partner Gateway Advanced/Enterprise Edition(CVE-2016-3092)

Summary WebSphere Application Server is shipped as a component of WebSphere Partner Gateway. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Apache Commons...

2.5AI score0.35927EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:47 p.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management, and IBM Emptoris Services Procurement.

Summary The IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by multiple security vulnerabilities that exist in IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. The security bulletin includes issues...

5CVSS5.2AI score0.9986EPSS
Exploits1Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:47 p.m.50 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3731 DESCRIPTION: OpenSSL is vulnerable to a...

7.5CVSS7.3AI score0.57595EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:46 p.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM® Java Runtime affect IBM Cognos Command Center

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details CVEID: CVE-2017-3544 DESCRIPTION: An unspecifi...

9.8CVSS1.6AI score0.07489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:50 p.m.50 views

Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638)

Summary An Apache Struts vulnerability was addressed by IBM Social Media Analytics. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta...

10CVSS8.3AI score0.99999EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.50 views

Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time

Summary Java SE issues disclosed in the Oracle October 2016 Critical Patch Update Vulnerability Details CVE IDs: CVE-2016-5568 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 CVE-2016-5554 CVE-2016-5542 DESCRIPTION: This bulletin covers all applicable Java SE CVEs published by Oracle as part of their...

9.6CVSS0.5AI score0.04885EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.50 views

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM MQ Appliance

Summary Heap-based buffer overflow flaws and denial of service flaws vulnerabilites in libxml2 affect the IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1762 DESCRIPTION: Apple Safari and Apple iOS could allow a remote attacker to execu...

10CVSS2.3AI score0.1398EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.50 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run Java code using the IBM runtim...

9.6CVSS2.5AI score0.0669EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.50 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Deployer (CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Workload Deployer. IBM Workload Deployer has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2105 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow,...

10CVSS8.2AI score0.77906EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.50 views

Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time

Summary Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006 Vulnerability Details CVE IDs: CVE-2015-4844 CVE-2015-4843 CVE-2015-4805 CVE-2015-4860 CVE-2015-4883 CVE-2015-4835 CVE-2015-4810 CVE-2015-4806 CVE-2015-4871 CVE-2015-4902 CVE-2015-4872...

10CVSS0.7AI score0.13354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 5:35 a.m.49 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: bzip2 is vulnerable to a denial of service, caused by an out-of-bounds write flaw when there are many selectors in the BZ2decompress function in...

9.8CVSS9.6AI score0.14859EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 3:38 p.m.49 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

7.5CVSS10AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/01 11:30 p.m.49 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol...

9.8CVSS8.4AI score0.93305EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:24 a.m.49 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of Azure bot credentials (CVE-2022-22490)

Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of Azure bot credentials CVE-2022-22490 Vulnerability Details CVEID:CVE-2022-22490 DESCRIPTION: IBM Robotic Process Automation could allow a privileged user to obtain sensitive Azure bot credential information. CV...

4.9CVSS4.9AI score0.00661EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:16 a.m.49 views

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)

Summary IBM QRadar SIEM is vulnerable to cross site scripting XSS. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22320 DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

4.8CVSS4.9AI score0.01814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:44 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods API Management 11.1 Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket...

8.8CVSS10AI score0.03005EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:30 a.m.49 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)

Summary Vulnerabilities contained within libcurl a 3rd party component were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Realtime Action and Base Modules. Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote...

6.5CVSS8AI score0.01685EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:47 a.m.49 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

Summary Vulnerabilities in IBM WebSphere Application Server Liberty and FasterXML jackson-databind such as HTTP header injection, identity spoofing, denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0...

8.8CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/22 6:54 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.35 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability...

9.8CVSS8.6AI score0.09393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 9:28 a.m.49 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to denial of service, privilege escalation and kerberos 5

Summary Kerberos 5 and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the steps required to address these...

9.1CVSS8.1AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 5:47 p.m.49 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2015-5739 DESCRIPTION: Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sendin...

10CVSS9.1AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 2:18 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.4CVSS6.7AI score0.01136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 11:1 a.m.49 views

Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.13 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-31684 DESCRIPTION: netplex JSON Smart is vulnerable to a denial of...

9.8CVSS10AI score0.60679EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 7:42 p.m.49 views

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Tomcat (CVE-2023-45648, CVE-2023-42795, CVE-2023-42794)

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer heade...

5.9CVSS7.4AI score0.05848EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 5:3 p.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-38355]

Summary Socket.IO is used by IBM App Connect Enterprise Certified Container for real-time UI updates. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.3CVSS7AI score0.0069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 12:28 a.m.49 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary Multiple issues were identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

7.5CVSS7.1AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 12:4 p.m.49 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-24795, CVE-2023-38709]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-24795, CVE-2023-38709 Vulnerability Details Refer to the security bulletins listed in the...

7.3CVSS6.2AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 8:32 p.m.49 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.3CVSS10AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 12:38 a.m.49 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.04903EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 10:3 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

9.8CVSS10AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 11:23 a.m.49 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 273 Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...

7.5CVSS9.6AI score0.99999EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 10:2 a.m.49 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js(CVE-2024-27983 & CVE-2024-27982)

Summary IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27983 DESCRIPTION: Node.js is vulnerable to a denial of service, caused ...

8.2CVSS6.4AI score0.87211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 7:9 a.m.49 views

Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale

Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.1CVSS6.8AI score0.29726EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/06 4:53 p.m.49 views

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...

9.8CVSS8.8AI score0.32257EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/03 11:2 a.m.49 views

Security Bulletin: Due to use of Apache Struts, Netcool Operation Insight is vulnerable to arbitrary code execution.

Summary Apache Struts is used by Netcool Operations Insight as part of internal services CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary...

9.8CVSS9.8AI score0.80819EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 5:26 a.m.49 views

Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).

Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...

7.5CVSS6.9AI score0.02758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/16 3:42 p.m.49 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and remote attack due to node.js jose module and jsonata-js JSONata (CVE-2024-28176, CVE-2024-27307)

Summary The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js jose module and jsonata-js JSONata. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jos...

9.8CVSS6.8AI score0.02085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/18 2:18 p.m.49 views

Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable yq package. [CVE-2023-39320, CVE-2023-39321 and CVE-2023-39322]

Summary Yq is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details CVEID:CVE-2023-39320 DESCRIPTION: Golang Go could allow a remote...

9.8CVSS8.3AI score0.01424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/11 2:52 p.m.49 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795

Summary OpenSSH is used by the IBM Datapower Operations Dashboard for general remote services. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when...

5.9CVSS6.4AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 10:15 a.m.49 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a runc security vulnerability (CVE-2024-21626)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the runc component where an attacker could gain unauthorized access to the host filesystem CVE-2024-21626. Vulnerability Details CVEID: CVE-2024-21626 Description: Open Container Initiative runc could allow a...

8.6CVSS9AI score0.18087EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/26 5:8 p.m.49 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2023-22067, CVE-2023-22081, CVE-2023-33850, CVE-2023-5676, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and...

7.5CVSS7.8AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 11:13 a.m.49 views

Security Bulletin: IBM Observability with Instana is affected by multiple vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana : CVE-2023-43646, CVE-2023-2454, CVE-2022-31197, CVE-2023-39533, CVE-2021-20218 Vulnerability Details CVEID:CVE-2023-43646 DESCRIPTION: Chai.js Assertion Library get-func-name is vulnerable to a denial of service,...

8.6CVSS9.3AI score0.01662EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 6:30 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22045, CVE-2023-22049)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: A...

3.7CVSS6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/19 9:59 p.m.49 views

Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal in the RHEL UBI (CVE-2023-27534)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27534 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-27534 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

8.8CVSS8.4AI score0.02195EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 9:30 p.m.49 views

Security Bulletin: Vulnerabilities in Watson NLP and WebSphere Liberty may affect IBM Robotic Process Automation for Cloud Pak

Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty. CVE-2022-48565. GNU gdb is used by IBM Robotic Process Automation for Cloud Pak as part of WebSphere Liberty and base container images. CVE-2023-39129. Vulnerability Details...

9.8CVSS7.7AI score0.04268EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:23 p.m.49 views

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Denial of Service via use of openshift/machine-api-operator, openshift/machine-config-operator (CVE-2020-28851, CVE-2020-28852, CVE-2021-44716)

Summary OpenShift's machine-api-operator and machine-config-operator are used by IBM Storage Fusion HCI to interact with the OpenShift platform, operators, and custom resource definitions. Vulnerabilities in these libraries include an improper validation of array index and possible uncontrolled...

7.5CVSS7.7AI score0.03958EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/18 5:47 p.m.49 views

Security Bulletin: Vulnerability in CloudPak for AIOPs [CVE-2023-46233]

Summary Vulnerability was addressed in IBM Cloud Pak for AIOps version 4.3.0 CVE-2023-46233 Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allow a remote attacker to obtain sensitive information, caused by the use of a weak cryptographic hash algorithm. By utilize...

9.1CVSS8.8AI score0.00635EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000