Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 2:2 p.m.48 views

Security Bulletin: IBM Java SDK update forJava deserialization filters (JEP 290) ignored during IBM ORB deserialization

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 for Java deserialization filters JEP 290 ignored during IBM ORB deserialization that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues we...

9.8CVSS9.2AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 3:34 p.m.48 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include gaining elevated privileges, obtaining sensitive information, causing the system to crash, causing denial of service conditions, an attacker could exploit the vulnerability to...

7.8CVSS9.3AI score0.12966EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 4:25 p.m.48 views

Security Bulletin: Watson Query potentially exposes adminstrator's key under some conditions due to CVE-2022-22410

Summary Watson Query is vulnerable to an internal attacker who can use an exposed administrator APIKEY to potentially alter system configuration or view customer data. The APIKEY is used to automatically create connections and assets to help reduce workload for the user. However, in some...

7.2CVSS5.6AI score0.007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 11:54 a.m.48 views

Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard

Summary Summary: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a...

7.5CVSS7.5AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 10:38 a.m.48 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

9.8CVSS8.7AI score0.17044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/04 7:15 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Apr 2023. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle...

9.1CVSS8.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 4:16 a.m.48 views

Security Bulletin: IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2455)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2023-2455 DESCRIPTION: PostgreSQL could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with row security policies disregard user ID changes aft...

5.4CVSS6.2AI score0.00694EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 9:29 a.m.48 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js CVE-2023-0842. The latest Fix Pack includes xml2js version 5.0 Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary...

5.3CVSS6.1AI score0.01404EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 2:28 p.m.48 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-35890)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security CVE-2023-35890 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products a...

5.5CVSS5.3AI score0.00122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 7:33 p.m.48 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2023-28513)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-28513 DESCRIPTION: IBM MQ, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. CVSS Base score: 5.9 CVSS Temporal Score: See:...

7.5CVSS6.4AI score0.00962EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 11:7 a.m.48 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-22978

Summary There is a vulnerability in Spring Security that could allow an remote attacker to bypass security restrictions and obtain access to the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.8CVSS9.2AI score0.10037EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/22 5:23 p.m.48 views

Security Bulletin: CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1

Summary CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-45142 DESCRIPTION: Heimdal could allow a remote attacker to obtain sensitive information,...

7.5CVSS7.4AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 5:31 p.m.48 views

Security Bulletin: Vulnerabilities in Node.js, XStream, Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, XStream, and Linux kernel. Vulnerabilities include causing a denial of service condition and HTTP request smuggling, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...

7.5CVSS8.1AI score0.19653EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 10:11 p.m.48 views

Security Bulletin: IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated CVE-2023-27871, CVE-2023-27873 and mitigated CVE-2023-27874 in IBM Aspera Faspex 4.4.2 PL3. Vulnerability Details CVEID:CVE-2023-27874 DESCRIPTION: IBM Aspera is vulnerable to an XML external entity...

9.9CVSS8AI score0.01343EPSS
Exploits0Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/08 6:23 p.m.48 views

Security Bulletin: CVE-2022-4415 may affect IBM CICS TX Advanced 10.1

Summary CVE-2022-4415 may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker to obtain sensitive information, caused by not respecting fs.suiddumpab...

5.5CVSS5.3AI score0.00867EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/02 2:28 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2023. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 6:20 p.m.48 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes (CVE-2022-3162, CVE-2022-3294)

Summary Multiple vulnerabilities in Kubernetes used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-3162 DESCRIPTION: Kubernetes kube-apiserver could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization. An...

8.8CVSS7.5AI score0.01618EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 2:29 a.m.48 views

Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability in Apache Commons Text (CVE-2022-42889)

Summary A remote code execution vulnerability in Apache Commons Text used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure...

9.8CVSS9.9AI score0.99931EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 5:28 p.m.48 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-24772 DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature verification when checking for tailing garbage byt...

7.5CVSS7.4AI score0.01015EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 8:35 a.m.48 views

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...

7.8CVSS6.9AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:45 a.m.48 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows may be vulnerable to arbitrary code execution due to [CVE-2021-43138]

Summary Node.js module async is used by IBM App Connect Enterprise Certified Container as part of the Node.js runtime. IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows may be vulnerable to arbitrary code execution. This bulletin provides patch...

7.8CVSS8.8AI score0.03346EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/27 5:18 p.m.48 views

Security Bulletin: CVE-2022-21541, CVE-2022-21540 may affect TXSeries for Multiplatforms on HP platform.

Summary Multiple CVEs - CVE-2022-21541, CVE-2022-21540 may affect IBM Java used by TXSeries for Multiplatforms on HP platform. TXSeries for Multiplatforms has addressed the applicable CVEs. Updated Java is provided as special fix and fix is uploaded to Fix Central. Vulnerability Details...

5.9CVSS6.3AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 6:2 p.m.48 views

Security Bulletin: Golang Go vulnerability

Summary Golang Go is vulnerable to HTTP request smuggling and to a denial of service attack. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sending a specially-crafted HTTPS transfer-encodi...

7.5CVSS7.7AI score0.02513EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2015-8138 CVE-2015-5300)

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following vulnerabilities in ntp. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following...

7.5CVSS6.9AI score0.0913EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Advanced Management Module (AMM)

Summary OpenSSL vulnerabilities affect IBM BladeCenter Advanced Management Module AMM. Vulnerability Details Summary OpenSSL vulnerabilities affect IBM BladeCenter Advanced Management Module AMM. Vulnerability Details CVE-ID: CVE-2015-3194 Description: OpenSSL is vulnerable to a denial of service...

10CVSS7.4AI score0.44016EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Integrated Management Module II IMM2. Vulnerability Details Summary OpenSSL...

8.5CVSS9.2AI score0.9986EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Vulnerability in libxml2 affects IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter (CVE-2017-8872)

Summary IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter has addressed the following vulnerability in libxml2. Vulnerability Details Summary IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter has addressed the following vulnerability in libxml2. Vulnerability Details CVEID:...

9.1CVSS8.5AI score0.02306EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.48 views

Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable CVEs are CVE-2017-18017 and...

10CVSS7.8AI score0.52189EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 5:41 p.m.48 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component

Summary Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Security Verify...

7.5CVSS7.1AI score0.09149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/20 2:40 p.m.48 views

Security Bulletin: Vulnerability in Node.js affects IBM Voice Gateway

Summary Security Vulnerability in Node.js affects IBM Voice Gateway. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a...

7.5CVSS7AI score0.02209EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 8:50 p.m.48 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to a denial of service due to ISC BIND (CVE-2022-38177, CVE-2022-38178).

Summary ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of it's Antivirus and Watson NLP container images. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:CVE-2022-38177 DESCRIPTION: ISC BIND is vulnerable to...

7.5CVSS7.7AI score0.02299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 3:42 p.m.48 views

Security Bulletin: IBM MQ is affected by a denial of service vulnerability due to an error within the CCDT and channel synchronization logic (CVE-2022-40237)

Summary An issue was identifed within the MQ channel processing when a channel CCDT file contains invalid or corrupted records. Vulnerability Details CVEID:CVE-2022-40237 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization...

7.5CVSS7.1AI score0.00655EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 4:41 p.m.48 views

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2022-3437)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code or denial of the service on the system. Vulnerability Details CVEID:CVE-2022-3437 DESCRIPTION: Samba is vulnerable to a buffer overflow,...

6.5CVSS8.5AI score0.0369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:47 p.m.48 views

Security Bulletin: There is a vulnerability in Node.js used IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)

Summary There is a vulnerability in Node.js used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...

7.5CVSS7.3AI score0.02828EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:33 p.m.48 views

Security Bulletin: There is a vulnerability in Eclipse Jetty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-2047)

Summary There is a vulnerability in Eclipse Jetty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpUR...

4CVSS5.3AI score0.01173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 2:54 p.m.48 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2022-43902)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2022-43902 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. CVSS Base score: 6.5 CVSS Temporal Score: See:...

7.5CVSS6.8AI score0.00785EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 5:34 p.m.48 views

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-1629 DESCRIPTION: Vim is vulnerable to a buffer overflow, caused...

9.1CVSS9.1AI score0.04654EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 3:6 p.m.48 views

Security Bulletin: FasterXML-jackson-databinds vulnerabilities affect IBM Operations Analytics Predictive Insights (CVE-2022-42004,CVE-2022-42003)

Summary FasterXML-jackson-databind is used by IBM Operations Analytics Predictive Insights REST Meditation utility tool only. If you do not have this utility installed you are not affected by this bulletin, otherwise, apply the recommended remediation fixes. Vulnerability Details...

7.5CVSS7.3AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.48 views

Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2015-3194)

Summary There is a vulnerability in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could cause a system to crash. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a...

7.5CVSS7.6AI score0.44016EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 2:59 a.m.48 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SnakeYaml code execution (CVE-2022-1471)

Summary Potential code execution vulnerability in snakeYAML-CVE-2022-1471 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

9.8CVSS9.4AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.48 views

Security Bulletin: A vulnerability (CVE-2022-24839) in WebSphere Application Server Liberty affects IBM CICS TX Standard

Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard. The fix removes vulnerability CVE-2022-24839, in the Neko HTML library used by IBM WebSphere Application Server Liberty, that could allow a remote attacker to cause a denial of service condition. Vulnerability Details...

7.5CVSS7.3AI score0.02114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.48 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2020-29652 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the...

8.1CVSS7.5AI score0.21052EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 8:51 p.m.48 views

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take...

9.8CVSS8.8AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 12:6 p.m.48 views

Security Bulletin: IBM MQ Appliance is vulnerable to improper session invalidation (CVE-2022-40230)

Summary IBM MQ Appliance has resolved an improper session validation vulnerability. Vulnerability Details CVEID:CVE-2022-40230 DESCRIPTION: IBM MQ Appliance does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. CVSS Base score:...

6.5CVSS6.3AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 9:27 p.m.48 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Node.js follow-redirects is used by IBM Robotic Process Automation as part of API Server functionality CVE-2022-0536. Madialize URI.js module for NPM is used by IBM Robotic Process Automation as par...

7.8CVSS7.7AI score0.01995EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 4:58 p.m.48 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Google Protocol Buffers

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Google Protocol Buffers. Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the...

7.5CVSS7.3AI score0.01191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 4:40 p.m.48 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By usin...

7.5CVSS7.4AI score0.0486EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 4:23 p.m.48 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID:CVE-2022-0561 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in memcpy function in TIFFFetchStripThing in...

5.5CVSS6.1AI score0.0125EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 11:56 a.m.48 views

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks (CVE-2022-40153)

Summary XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks DoS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service...

8.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 8:46 p.m.48 views

Security Bulletin: Multiple Security vulnerabilities in Java may affect IBM Robotic Process Automation for Cloud Pak (CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399)

Summary There are multiple security vulnerabilities in the Java used by IBM Robotic Process Automation as part of the it's infrastructure, license management, NLP, and UMS capability. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

5.3CVSS5.8AI score0.02376EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000