Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 6:6 a.m.49 views

Security Bulletin: IBM Event Streams is affected by multiple Golang Go vulnerabilities

Summary There are a number of vulnerabilities in Golang Go used by IBM Event Streams CVE-2023-29400, CVE-2023-24540, CVE-2023-24539, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go is vulnerable ...

9.8CVSS9.9AI score0.02281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 8:42 p.m.49 views

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20860 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20860. IBM has addressed this vulnerability. Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass...

7.5CVSS7.3AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:13 p.m.49 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary A security vulnerability has been identified and addressed in Apache CXF shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include...

9.8CVSS9.2AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 11:52 a.m.49 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)

Summary A security vulnerability has been identified and addressed in com.ibm.ws.org.apache.commons.collections.3.2.1-1.0.9.jar shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2015-7501 DESCRIPTION: Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid...

10CVSS7.9AI score0.83274EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 1:20 p.m.49 views

Security Bulletin: Vulnerabilities in IBM Java affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2022-21426, CVE-2023-21830, CVE-2023-21843)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by vulnerabilities in IBM Java. The vulnerabilities can lead to denial of servic...

5.3CVSS5.5AI score0.03203EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 9:33 p.m.49 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restriction bypass in VMware Tanzu Spring Boot (CVE-2023-20873)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restriction bypass in VMware Tanzu Spring Boot, caused by a flaw with wildcard pattern matching when deployed on Cloud Foundry CVE-2023-20873. VMware Tanzu Spring Boot is used as part of our Speech...

9.8CVSS9.2AI score0.01122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 10:11 a.m.49 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

9.8CVSS8.7AI score0.17044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 6:31 p.m.49 views

Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.4AI score0.99615EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 5:36 a.m.49 views

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-3676)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type chec...

6.5CVSS6.6AI score0.00589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 7:24 p.m.49 views

Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed security vulnerabilities

Summary IBM Planning Analytics Cartridge for IBM Cloud Pak for Data is vulnerable to security vulnerabilities . These have been addressed. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by an integer underflow in the...

8.4CVSS8.5AI score0.25151EPSS
Exploits11Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:11 p.m.49 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2018-1798)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere...

6.1CVSS6.1AI score0.01494EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:3 p.m.49 views

Security Bulletin: Multiple security vulnerabilities has been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.

Summary Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about security vulnerabilities affecting Oracle MySQL has been published here. Vulnerability Details CVEID: CVE-2018-2810...

6.8CVSS7.2AI score0.0401EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/26 4:40 p.m.49 views

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF021 and 22.0.2-IF005. Vulnerability Details CVEID:CVE-2023-32339 DESCRIPTION: IBM Business Automation Workflow is vulnerabl...

7.5CVSS8.8AI score0.59501EPSS
Exploits12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 10:10 p.m.49 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. OpenSSL is used by IBM Robotic Process Automation as part of the API Server CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286. Golang Go is used by IBM Robotic Process Automation as part of...

8.8CVSS8.9AI score0.59501EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 4:41 a.m.49 views

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

9.8CVSS9.6AI score0.59501EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/16 4:9 a.m.49 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, go and apr-util

Summary Multiple issues were identified in Red Hat UBI packages curl, go and apar-util that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-27535 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

7.5CVSS9.5AI score0.05994EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/12 2:27 p.m.49 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java CVE-2023-28867 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.3AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/06 3:24 p.m.49 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM Db2

Summary IBM Db2 is shipped with IBM Sterling Partner Engagement Manager. Multiple issues associated with IBM Db2 addressed. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code...

7.5CVSS7.4AI score0.01513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 7:42 p.m.49 views

Security Bulletin: Multiple vulnerabilities in angular.js may affect IBM Business Automation Workflow ( CVE-2019-14863, CVE-2020-7676, CVE-2019-10768)

Summary IBM Business Automation Workflow packages a vulnerable version of angular js. Vulnerability Details CVEID:CVE-2019-14863 DESCRIPTION: Angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability ...

7.5CVSS5.9AI score0.02179EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 3:51 p.m.49 views

Security Bulletin: There is a vulnerability in jQuery UI used by IBM Maximo Asset Management (CVE-2022-31160)

Summary There is a vulnerability in jQuery UI used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker could...

6.1CVSS6.4AI score0.01933EPSS
Exploits1Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 11:38 p.m.49 views

Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518)

Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the...

7.5CVSS7.8AI score0.0486EPSS
Exploits4Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/19 5:5 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated...

7.5CVSS7.1AI score0.03203EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/16 10:43 p.m.49 views

Security Bulletin: Multiple publicly disclosed Libcurl vulnerabilities affect IBM Safer Payments

Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-43551 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when the host name i...

9.1CVSS8.5AI score0.1654EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 7:7 p.m.49 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-31030 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...

5.5CVSS5.4AI score0.00377EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 2:53 p.m.49 views

Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining . CVE-2021-35515, CVE-2021-35516 + CVE-2021-35517

Summary There is a vulnerability in Apache Commons Compress that could allow a remote authenticated attacker to execute denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

7.5CVSS7.8AI score0.12697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 2:27 p.m.49 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-45143

Summary There is a vulnerability in Apache Tomcat could allow a remote attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apach...

7.5CVSS7.4AI score0.02505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.49 views

Security Bulletin: Vulnerability in HTTPD affects IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in HTTPD. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in HTTPD. Vulnerability Details CVEID: CVE-2017-9788 Description: Apach...

9.1CVSS8.7AI score0.5677EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.49 views

Security Bulletin: Vulnerabilities affect IBM's Advanced Management Module (AMM)

Summary Multiple vulnerabilities affect IBM's Advance Management Module AMM. Vulnerability Details Abstract Multiple vulnerabilities affect IBM's Advance Management Module AMM. Content Vulnerability Details: CVE-ID: CVE-2014-2653 Description: OpenSSH could allow a remote attacker to bypass securi...

8.5CVSS8.9AI score0.51436EPSS
Exploits18
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/03 8:0 a.m.49 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS) is vulnerable to arbitrary code execution due to Apache Log4j [CVE-2022-23307]

Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in Logging. This bulletin provides a remediation for the Apache Log4j vulnerability CVE-2022-23307 in Log4j version 1.2.17-18. Vulnerability Details CVEID:CVE-2022-23307 DESCRIPTION: Apache Log4j could allow a remote attacker to...

9CVSS9.4AI score0.52458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 2:4 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 for Linux, UNIX and Windows affect Cloud Pak System (CVE-2022-22389, CVE-2022-22390)

Summary IBM Db2 for Linux, UNIX and Windows is shipped with Cloud Pak System PSM and as PatternType pType . Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-22389 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to ...

7.5CVSS7.2AI score0.01453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 4:38 a.m.49 views

Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On uses IBM HTTP Server that is vulnerable to HTTP request splitting (CVE-2023-25690)

Summary IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On uses IBM HTTP Server that is vulnerable to HTTP request splitting when using modproxy or the Web Server Plug-in due to the included Apache HTTP Server CVE-2023-25690. This has been...

9.8CVSS9.6AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.49 views

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Apr 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION: An...

5CVSS7.1AI score0.98685EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/25 12:44 a.m.49 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000)

...

4.3CVSS3.2AI score0.9986EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 3:24 p.m.49 views

Security Bulletin: Operations Dashboard is vulnerable to denial of service and request smuggling due to Go CVE-2022-41717 and CVE-2022-41721

Summary Operations Dashboard is vulnerable to denial of service and request smuggling due to Go CVE-2022-41717 and CVE-2022-41721 with details below. Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2...

7.5CVSS6.9AI score0.05623EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 11:11 a.m.49 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a CRI-O security vulnerability (CVE-2022-0532)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in CRI-O that could allow a remote authenticated attacker to bypass security restrictions, caused by improper sysctls validation. Vulnerability Details CVEID: CVE-2022-0532 Description: CRI-O could allow a remote...

4.9CVSS4.8AI score0.00768EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 1:48 a.m.49 views

Security Bulletin: IBM b-type SAN directors and switches is affected by privilege escalation vulnerability (CVE-2016-8202).

Summary IBM b-type SAN directors and switches has addressed the privilege escalation vulnerability CVE-2016-8202. Vulnerability Details CVEID:CVE-2016-8202 DESCRIPTION: Brocade Fabric OS could allow a remote authenticated attacker to gain elevated privileges on the system. By sending...

9CVSS9AI score0.03051EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/23 3:49 p.m.49 views

Security Bulletin: CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Advanced

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java . This affects IBM WebSphere Liberty used by IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-ja...

7.5CVSS6.3AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem 840 and 900

Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2017-18017 and CVE-2017-17449. An exploit of CVE-2017-18017 could allow a remote attacker to cause a denial of service condition. An exploit of CVE-2017-17449 could allo...

10CVSS7.8AI score0.52189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.49 views

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem 840 (CVEs 2015-0204, 2015-0488, and 2015-1916)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition version that is used by the IBM FlashSystem 840. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - April 2015. A man-in-the-middle exploit of one of these vulnerabilities could...

5CVSS6.8AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.49 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2018-17847 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an index out of...

7.5CVSS7.8AI score0.25939EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.49 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22476)

Summary WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console. The fix removes the identity spoofing vulnerability CVE-2022-22476 from Liberty. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server...

8.8CVSS6.5AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 12:38 p.m.49 views

Security Bulletin: IBM MQ Appliance is vulnerable to an XML External Entity Injection attack (CVE-2022-31775)

Summary IBM MQ Appliance has resolved an XML External Entity Injection vulnerability. Vulnerability Details CVEID:CVE-2022-31775 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External...

9.1CVSS7.4AI score0.0115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 11:54 a.m.49 views

Security Bulletin: IBM MQ Appliance is vulnerable to identity spoofing (CVE-2022-22476)

Summary IBM MQ Appliance has resolved an identity spoofing vulnerability. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially...

8.8CVSS6.5AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 4:7 p.m.49 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)

Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2022-42003. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML...

7.5CVSS7.3AI score0.02824EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/06 8:32 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

5.3CVSS5.7AI score0.01746EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/03 4:21 p.m.49 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js command execution vulnerability (CVE-2022-43548)

Summary Potential command execution vulnerability in Node.js CVE-2022-43548 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attack...

8.1CVSS8.4AI score0.14024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:46 p.m.49 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs)

Summary There are multiple vulnerabilities in Eclipse Jetty that could allow an attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-34428...

6.1CVSS6.8AI score0.7848EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 3:21 p.m.49 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go (CVE-2022-24921, CVE-2022-28327, CVE-2022-24675)

Summary IBM Cloud Pak for Multicloud Management Monitoring has patched its use of Golang Go due to vulnerabilities with that runtime. Vulnerability Details CVEID:CVE-2022-24921 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a...

7.5CVSS9.3AI score0.05335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 4:27 p.m.49 views

Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.7-x packageslibxml2, expat, libtasn1 and systemd that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remo...

9.1CVSS8.5AI score0.22791EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 11:28 a.m.49 views

Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-45143

Summary IBM UrbanCode Build is affected by CVE-2022-45143 Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By...

7.5CVSS7.3AI score0.02505EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000