Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/11 3:7 p.m.48 views

Security Bulletin: Vulnerabilities in Python packages might affect IBM Storage Defender – Resiliency Service (CVE-2024-22195, CVE-2024-26130, CVE-2023-50782)

Summary IBM Storage Defender – Resiliency Service is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The...

7.5CVSS7.9AI score0.01118EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/05 9:6 a.m.48 views

Security Bulletin: axios-1.5.0.tgz and axios-1.5.1.tgz is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses axios-1.5.0.tgz and axios-1.5.1.tgz which is vulnerable to CVE-2023-45857 Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 7:23 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow Configuration Editor packages a Node.js runtime. Vulnerabilities have been reported for Node.js. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by...

9.8CVSS8.3AI score0.04459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/28 5:16 p.m.48 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-50447 DESCRIPTION: Pillow could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the...

10CVSS9.9AI score0.02983EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/23 8:37 p.m.48 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to an unspecified vulnerability and denial of service due to IBM Runtime Environment Java Technology Edition

Summary IBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by an unspecified vulnerability and denial of...

5.9CVSS5.8AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 4:16 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Scale (CVE-2023-46158, CVE-2023-44487)

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could provide weaker than expected security due to improper resource expiration handling. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Libert...

9.8CVSS8.1AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 11:13 a.m.48 views

Security Bulletin: IBM Observability with Instana is affected by multiple vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana : CVE-2023-43646, CVE-2023-2454, CVE-2022-31197, CVE-2023-39533, CVE-2021-20218 Vulnerability Details CVEID:CVE-2023-43646 DESCRIPTION: Chai.js Assertion Library get-func-name is vulnerable to a denial of service,...

8.6CVSS9.3AI score0.01662EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 12:9 p.m.48 views

Security Bulletin: IBM Asset Data Dictionary Component uses netty-codec-http2-4.1.94, netty-handler-4.1.86 and netty-handler-4.1.92 which is vulnerable to CVE-2023-44487 and CVE-2023-34462

Summary IBM Asset Data Dictionary Component uses netty-codec-http2-4.1.94, netty-handler-4.1.86 and netty-handler-4.1.92 which is vulnerable to CVE-2023-44487 and CVE-2023-34462. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS7.9AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/18 5:47 p.m.48 views

Security Bulletin: Vulnerability in CloudPak for AIOPs [CVE-2023-46233]

Summary Vulnerability was addressed in IBM Cloud Pak for AIOps version 4.3.0 CVE-2023-46233 Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allow a remote attacker to obtain sensitive information, caused by the use of a weak cryptographic hash algorithm. By utilize...

9.1CVSS8.8AI score0.00635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:30 p.m.48 views

Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following vulnerabilities in ntp. Vulnerability Details CVEID: CVE-2018-7185 DESCRIPTION: NTP is vulnerable to a denial of service. By sending specially crafted packets, a remote...

9.8CVSS1.5AI score0.2985EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/06 4:17 p.m.48 views

Security Bulletin: Multiple vulnerabilities in go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary Multiple vulnerabilities in the go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. These vulnerabilities are fixed. Vulnerability Details CVEID:CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509...

8.8CVSS10AI score0.50445EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 8:53 p.m.48 views

Security Bulletin: CVE-2022-41713 An issue was discovered in deep-object-diff version 1.1.0

Summary CVE-2022-41713 deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited. Vulnerability Details...

5.3CVSS5.3AI score0.00643EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/10 6:22 a.m.48 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597

Summary All applicable Java SE CVEs published by Oracle as part of their April 2023 Critical Patch Update plus CVE-2023-2597. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: ELM Installer, IBM Engineering Lifecycle...

9.1CVSS6.5AI score0.00422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/06 12:56 p.m.48 views

Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Asset Management application (CVE-2023-26048)

Summary There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Asset Management application CVE-2023-26048 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

5.3CVSS6.2AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/30 8:21 a.m.48 views

Security Bulletin: Multiple vulnerabilities exist in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager.

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details...

9.1CVSS8.4AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/19 4:28 p.m.48 views

Security Bulletin: IBM Rational Build Forge is vulnerable to a denial of service due to the use of Apache HTTP server (CVE-2022-29404).

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-29404 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by no default limit on possible input size. By sending a specially...

7.5CVSS8.4AI score0.05678EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/12 7:11 p.m.48 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.13 and earlier

Summary This fix upgrades to node 18.18.0 and grpc 1.58.0. Vulnerability Details CVEID:CVE-2023-4785 DESCRIPTION: Google gRPC is vulnerable to a denial of service, caused by a lack of error handling in the TCP server on posix-compatible platforms. By initiating a significant number of connections...

9.8CVSS8.1AI score0.01817EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 1:57 p.m.48 views

Security Bulletin: IBM OpenPages with Watson has addressed multiple vulnerabilities from CKEditor (CVE-2022-24728, CVE-2022-24729)

Summary CKEditor open source library used by IBM OpenPages with Watson. CKEditor reported multiple vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-24729 DESCRIPTION: CKEditor is vulnerable to a denial of service, caused by a regular expression deni...

7.5CVSS7.1AI score0.02448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/03 9:59 a.m.48 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffer protobuf-cpp (CVE-2022-1941)

Summary DFDL message parsing in IBM App Connect Enterprise is affected by a denial of service due to Google Protocol Buffer protobuf-cpp CVE-2022-1941. The fix includes 3.21.5. Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsin...

7.5CVSS7.3AI score0.01191EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/30 4:30 a.m.48 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Google Guava (CVE-2023-2976)

Summary Google Guava is shipped with IBM Tivoli Netcool Impact as part of it's backend infrastructure. Information about a security vulnerability affecting Google Guava has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a loc...

7.1CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 11:50 a.m.48 views

Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...

7.1CVSS6.5AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 10:55 a.m.48 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2023-29409

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2023-29409 with details below. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of...

5.3CVSS6.4AI score0.01328EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/20 12:42 p.m.48 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)

Summary IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. This affects The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty versions 22.0.0.7 and prior...

8.8CVSS6.5AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 8:5 p.m.48 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2023-2828)

Summary A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2023-2828. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2023-2828 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw that allows the...

7.5CVSS8AI score0.03776EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 5:6 p.m.48 views

Security Bulletin: There is a vulnerability in Netty used by IBM Maximo Asset Management ( CVE-2022-24823)

Summary There is a vulnerability in Netty used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-24823 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when temporary storing uploads on the disk is enabled. By gaini...

5.5CVSS6.6AI score0.01044EPSS
Exploits1Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/06 5:51 p.m.48 views

Security Bulletin: Jettison component is vulnerable to CVE-2022-45685 and CVE-2022-45693 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Jettison package which is vulnerable to CVE-2022-45685 and CVE-2022-45693. Vulnerability Details CVEID:CVE-2022-45685 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending an overly long string usi...

7.5CVSS7.6AI score0.01395EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 2:2 p.m.48 views

Security Bulletin: IBM Java SDK update forJava deserialization filters (JEP 290) ignored during IBM ORB deserialization

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 for Java deserialization filters JEP 290 ignored during IBM ORB deserialization that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues we...

9.8CVSS9.2AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/31 2:45 p.m.48 views

Security Bulletin: A vulnerability in Microsoft ASP.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2022-29117)

Summary Microsoft ASP.NET is used by IBM Robotic Process Automation as part of the application framework. CVE-2022-29117 Vulnerability Details CVEID:CVE-2022-29117 DESCRIPTION: Microsoft ASP.NET and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request, a...

7.5CVSS7.3AI score0.04913EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 3:34 p.m.48 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include gaining elevated privileges, obtaining sensitive information, causing the system to crash, causing denial of service conditions, an attacker could exploit the vulnerability to...

7.8CVSS9.3AI score0.12966EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 4:25 p.m.48 views

Security Bulletin: Watson Query potentially exposes adminstrator's key under some conditions due to CVE-2022-22410

Summary Watson Query is vulnerable to an internal attacker who can use an exposed administrator APIKEY to potentially alter system configuration or view customer data. The APIKEY is used to automatically create connections and assets to help reduce workload for the user. However, in some...

7.2CVSS5.6AI score0.007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 11:54 a.m.48 views

Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard

Summary Summary: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a...

7.5CVSS7.5AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 10:38 a.m.48 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

9.8CVSS8.7AI score0.17044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/04 7:15 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Apr 2023. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle...

9.1CVSS8.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 4:16 a.m.48 views

Security Bulletin: IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2455)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2023-2455 DESCRIPTION: PostgreSQL could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with row security policies disregard user ID changes aft...

5.4CVSS6.2AI score0.00694EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 9:29 a.m.48 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js CVE-2023-0842. The latest Fix Pack includes xml2js version 5.0 Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary...

5.3CVSS6.1AI score0.01404EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 2:28 p.m.48 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-35890)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security CVE-2023-35890 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products a...

5.5CVSS5.3AI score0.00122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 7:33 p.m.48 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2023-28513)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-28513 DESCRIPTION: IBM MQ, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. CVSS Base score: 5.9 CVSS Temporal Score: See:...

7.5CVSS6.4AI score0.00962EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 11:7 a.m.48 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-22978

Summary There is a vulnerability in Spring Security that could allow an remote attacker to bypass security restrictions and obtain access to the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.8CVSS9.2AI score0.10037EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/22 5:23 p.m.48 views

Security Bulletin: CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1

Summary CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-45142 DESCRIPTION: Heimdal could allow a remote attacker to obtain sensitive information,...

7.5CVSS7.4AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 5:31 p.m.48 views

Security Bulletin: Vulnerabilities in Node.js, XStream, Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, XStream, and Linux kernel. Vulnerabilities include causing a denial of service condition and HTTP request smuggling, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...

7.5CVSS8.1AI score0.19653EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 10:11 p.m.48 views

Security Bulletin: IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated CVE-2023-27871, CVE-2023-27873 and mitigated CVE-2023-27874 in IBM Aspera Faspex 4.4.2 PL3. Vulnerability Details CVEID:CVE-2023-27874 DESCRIPTION: IBM Aspera is vulnerable to an XML external entity...

9.9CVSS8AI score0.01343EPSS
Exploits0Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 5:45 p.m.48 views

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21968 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to...

7.4CVSS6.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/08 6:23 p.m.48 views

Security Bulletin: CVE-2022-4415 may affect IBM CICS TX Advanced 10.1

Summary CVE-2022-4415 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker to obtain sensitive information, caused by not respecting fs.suiddumpab...

5.5CVSS5.3AI score0.00867EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/02 2:28 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2023. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 6:20 p.m.48 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes (CVE-2022-3162, CVE-2022-3294)

Summary Multiple vulnerabilities in Kubernetes used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-3162 DESCRIPTION: Kubernetes kube-apiserver could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization. An...

8.8CVSS7.5AI score0.01618EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 2:29 a.m.48 views

Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability in Apache Commons Text (CVE-2022-42889)

Summary A remote code execution vulnerability in Apache Commons Text used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 7:7 p.m.48 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-31030 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...

5.5CVSS5.4AI score0.00377EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 5:28 p.m.48 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-24772 DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature verification when checking for tailing garbage byt...

7.5CVSS7.4AI score0.01015EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 8:35 a.m.48 views

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...

7.8CVSS6.9AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:45 a.m.48 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows may be vulnerable to arbitrary code execution due to [CVE-2021-43138]

Summary Node.js module async is used by IBM App Connect Enterprise Certified Container as part of the Node.js runtime. IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows may be vulnerable to arbitrary code execution. This bulletin provides patch...

7.8CVSS8.8AI score0.03346EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000