Lucene search
K
IbmMost viewed

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2022/10/06 4:10 a.m.•49 views

Security Bulletin: IBM Robotic Process Automation may be vulnerable to denial of service due to microsoft.owin.security.cookies (CVE-2022-29117)

Summary microsoft.owin.security.cookies is used by IBM Robotic Process Automation as part of Miscrosoft ASP.NET. CVE-2022-29117 Vulnerability Details CVEID:CVE-2022-29117 DESCRIPTION: Microsoft ASP.NET and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request...

7.5CVSS7.2AI score0.04913EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/29 1:7 p.m.•49 views

Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Multiple Vulnerabilities found in Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a...

5.5CVSS6.2AI score0.0262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/26 4:23 a.m.•49 views

Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013-0587| Moderate:...

10CVSS7.2AI score0.73364EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/25 9:6 p.m.•49 views

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Abstract This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...

10CVSS8AI score0.98704EPSS
Exploits55Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/21 10:0 a.m.•49 views

Security Bulletin: A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details CVEID:CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused b...

5.9CVSS5.1AI score0.0126EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/14 3:2 p.m.•49 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is...

7.9AI score0.49268EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/09 1:15 p.m.•49 views

Security Bulletin: qs (QueryString) package in the Service Portal of IBM Control Desk is vulnerable (CVE-2014-7191 and CVE-2017-1000048)

Summary As per the BlackDuck Scan, there is one package qs QueryString which is vulnerable in the Service Portal. The qs QueryString package is coming from multer modules installed as npm package. Vulnerability Details CVEID:CVE-2014-7191 DESCRIPTION: Node.js is vulnerable to a denial of service,...

7.3AI score0.08309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 7:31 a.m.•49 views

Security Bulletin: A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-25032)

Summary A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions Web Response Time agent. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of...

7.5CVSS8AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/08 12:26 a.m.•49 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.7

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Vulnerability Details CVEID: CVE-2015-1932 DESCRIPTION: IBM WebSphere Application Serv...

5CVSS6.4AI score0.02107EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2022/09/07 1:49 p.m.•49 views

Security Bulletin: Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE)

Summary Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

9.8CVSS9.1AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/31 11:45 a.m.•49 views

Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Summary Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrary code on the system...

9.8CVSS9.7AI score0.54889EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/17 5:45 a.m.•49 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

7.5CVSS6.5AI score0.0227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/16 6:2 a.m.•49 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2022-22473)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.2.0. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS4.6AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/08/10 9:31 a.m.•49 views

Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987)

Summary This security vulnerability affects the Node.js got module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...

5.3CVSS6.2AI score0.01855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/07/15 3:54 p.m.•49 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities due to its use of IBM JAVA (CVE-2021-35560, CVE-2021-35578, CVE-2021-35565, CVE-2021-35603)

Summary IBM Java is the runtime environment used by several components in IBM Cloud Pak for Multicloud Management Monitoring and contains several security vulnerabilities. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...

7.5CVSS1.9AI score0.06886EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/07 5:50 a.m.•49 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in...

9.8CVSS0.8AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/01 1:5 p.m.•49 views

Security Bulletin: Vulnerability in IBM Java SDK affects IMSâ„¢ Enterprise Suite: Explorer for Development (CVE-2020-14577)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.6.5 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in July 2020. Vulnerability Details CVEID: CVE-2020-14577 DESCRIPTION: A...

4.3CVSS1.2AI score0.03284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/06/01 10:50 a.m.•49 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2022 Critical Patch Update, except for CVE-2022-21426 which will be described in a future bulletin. For more information please refer to Oracle's April 2022 CPU Advisory and the X-Force database...

5.3CVSS1.1AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/31 10:29 p.m.•49 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for JavaScript templating. All IBM App Connect Enterprise Certified Container DesignerAuthoring operands, and IntegrationServer operands that run Designer flows may be vulnerable to code injection. This bulletin...

9.8CVSS7.1AI score0.32386EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/24 6:37 p.m.•49 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-24025 DESCRIPTION: node-sass...

8.6CVSS1AI score0.15014EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/05/02 12:17 p.m.•49 views

Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)

Summary A vulnerability in IBM JAVA JDK could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2022-21291...

5.3CVSS1.3AI score0.02896EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/28 11:37 a.m.•49 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal due to CVE-2022-24785

Summary Node.js module moment is used by IBM App Connect Enterprise Certified Container for processing dates and times. IBM App Connect Enterprise Certified Container operands may be vulnerable to directory traversal. This bulletin provides patch information to address the reported vulnerability...

7.5CVSS1AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/27 11:2 a.m.•49 views

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2020-25717)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow remote authenticated attacker to gain elevated privileges . Vulnerability Details CVEID: CVE-2020-25717 DESCRIPTION: Samba could allow a remote authenticated attacker to gain elevated privileges o...

8.1CVSS2.4AI score0.01612EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/27 10:23 a.m.•49 views

Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...

7.5CVSS7AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/27 9:58 a.m.•49 views

Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

6.8CVSS8AI score0.99977EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/22 1:35 p.m.•49 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22898 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEWENV variables. By sending a specially-crafted...

3.1CVSS0.7AI score0.04385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/20 3:53 p.m.•49 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System.

Summary OpenSSL used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVECVE-2021-3712. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read wh...

7.4CVSS2.3AI score0.50445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/04/11 3:7 p.m.•49 views

Security Bulletin: Open Source OpenSSL, GNUTls, RHEL CVE-2016-8610 'SSL-Death-Alert' affects IBM Cisco switches and directors.

Summary Open Source OpenSSL is used by IBM Cisco switches and directors. IBM Cisco switches and directors has addressed the CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when...

7.5CVSS0.9AI score0.39657EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/23 10:7 p.m.•49 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)

Summary Node.js is vulnerable to a denial of service or could allow a remote attacker to bypass security restrictions. These vulnerabilities may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security...

9.3CVSS9.5AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/23 3:43 p.m.•49 views

Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35550).

Summary IBM License Metric Tool is vulnerable to attacks related to Java TLS vulnerability. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...

7.1CVSS5.8AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/22 4:47 p.m.•49 views

Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)

Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...

10CVSS1.2AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/22 4:8 p.m.•49 views

Security Bulletin: Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104)

Summary There is a vulnerability in the Apache log4j library shipped with WebSphere Service Registry and Repository. This vulnerability also affects IBM WebSphere Application Server which is shipped with WebSphere Service Registry and Repository. For both products this vulnerability has been...

9CVSS1.2AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/17 3:37 p.m.•49 views

Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-4104, CVE-2021-29469, CVE-2021-44531, CVE-2021-44531, CVE-2022-21824, CVE-2021-29899, CVE-2021-27290 )

Summary There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises. All issues listed below are fixed in RQA release 3.1.3 Vulnerability Details CVEID: CVE-2021-29899 DESCRIPTION: IBM Engineering Requirements Quality Assistant could allow an...

8.2CVSS9.3AI score0.81147EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/03/15 2:59 p.m.•49 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Pak for Network Automation (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Cloud Pak for Network Automation to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker t...

10CVSS1.2AI score0.99999EPSS
Exploits352Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/23 7:48 p.m.•49 views

Security Bulletin: Vulnerabilities in OpenSSL affect Network Intrusion Prevention System (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Intrusion Prevention System. IBM Security Intrusion Prevention System has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL could...

7.5CVSS8.2AI score0.44503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/22 7:59 p.m.•49 views

Security Bulletin: Jackson-databind vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-14439, CVE-2019-14379)

Summary Jackson-databind is vulnerable to a remote attacker obtaining sensitive information or executing arbitrary code on the system which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-14439 Description: FasterXML jackson-databin...

9.8CVSS9.4AI score0.10763EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/22 7:59 p.m.•49 views

Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810)

Summary There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a...

5CVSS6.5AI score0.13872EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/22 7:59 p.m.•49 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)

Summary Node.js denial of service vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-9511 Description: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...

7.8CVSS7.6AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/18 8:34 a.m.•49 views

Security Bulletin: Cloud Pak for Security vulnerable to information exposure (CVE-2021-35567)

Summary Cloud Pak for Security v1.8.1.0 and earlier is vulnerable to CVE-2021-35567 due to the usage of Java SE in product components. This could allow an attacker to obtain potentially sensitve information. Cloud Pack for Security has issued a fix to address the issue. Vulnerability Details CVEI...

6.8CVSS6.1AI score0.027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/17 8:29 a.m.•49 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System.

Summary OpenSSL used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVEs CVE-2021-23840,CVE-2021-23841. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in...

7.5CVSS7.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/16 10:9 p.m.•49 views

Security Bulletin: Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)

Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system...

7.2CVSS1.1AI score0.83524EPSS
Exploits81Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/15 11:21 p.m.•49 views

Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an issue within the channel process.(CVE-2021-39034)

Summary An issue was identified in the IBM MQ Version 9.1 queue manager channel process on Solaris platforms, that could be exploited by an attacker to cause a denial of service attack. Vulnerability Details CVEID: CVE-2021-39034 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack...

7.5CVSS6.8AI score0.01156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/02/02 7:47 p.m.•49 views

Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Enterprise contains a component called EDB failover manager EFM and uses a version of log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-45105...

10CVSS0.9AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/28 9:31 p.m.•49 views

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to an Information Disclosure (CVE-2022-22310)

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server Liberty have been published in a security bulletin. Vulnerability Details Refer to the securit...

6.5CVSS6.7AI score0.01012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/15 7:49 a.m.•49 views

Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM Security Access Manager for Enterprise Single Sign-On as part of its logging infrastructure. IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105 and...

10CVSS1.5AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/13 3:49 p.m.•49 views

Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797

Summary Security Bulletin: Operations Dashboard is vulnerable to Netty CVE-2021-43797 with details below Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header names. By sendin...

6.5CVSS0.6AI score0.02682EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/13 1:59 p.m.•49 views

Security Bulletin: Due to Apache Log4j, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary There are vulnerabilities in the Apache Log4j open source library. The library is used by IBM CloudPak foundational services which is a dependency of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. The fix includes upgrade to Apache Log4j v2.17. Vulnerability Details CVEID:...

10CVSS0.8AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/12 9:6 p.m.•49 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2021-4104, CVE-2021-45046)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

9CVSS2AI score0.99977EPSS
Exploits41Affected Software14
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/10 5:20 p.m.•49 views

Security Bulletin: IBM WebSphere Service Registry and Repository is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution (CVE-2021-4104, CVE-2021-45046 and CVE-2021-44832)

Summary IBM WebSphere Application Server, which is included as a component of IBM WebSphere Service Registry and Repository, is vulnerable to the Apache Log4j vulnerabilities. Remediation information about the security vulnerabilities has been published in a security bulletin. The fix addresses t...

9CVSS3AI score0.99999EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2022/01/08 8:32 p.m.•49 views

Security Bulletin: IBM Cloud Pak for Applications is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-44832)

Summary Multiple vulnerabilities in Apache Log4j affect IBM WebSphere Application Server which is bundled with IBM Cloud Pak for Applications CVE-2021-45105 and CVE-2021-44832. The fix addresses the vulnerabilities by removing Apache Log4j. Vulnerability Details Refer to the security bulletins...

8.5CVSS3.9AI score0.99999EPSS
Exploits22Affected Software1
Total number of security vulnerabilities5000