Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/04/27 5:18 p.m.48 views

Security Bulletin: CVE-2022-21541, CVE-2022-21540 may affect TXSeries for Multiplatforms on HP platform.

Summary Multiple CVEs - CVE-2022-21541, CVE-2022-21540 may affect IBM Java used by TXSeries for Multiplatforms on HP platform. TXSeries for Multiplatforms has addressed the applicable CVEs. Updated Java is provided as special fix and fix is uploaded to Fix Central. Vulnerability Details...

5.9CVSS6.3AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 6:2 p.m.48 views

Security Bulletin: Golang Go vulnerability

Summary Golang Go is vulnerable to HTTP request smuggling and to a denial of service attack. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sending a specially-crafted HTTPS transfer-encodi...

7.5CVSS7.7AI score0.02513EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Advanced Management Module (AMM)

Summary OpenSSL vulnerabilities affect IBM BladeCenter Advanced Management Module AMM. Vulnerability Details Summary OpenSSL vulnerabilities affect IBM BladeCenter Advanced Management Module AMM. Vulnerability Details CVE-ID: CVE-2015-3194 Description: OpenSSL is vulnerable to a denial of service...

10CVSS7.4AI score0.44016EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Vulnerability in libxml2 affects IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter (CVE-2017-8872)

Summary IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter has addressed the following vulnerability in libxml2. Vulnerability Details Summary IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter has addressed the following vulnerability in libxml2. Vulnerability Details CVEID:...

9.1CVSS8.5AI score0.02306EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2015-8138 CVE-2015-5300)

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following vulnerabilities in ntp. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter systems have addressed the following...

7.5CVSS6.9AI score0.0913EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Integrated Management Module II IMM2. Vulnerability Details Summary OpenSSL...

8.5CVSS9.2AI score0.9986EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.48 views

Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable CVEs are CVE-2017-18017 and...

10CVSS7.8AI score0.52189EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 5:41 p.m.48 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component

Summary Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Security Verify...

7.5CVSS7.1AI score0.09149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/20 2:40 p.m.48 views

Security Bulletin: Vulnerability in Node.js affects IBM Voice Gateway

Summary Security Vulnerability in Node.js affects IBM Voice Gateway. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a...

7.5CVSS7AI score0.02209EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 8:50 p.m.48 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to a denial of service due to ISC BIND (CVE-2022-38177, CVE-2022-38178).

Summary ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of it's Antivirus and Watson NLP container images. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:CVE-2022-38177 DESCRIPTION: ISC BIND is vulnerable to...

7.5CVSS7.7AI score0.02299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 3:42 p.m.48 views

Security Bulletin: IBM MQ is affected by a denial of service vulnerability due to an error within the CCDT and channel synchronization logic (CVE-2022-40237)

Summary An issue was identifed within the MQ channel processing when a channel CCDT file contains invalid or corrupted records. Vulnerability Details CVEID:CVE-2022-40237 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization...

7.5CVSS7.1AI score0.00655EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 4:41 p.m.48 views

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2022-3437)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code or denial of the service on the system. Vulnerability Details CVEID:CVE-2022-3437 DESCRIPTION: Samba is vulnerable to a buffer overflow,...

6.5CVSS8.5AI score0.0369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:47 p.m.48 views

Security Bulletin: There is a vulnerability in Node.js used IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)

Summary There is a vulnerability in Node.js used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...

7.5CVSS7.3AI score0.02828EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/01 9:0 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of...

8.1CVSS8.7AI score0.59501EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/28 2:54 p.m.48 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2022-43902)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2022-43902 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. CVSS Base score: 6.5 CVSS Temporal Score: See:...

7.5CVSS6.8AI score0.00785EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 5:34 p.m.48 views

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-1629 DESCRIPTION: Vim is vulnerable to a buffer overflow, caused...

9.1CVSS9.1AI score0.04654EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 3:6 p.m.48 views

Security Bulletin: FasterXML-jackson-databinds vulnerabilities affect IBM Operations Analytics Predictive Insights (CVE-2022-42004,CVE-2022-42003)

Summary FasterXML-jackson-databind is used by IBM Operations Analytics Predictive Insights REST Meditation utility tool only. If you do not have this utility installed you are not affected by this bulletin, otherwise, apply the recommended remediation fixes. Vulnerability Details...

7.5CVSS7.3AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.48 views

Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2015-3194)

Summary There is a vulnerability in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could cause a system to crash. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a...

7.5CVSS7.6AI score0.44016EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 2:59 a.m.48 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SnakeYaml code execution (CVE-2022-1471)

Summary Potential code execution vulnerability in snakeYAML-CVE-2022-1471 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

9.8CVSS9.4AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.48 views

Security Bulletin: A vulnerability (CVE-2022-24839) in WebSphere Application Server Liberty affects IBM CICS TX Standard

Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard. The fix removes vulnerability CVE-2022-24839, in the Neko HTML library used by IBM WebSphere Application Server Liberty, that could allow a remote attacker to cause a denial of service condition. Vulnerability Details...

7.5CVSS7.3AI score0.02114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.48 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2020-29652 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the...

8.1CVSS7.5AI score0.21052EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 8:51 p.m.48 views

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take...

9.8CVSS8.8AI score0.14839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 12:6 p.m.48 views

Security Bulletin: IBM MQ Appliance is vulnerable to improper session invalidation (CVE-2022-40230)

Summary IBM MQ Appliance has resolved an improper session validation vulnerability. Vulnerability Details CVEID:CVE-2022-40230 DESCRIPTION: IBM MQ Appliance does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. CVSS Base score:...

6.5CVSS6.3AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/03 4:21 p.m.48 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js command execution vulnerability (CVE-2022-43548)

Summary Potential command execution vulnerability in Node.js CVE-2022-43548 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attack...

8.1CVSS8.4AI score0.14024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 9:27 p.m.48 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Node.js follow-redirects is used by IBM Robotic Process Automation as part of API Server functionality CVE-2022-0536. Madialize URI.js module for NPM is used by IBM Robotic Process Automation as par...

7.8CVSS7.7AI score0.01995EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 4:58 p.m.48 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Google Protocol Buffers

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Google Protocol Buffers. Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the...

7.5CVSS7.3AI score0.01191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 4:40 p.m.48 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By usin...

7.5CVSS7.4AI score0.0486EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 4:23 p.m.48 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID:CVE-2022-0561 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in memcpy function in TIFFFetchStripThing in...

5.5CVSS6.1AI score0.0125EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 11:56 a.m.48 views

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks (CVE-2022-40153)

Summary XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks DoS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service...

8.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 8:46 p.m.48 views

Security Bulletin: Multiple Security vulnerabilities in Java may affect IBM Robotic Process Automation for Cloud Pak (CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399)

Summary There are multiple security vulnerabilities in the Java used by IBM Robotic Process Automation as part of the it's infrastructure, license management, NLP, and UMS capability. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

5.3CVSS5.8AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.48 views

Security Bulletin: Redhat glibc Vulnerability affects Watson Speech Services

Summary A Redhat glibc Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-27645 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by...

2.5CVSS6.3AI score0.00374EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.48 views

Security Bulletin: glibc Vulnerability affects Watson Speech Services

Summary A Redhat glibc Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtai...

9.1CVSS9AI score0.02678EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 7:5 a.m.48 views

Security Bulletin: TADDM affected by vulnerabilities in UnZip.

Summary UnZip.exe is used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2021-4217, CVE-2022-0529, CVE-2022-0530 Publicly disclosed vulnerabilities Vulnerability Details CVEID:CVE-2021-4217 DESCRIPTION: Info-ZIP UnZip could allow a remote attacker to execute...

5.5CVSS6.8AI score0.02421EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/05 12:58 a.m.48 views

Security Bulletin: AIX is affected by a root privilege escalation vulnerability (CVE-2022-41290)

Summary A vulnerability in the AIX rmmlcachefile user command could allow a non-privileged local user to obtain root privileges CVE-2022-41290. Vulnerability Details CVEID:CVE-2022-41290 DESCRIPTION: IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a...

8.4CVSS8.1AI score0.00189EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 3:15 p.m.48 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability - IBM JDK 8.0.7.16 and earlier

Summary IBM® Security SOAR includes an older version of IBM JDK that may be identified and exploited. An update has been released which addresses these issues. The version of IBM JDK included in the latest version of IBM Security Soar is 8.0.7.20. Vulnerability Details CVEID:CVE-2022-21628...

6.5CVSS5.8AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 2:56 p.m.48 views

Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Eclipse Jetty code libraries (Multiple CVEs)

Summary The 'Netcool MIb Manager GUI' use a version of the Eclipse Jetty libary that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Jetty 9.4.48. Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service,...

7.5CVSS6.7AI score0.0227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.48 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function...

7.8CVSS9AI score0.70561EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 1:1 p.m.48 views

Security Bulletin: Information disclosure in FasterXML Jackson Dataformats affect IBM Operations Analytics - Log Analysis (CVE-2020-28491)

Summary FasterXML jackson-dataformat-cbor is susceptible to denial of service, caused by java.lang.OutOfMemoryError exception. Vulnerability Details CVEID:CVE-2020-28491 DESCRIPTION: FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of by...

7.5CVSS7.3AI score0.03074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/21 8:41 p.m.48 views

Security Bulletin: A security vulnerability has been identified in IBM Jazz for Service Management shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-35722)

Summary IBM Jazz for Service Management JazzSM is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting JazzSM has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-35722 DESCRIPTION: IBM Jazz for Service Management...

5.4CVSS5.5AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/18 3:8 a.m.48 views

Security Bulletin: Potential vulnerability in Apache Commons Configuration affect IBM Operations Analytics - Log Analysis (CVE-2022-33980)

Summary Vulnerability in Apache Commons Configuration could allow remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the syste...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 8:43 a.m.48 views

Security Bulletin: Vulnerability in Netty shipped with IBM Operations Analytics - Log Analysis (CVE-2019-20444)

Summary Netty prior to version 4.1.44 is vulnerable to HTTP request smuggling. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker could exploit...

9.1CVSS8.9AI score0.08914EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 10:43 a.m.48 views

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Elastic Storage System. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not...

8.8CVSS9.2AI score0.12403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/11 6:8 p.m.48 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server

Summary IBM WebSphere Application Server is shipped with IBM Security Directory Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

6.1CVSS6.5AI score0.00689EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/07 4:1 p.m.48 views

Security Bulletin: IBM Java XML vulnerability affects Liberty for Java for IBM Cloud due to CVE-2022-21299 deferred from Oracle Jan 2022 CPU

Summary CVE-2022-21299 was disclosed as part of the Oracle January 2022 Critical Patch Update and it affects Liberty for Java for IBM Cloud. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated...

5.3CVSS5.6AI score0.03458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.48 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to a remote attacker bypassing security restrictions due to node.js got module (CVE-2022-33987)

Summary Node.js got module is used by IBM Robotic Process Automation as part of the web carbon framework. CVE-2022-33987. The fix includes carbon-components 10.56.0. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security...

5.3CVSS6.2AI score0.01855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.48 views

Security Bulletin: IBM Robotic Process Automation may be vulnerable to denial of service due to microsoft.owin.security.cookies (CVE-2022-29117)

Summary microsoft.owin.security.cookies is used by IBM Robotic Process Automation as part of Miscrosoft ASP.NET. CVE-2022-29117 Vulnerability Details CVEID:CVE-2022-29117 DESCRIPTION: Microsoft ASP.NET and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request...

7.5CVSS7.2AI score0.04913EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.48 views

Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- Red Hat| RHSA-2013-0587| Moderate:...

10CVSS7.2AI score0.73364EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Data Studio Web Console due to vulnerabilities in IBM Java Runtime Environment.

Abstract IBM Data Studio Web Console uses the IBM Java Runtime Environment JRE and might be affected by vulnerabilities in the IBM JRE. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: An unspecified vulnerability within the JSSE component could allow a remote attacker to cause a...

5CVSS6.7AI score0.35584EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.48 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-3183)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...

5CVSS6.1AI score0.73327EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo fo...

3.4CVSS4.3AI score0.99999EPSS
Exploits8Affected Software14
Total number of security vulnerabilities5000