Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:59 p.m.49 views

Security Bulletin: Jackson-databind vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-14439, CVE-2019-14379)

Summary Jackson-databind is vulnerable to a remote attacker obtaining sensitive information or executing arbitrary code on the system which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-14439 Description: FasterXML jackson-databin...

9.8CVSS9.4AI score0.10763EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:59 p.m.49 views

Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810)

Summary There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a...

5CVSS6.5AI score0.13872EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/18 8:34 a.m.49 views

Security Bulletin: Cloud Pak for Security vulnerable to information exposure (CVE-2021-35567)

Summary Cloud Pak for Security v1.8.1.0 and earlier is vulnerable to CVE-2021-35567 due to the usage of Java SE in product components. This could allow an attacker to obtain potentially sensitve information. Cloud Pack for Security has issued a fix to address the issue. Vulnerability Details CVEI...

6.8CVSS6.1AI score0.027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/17 8:29 a.m.49 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System.

Summary OpenSSL used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVEs CVE-2021-23840,CVE-2021-23841. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in...

7.5CVSS7.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/16 10:9 p.m.49 views

Security Bulletin: Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)

Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system...

7.2CVSS1.1AI score0.83524EPSS
Exploits81Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/15 11:21 p.m.49 views

Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an issue within the channel process.(CVE-2021-39034)

Summary An issue was identified in the IBM MQ Version 9.1 queue manager channel process on Solaris platforms, that could be exploited by an attacker to cause a denial of service attack. Vulnerability Details CVEID: CVE-2021-39034 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack...

7.5CVSS6.8AI score0.01156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/02 7:47 p.m.49 views

Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Enterprise contains a component called EDB failover manager EFM and uses a version of log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-45105...

10CVSS0.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/28 9:31 p.m.49 views

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to an Information Disclosure (CVE-2022-22310)

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server Liberty have been published in a security bulletin. Vulnerability Details Refer to the securit...

6.5CVSS6.7AI score0.01012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 4:26 p.m.49 views

Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components

Summary Cloud Pak for Automation has released cummulative security fixes addressing vulnerabilities in several of its components. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrar...

9.8CVSS10.2AI score0.50732EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/15 7:49 a.m.49 views

Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM Security Access Manager for Enterprise Single Sign-On as part of its logging infrastructure. IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105 and...

10CVSS1.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 3:49 p.m.49 views

Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797

Summary Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797 with details below Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header names. By sendin...

6.5CVSS0.6AI score0.02682EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 1:59 p.m.49 views

Security Bulletin: Due to Apache Log4j, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary There are vulnerabilities in the Apache Log4j open source library. The library is used by IBM CloudPak foundational services which is a dependency of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. The fix includes upgrade to Apache Log4j v2.17. Vulnerability Details CVEID:...

10CVSS0.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/12 9:6 p.m.49 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2021-4104, CVE-2021-45046)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

9CVSS2AI score0.99977EPSS
Exploits41Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/10 5:20 p.m.49 views

Security Bulletin: IBM WebSphere Service Registry and Repository is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution (CVE-2021-4104, CVE-2021-45046 and CVE-2021-44832)

Summary IBM WebSphere Application Server, which is included as a component of IBM WebSphere Service Registry and Repository, is vulnerable to the Apache Log4j vulnerabilities. Remediation information about the security vulnerabilities has been published in a security bulletin. The fix addresses t...

9CVSS3AI score0.99999EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/08 8:32 p.m.49 views

Security Bulletin: IBM Cloud Pak for Applications is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-44832)

Summary Multiple vulnerabilities in Apache Log4j affect IBM WebSphere Application Server which is bundled with IBM Cloud Pak for Applications CVE-2021-45105 and CVE-2021-44832. The fix addresses the vulnerabilities by removing Apache Log4j. Vulnerability Details Refer to the security bulletins...

8.5CVSS3.9AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 3:59 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j impact IBM Sterling External Authentication Server (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling External Authentication Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-45105,CVE-2021-45046. The fix includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache...

10CVSS1.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 8:44 p.m.49 views

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics Subscription (CVE-2021-44228)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary co...

10CVSS1.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:45 p.m.49 views

Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang

Summary IBM Event Streams affected by multiple vulnerabilities in Golang Vulnerability Details CVEID: CVE-2021-33195 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not following RFC 1035 rules in the LookupCNAME, LookupSRV, LookupMX,...

7.5CVSS8.6AI score0.03775EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 4:56 a.m.49 views

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-44228)

Summary Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0. An attacker who can control log messages or log message parameters can execute arbitrary code leading to Remote Code Execution RCE attacks. IBM App Connect for Manufacturing 2.0 has addressed the vulnerability...

10CVSS1.4AI score0.99999EPSS
Exploits351
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/14 3:28 a.m.49 views

Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer.

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.8 that is used by IBM Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in October 2021 . Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified...

9.8CVSS7.1AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/09 7:56 a.m.49 views

Security Bulletin: Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL affect IBM Spectrum Control

Summary Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large...

9.8CVSS7.9AI score0.50445EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/07 7:14 p.m.49 views

Security Bulletin: This Power System update is being released to address CVE 2019-6260

Summary POWER8/POWER9: In response to a security issue with BMC's physical address space, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2019-6260. Vulnerability Details CVEID: CVE 2019-6260 DESCRIPTION: The ASPEED AST2400 and...

9.8CVSS8.7AI score0.03631EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/15 3:38 p.m.49 views

Security Bulletin: IBM MQ is vulnerable to an issue in Eclipse Jetty (CVE-2021-28165)

Summary An issue was identified in Eclipse Jetty that affects IBM MQ. Eclipse Jetty is used within the MQ Explorer, MQ Salesforce Bridge and MQ Blockchain Bridge components. Vulnerability Details CVEID: CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by...

7.8CVSS1.1AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/04 5:59 p.m.49 views

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-36185 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to...

8.8CVSS1.6AI score0.20929EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/01 4:46 p.m.49 views

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3711)

Summary MessageGateway has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of th...

9.8CVSS10AI score0.87816EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.49 views

Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a...

9.1CVSS0.6AI score0.13474EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.49 views

Security Bulletin: Vulnerabilities in GNU C Library Affect Power Hardware Management Console (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)

Summary GNU C Library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2013-7423 DESCRIPTION:The senddg function in resolv/ressend.c in GNU C Library aka glibc or libc6 before 2.20 does not properly reuse file descriptors,...

7.8CVSS8.8AI score0.07688EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.49 views

Security Bulletin: Vulnerabilities in glibc affect Power Hardware Management Console (CVE-2015-7547, CVE-2014-9761, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778, CVE-2015-8779)

Summary glibc is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nssdns backend for the...

9.8CVSS9.1AI score0.89557EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:5 p.m.49 views

Security Bulletin: Vulnerabilities in Glibc affect Power Hardware Management Console ( CVE-2017-15670, CVE-2017-12132, CVE-2015-5180, CVE-2014-9402)

Summary Glibc is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details Relevant CVE Information: CVEID: CVE-2017-15670 DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob...

9.8CVSS9.3AI score0.07688EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/14 3:22 p.m.49 views

Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway

Summary Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high...

5.9CVSS2AI score0.03125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/08 1:1 p.m.49 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-2773)

Summary Vulnerabilities in IBM® SDK Java™ Technology ,used by IBM Integration Bus & IBM App Connect Enterprise v11, v12. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability in Java SE...

4.3CVSS0.7AI score0.03625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/01 8:54 a.m.49 views

Security Bulletin: Vulnerabilities in Apache Commons and Node.js affect IBM Spectrum Protect Plus

Summary Vulnerabilities in Apache Commons and Node .js such as denial of service, execution of arbitrary commands on the system, and elevated privileges, may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote...

9.8CVSS1.7AI score0.23132EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/10 8:12 p.m.49 views

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-13990 DESCRIPTION: Terracotta could allow a remote attacker to obtain sensitive information, caused by improper handling of...

9.8CVSS0.7AI score0.17611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/04 7:37 a.m.49 views

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise v11 are affected by vulnerabilities in Node.js (CVE-2021-3450, CVE-2021-3449)

Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security...

7.4CVSS1.2AI score0.62906EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/26 1:9 p.m.49 views

Security Bulletin: GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution

Summary GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution Vulnerability Details CVEID: CVE-2021-20225 DESCRIPTION: GNU GRUB2 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds write flaw in the short form...

8.2CVSS0.9AI score0.01738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/02 9:53 a.m.49 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.41 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2019-0199 and CVE-2019-10072 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2019-0199 DESCRIPTION: Apache...

7.5CVSS0.1AI score0.72988EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/22 6:8 p.m.49 views

Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-14845 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high...

8CVSS6.2AI score0.03012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/21 11:5 p.m.49 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient

Summary A vulnerability in Apache httpclient used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority...

5.3CVSS1.1AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/16 7:41 p.m.49 views

Security Bulletin: ICU Vulnerability Affects IBM Control Center (CVE-2020-10531)

Summary International Components for Unicode ICU for C/C++ is vulnerable to a heap-based buffer overflow, caused by an integer overflow. Vulnerability Details CVEID: CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C is vulnerable to a heap-based buffer overflow, caused ...

8.8CVSS9.4AI score0.02669EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/14 2:5 p.m.49 views

Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sendi...

7.4CVSS1AI score0.62906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/04 2:38 a.m.49 views

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by a Python vulnerability

Summary There is a vulnerability in Python used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator havs addressed the applicable CVE, CVE-2021-3177 by upgrade python to version 3.7.10 Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS2.2AI score0.23293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 5:40 p.m.49 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An...

9.8CVSS1.9AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/13 4:24 p.m.49 views

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2019-19049 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the unittestdataadd function in drivers/of/unittest.c. A remote attacker could exploit this...

7.8CVSS1AI score0.05077EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/09 6:6 a.m.49 views

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager (CVE-2020-14803, CVE-2020-27221).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle January 2021 Critical Patch Update. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

1.8AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/16 7:55 p.m.49 views

Security Bulletin: Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances.

Summary Multiple Security Vulnerabilities have been fixed in both the IBM Security Access Manager and IBM Security Verify Access appliances. Vulnerability Details CVEID: CVE-2019-17498 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when connecting to a...

9.8CVSS1.1AI score0.17939EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/27 3:41 a.m.49 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when unmarshalling. By manipulating the processed input stream, a remot...

9.3CVSS1.3AI score0.85001EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/25 2:37 p.m.49 views

Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)

Summary opensaml-2.6.4.jar vulnerable to CVE-2015-1796, Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority...

4.3CVSS1.3AI score0.01256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/13 5:55 p.m.49 views

Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway vulnerable to denial of service (CVE-2020-11612)

Summary A vulnerability was identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoder...

7.5CVSS2.2AI score0.09438EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/11 3:49 p.m.49 views

Security Bulletin: OpenSSL for IBM i is affected by CVE-2020-1971

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit...

5.9CVSS1.6AI score0.06968EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/06 1:23 p.m.49 views

Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability (CVE-2020-7676)

Summary IBM MQ Appliance has addressed a cross-site scripting vulnerability. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject...

5.4CVSS1.1AI score0.02142EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000