Lucene search
K
IbmMost viewed

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.49 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-24921).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go, caused by improper input validation, which may be exploited to cause a goroutine stack exhaustion CVE-2022-24921. Golang Go is included in some of the operators used in IBM...

7.5CVSS7.4AI score0.03255EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.49 views

Security Bulletin: OpenSSL Vulnerability Affects Watson Speech Services

Summary A Redhat OpenSSL Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 2:37 p.m.49 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to Node.js (CVE-2022-43548 & CVE-2022-35256)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to Node.js CVE-2022-43548 & CVE-2022-35256. The fix includes Node.js 14.21.1 Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code o...

8.1CVSS8.5AI score0.14024EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 3:10 a.m.49 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Summary IBM Sterling Connect:Direct Web Services has addressed a denial of service vulnerability due to FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...

7.5CVSS7.3AI score0.02656EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 3:55 p.m.49 views

Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Multiple security vulnerabilities have been reported for Jackson JSON library that is used by IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused ...

9.8CVSS8.9AI score0.49727EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 9:15 a.m.49 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603 with details below. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular...

7.5CVSS8.1AI score0.02029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 3:9 p.m.49 views

Security Bulletin: Vulnerabilities in Log4j affects IBM Cloud Application Business Insights CVE-2021-44228

Summary Vulnerabilities in Log4j CVE-2021-44228 affects IBM Cloud Application Business Insights Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled...

10CVSS9.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/15 5:59 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By usi...

9.8CVSS9.8AI score0.1593EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.25 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in April 2019. Vulnerability...

8.1CVSS8.6AI score0.37618EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/07 11:22 a.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to loss of confidentiality due to CVE-2022-28615

Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to loss of confidentiality. This bulletin provides patch information...

9.1CVSS9.1AI score0.05729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 5:32 p.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to loss of confidentiality due to CVE-2022-32148

Summary The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands utilise Golang Go. The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to loss of confidentiality. This bulletin provides patch information t...

6.5CVSS6.9AI score0.01103EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 5:5 p.m.49 views

Security Bulletin: AIX is affected by arbitrary code execution [CVE-2022-40674] and denial of service [CVE-2020-10735] due to Python

Summary Vulnerabilities in Python could allow an attacker to execute arbitrary code CVE-2022-40674 or cause a denial of service CVE-2020-10735. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2022-40674 DESCRIPTION: libexpat could allow a remot...

8.1CVSS8.7AI score0.03213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 2:32 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.5. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker cou...

9.8CVSS9.3AI score0.68796EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/24 8:9 p.m.49 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Open SSL is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-0778 Expat aka libexpat is used by IBM Robotic Process Automation for Cloud Pak as dependen...

9.8CVSS9.9AI score0.70561EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 12:19 p.m.49 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages containerd, gnupg2, runc and IBM WebSphere Application Server Liberty that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-23648 DESCRIPTION...

8.8CVSS7.6AI score0.27392EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/19 9:11 p.m.49 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow a remote attacker to execute...

9.8CVSS9.2AI score0.04581EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 8:24 p.m.49 views

Security Bulletin: Multiple denial of service vulnerabilities in Apache Xerces affect IBM InfoSphere Information Server

Summary Multiple denial of service vulnerabilities in Apache Xerces used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. ...

7.5CVSS7.1AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.49 views

Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud

Summary Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud July 2021 CPU. Vulnerability Details CVEID:CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system...

7.5CVSS6.7AI score0.04008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 6:50 p.m.49 views

Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824)

Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerability. The vulnerability is caused by Node.js which could provide weaker than expected security, caused by an error related to the formatting logic of the console.table function...

8.2CVSS7.9AI score0.21514EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 5:4 a.m.49 views

Security Bulletin: JQuery UI shipped with IBM Tivoli Netcool Impact is vulnerable to XSS (CVE-2022-31160)

Summary JQuery UI is used by IBM Tivoli Netcool Impact as part of its UI framework. Information about a security vulnerability affecting JQuery UI has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting,...

6.1CVSS6.4AI score0.01933EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/29 1:7 p.m.49 views

Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Multiple Vulnerabilities found in Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a...

5.5CVSS6.2AI score0.0262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 10:21 p.m.49 views

Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)

Abstract Earlier versions of the Transport Layer Security TLS protocol are affected by a publicly disclosed vulnerability that could allow information disclosure if an attacker is carrying out a man-in-the-middle attack. Customers can avoid the vulnerability by following workarounds recommended b...

4.3CVSS7.1AI score0.73327EPSS
Exploits4Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.49 views

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Abstract This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...

10CVSS8AI score0.98704EPSS
Exploits55Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:2 p.m.49 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is...

7.9AI score0.49268EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/09 1:15 p.m.49 views

Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)

Summary As per the BlackDuck Scan, there is one package qs QueryString which is vulnerable in the Service Portal. The qs QueryString package is coming from multer modules installed as npm package. Vulnerability Details CVEID:CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service,...

7.3AI score0.08309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 7:31 a.m.49 views

Security Bulletin: A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-25032)

Summary A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions Web Response Time agent. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of...

7.5CVSS8AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/08 12:26 a.m.49 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.7

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Vulnerability Details CVEID: CVE-2015-1932 DESCRIPTION: IBM WebSphere Application Serv...

5CVSS6.4AI score0.02107EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/07 1:49 p.m.49 views

Security Bulletin: Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE)

Summary Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

9.8CVSS9.1AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/31 11:45 a.m.49 views

Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Summary Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrary code on the system...

9.8CVSS9.7AI score0.54889EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/17 5:45 a.m.49 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

7.5CVSS6.5AI score0.0227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/16 6:2 a.m.49 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2022-22473)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.2.0. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS4.6AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/10 9:31 a.m.49 views

Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987)

Summary This security vulnerability affects the Node.js got module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...

5.3CVSS6.2AI score0.01855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/15 3:54 p.m.49 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities due to its use of IBM JAVA (CVE-2021-35560, CVE-2021-35578, CVE-2021-35565, CVE-2021-35603)

Summary IBM Java is the runtime environment used by several components in IBM Cloud Pak for Multicloud Management Monitoring and contains several security vulnerabilities. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...

7.5CVSS1.9AI score0.06886EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/07 5:50 a.m.49 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in...

9.8CVSS0.8AI score0.99677EPSS
Exploits101Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.49 views

Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2020-14577)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.6.5 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: A...

4.3CVSS1.2AI score0.03284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 10:50 a.m.49 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2022 Critical Patch Update, except for CVE-2022-21426 which will be described in a future bulletin. For more information please refer to Oracle's April 2022 CPU Advisory and the X-Force database...

5.3CVSS1.1AI score0.03028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 10:29 p.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for JavaScript templating. All IBM App Connect Enterprise Certified Container DesignerAuthoring operands, and IntegrationServer operands that run Designer flows may be vulnerable to code injection. This bulletin...

9.8CVSS7.1AI score0.32386EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/02 12:17 p.m.49 views

Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)

Summary A vulnerability in IBM JAVA JDK could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2022-21291...

5.3CVSS1.3AI score0.02896EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/28 11:37 a.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal due to CVE-2022-24785

Summary Node.js module moment is used by IBM App Connect Enterprise Certified Container for processing dates and times. IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal. This bulletin provides patch information to address the reported vulnerability...

7.5CVSS1AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 11:2 a.m.49 views

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2020-25717)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow remote authenticated attacker to gain elevated privileges . Vulnerability Details CVEID: CVE-2020-25717 DESCRIPTION: Samba could allow a remote authenticated attacker to gain elevated privileges o...

8.1CVSS2.4AI score0.01612EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.49 views

Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...

7.5CVSS7AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.49 views

Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

6.8CVSS8AI score0.99977EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 1:35 p.m.49 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22898 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEWENV variables. By sending a specially-crafted...

3.1CVSS0.7AI score0.04385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/20 3:53 p.m.49 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System.

Summary OpenSSL used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2021-3712. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read wh...

7.4CVSS2.3AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 3:7 p.m.49 views

Security Bulletin: Open Source OpenSSL, GNUTls, RHEL CVE-2016-8610 'SSL-Death-Alert' affects IBM Cisco switches and directors.

Summary Open Source OpenSSL is used by IBM Cisco switches and directors. IBM Cisco switches and directors has addressed the CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when...

7.5CVSS0.9AI score0.39657EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 10:7 p.m.49 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)

Summary Node.js is vulnerable to a denial of service or could allow a remote attacker to bypass security restrictions. These vulnerabilities may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security...

9.3CVSS9.5AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 3:43 p.m.49 views

Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35550).

Summary IBM License Metric Tool is vulnerable to attacks related to Java TLS vulnerability. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...

7.1CVSS5.8AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/22 4:47 p.m.49 views

Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)

Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...

10CVSS1.2AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/22 4:8 p.m.49 views

Security Bulletin: Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104)

Summary There is a vulnerability in the Apache log4j library shipped with WebSphere Service Registry and Repository. This vulnerability also affects IBM WebSphere Application Server which is shipped with WebSphere Service Registry and Repository. For both products this vulnerability has been...

9CVSS1.2AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/17 3:37 p.m.49 views

Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-4104, CVE-2021-29469, CVE-2021-44531, CVE-2021-44531, CVE-2022-21824, CVE-2021-29899, CVE-2021-27290 )

Summary There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises. All issues listed below are fixed in RQA release 3.1.3 Vulnerability Details CVEID: CVE-2021-29899 DESCRIPTION: IBM Engineering Requirements Quality Assistant could allow an...

8.2CVSS9.3AI score0.81147EPSS
Exploits11Affected Software1
Total number of security vulnerabilities5000