Lucene search
K
IbmMost viewed

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.48 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-3183)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...

5CVSS6.1AI score0.73327EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo fo...

3.4CVSS4.3AI score0.99999EPSS
Exploits8Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/21 10:0 a.m.48 views

Security Bulletin: A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Nodejs follow-redirects affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details CVEID:CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused b...

5.9CVSS5.1AI score0.0126EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 6:51 p.m.48 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Process Server and WebSphere Process Server Hypervisor Editions (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Full Profile and IBM WebSphere Application Server Hypervisor Edition that is used by WebSphere Process Server and WebSphere Process Server Hypervisor Editions...

4.3CVSS4.6AI score0.03262EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/02 4:36 a.m.48 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-22365)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.9CVSS5.6AI score0.00553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/11 2:44 p.m.48 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker to cause a denial of service or low integrity impact due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an unauthorized attacker causing a denial of service or causing a low integrity impact on the server as described in the vulnerability details section. IBM i has addressed the...

5.3CVSS6.3AI score0.06468EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/10 4:30 p.m.48 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to information disclosure CVE-2022-30629

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to information disclosure CVE-2022-30629 with details below Vulnerability Details CVEID:CVE-2022-30629 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a...

3.1CVSS7.2AI score0.0088EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 8:10 p.m.48 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Service Tester (CVE-2021-35550)

Summary A vulnerability in IBM SDK Java Version 1.8 and IBM Runtime Environment Java Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to th...

7.1CVSS5.9AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 11:50 a.m.48 views

Security Bulletin: IBM Partner Engagement Manager is vulnerable to improper restriction of XXE (CVE-2022-22358)

Summary IBM Sterling Partner Engagement Manager has addressed an XXE vulnerability. Vulnerability Details CVEID:CVE-2022-22358 DESCRIPTION: IBM Sterling Partner Engagement Manager is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploi...

7.1CVSS6.9AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/15 11:4 p.m.48 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2022-22477)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

6.1CVSS1.9AI score0.00495EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 5:25 p.m.48 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary There are multiple vulnerabilities in OpenSSL which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when...

10CVSS1.4AI score0.83223EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 6:26 p.m.48 views

Security Bulletin: Multiple security vulnerabilities fixed in IBM Security Verify Access Appliance (CVE-2022-23308, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712)

Summary Multiple security vulnerabilities found in IBM Security Verify Access Appliance have been fixed. Vulnerability Details CVEID: CVE-2022-23308 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID and IDREF attributes. A remote attacker could exploi...

7.5CVSS1.5AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/01 7:5 a.m.48 views

Security Bulletin: Remote code execution vulnerability affect IBM Business Automation Workflow - CVE-2021-43138

Summary IBM Business Automation Workflow is vulnerable to a remote code execution attack. Vulnerability Details CVEID: CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues method. By persuading a...

7.8CVSS2.8AI score0.03346EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 10:28 p.m.48 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2021-35550, CVE-2021-35603)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™, used by IBM Spectrum Protect Operations Center and Client Management Service, may be affected by the below vulnerabilities CVEs...

7.1CVSS2.3AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 3:10 p.m.48 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unauthorized data access due to IBM Java (CVE-2021-35550)

Summary IBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by an unauthorized data access issue in IBM Java...

7.1CVSS0.9AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/21 4:23 p.m.48 views

Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35550)

Summary IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

7.1CVSS1.1AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/20 4:1 p.m.48 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift

Summary IBM Security Guardium has fixed these vulnerabilities by updating the Apache Thrift component. Vulnerability Details CVEID: CVE-2016-5397 DESCRIPTION: Apache Thrift could allow a remote attacker to execute arbitrary commands on the system, caused by the use of an external formatting tool...

9CVSS1.2AI score0.09082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 8:7 a.m.48 views

Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...

9.8CVSS0.8AI score0.85315EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.48 views

Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses gdal version 1.7.2. IBM Netezza Analytics for NPS has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2011-3045 DESCRIPTION: libpng is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the pnginflate...

9.8CVSS9.5AI score0.43382EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2014-6457, CVE-2014-3065, CVE-2014-3566, CVE-2014-6511)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR7 which is used by the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. This also includes a fix for the Padding Oracle On Downgraded Legacy...

6.9CVSS4.8AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 6:53 a.m.48 views

Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2022-21341, CVE-2022-21294, CVE-2022-21293 and CVE-2022-21248) affects Power HMC

Summary IBM Java is used by IBM Power Hardware Management Console HMC for running java applications and services. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-21341, CVE-2022-21294, CVE-2022-21293 and CVE-2022-21248 by upgrading IBM Power Hardware Management...

5.3CVSS1.2AI score0.08346EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 6:37 p.m.48 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-24025 DESCRIPTION: node-sass...

8.6CVSS1AI score0.15014EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 10:9 a.m.48 views

Security Bulletin: Multiple vulnerabilities exist in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle January 2022 Critical Patch Update. CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340...

5.3CVSS6.2AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/20 1:5 p.m.48 views

Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926)

Summary There is a vulnerability in the Curl open source library. Curl is used by IBM Cloud Private to transfer data . The vulnerability could allow a remote attacker to bypass security restrictions. This bulletin identifies the security fixes to apply to address the Curl vulnerability...

7.5CVSS7.2AI score0.0982EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/28 11:33 a.m.48 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer components that use Designer flows may be vulnerable to CVE-2022-1233

Summary Node.js module URI.js is used by IBM App Connect Enterprise Certified Container for processing URIs in Designer flows. IBM App Connect Enterprise Certified Container IntegrationServers that Designer flows may be vulnerable to CVE-2022-1233. This bulletin provides patch information to...

7.8CVSS1.1AI score0.0332EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 9:58 a.m.48 views

Security Bulletin: Denial of service vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2016-8610)

Summary IBM Initiate Master Data Service and IBM InfoSphere Master Data Management are vulnerable to a OpenSSL denial of service attack and could cause the application to stop responding. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service...

5CVSS0.9AI score0.39657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 9:39 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped in IBM WebSphere Application Server Patterns

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server CVE-2021-45960, CVE-2022-22822, CVE-2022-23990,...

9.8CVSS1.3AI score0.04829EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/15 3:35 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

Summary There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server CVE-2022-25313, CVE-2022-25315, CVE-2022-25235,CVE-2022-25236. This has been addressed. Vulnerability Details CVEID: CVE-2022-25236 DESCRIPTION: libexpat is...

9.8CVSS10AI score0.34174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 3:29 p.m.48 views

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their January 2022 Vulnerability Advisory. For more information please refer to OpenJDK's January 2022 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:...

5.3CVSS5.2AI score0.08346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 8:10 p.m.48 views

Security Bulletin: Apache Log4j vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-17571)

Summary Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. This vulnerability affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2019-1757...

9.8CVSS9.3AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:59 p.m.48 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)

Summary Node.js denial of service vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-9511 Description: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...

7.8CVSS7.6AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:50 p.m.48 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Tivoli Storage Productivity Center (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Tivoli Storage Productivity Center. UPDATED 1/29/2018: Even after fixing this vulnerability some vulnerability checks might still demand for an even tighter fix. A more comprehensive fix has bee...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/21 9:3 a.m.48 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability...

4.3CVSS5.7AI score0.04238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/27 2:8 a.m.48 views

Security Bulletin: IBM Watson Machine Learning in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Watson Machine Learning in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...

10CVSS1.2AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 3:33 p.m.48 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Risk Manager (CVE-2021-45105, CVE-2021-45046)

Summary IBM Data Risk Manager IDRM 2.0.6.10 and earlier is impacted by Log4j CVE-2021-45105, CVE-2021-45046. This vulnerability has been addressed in the updated version of IDRM 2.0.6.11 which includes Apache Log4j 2.17.1. Please see remediation steps below to apply fix. All customers encouraged ...

10CVSS0.6AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 3:23 p.m.48 views

Security Bulletin: A vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44832)

Summary A security vulnerability has been identified in the Apache Log4j library that could allow a remote attacker to execute arbitrary code on the system. The Log4j library is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerabilit...

8.5CVSS1.6AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/05 9:21 p.m.48 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty which are bundled in IBM WebSphere Hybrid Edition (CVE-2021-4104, CVE-2021-45046)

Summary Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty CVE-2021-4104, CVE-2021-45046. Both IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are bundled with IBM WebSphere Hybrid Edition...

9CVSS1.5AI score0.99977EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/02 1:53 p.m.48 views

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 (CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j affect the logging infrastructure in the TADataCollector command line tool in IBM App Connect Enterprise v11, v12. IBM App Connect Enterprise V11, V12 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus v10 and v9...

10CVSS0.6AI score0.99999EPSS
Exploits353
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/29 4:41 a.m.48 views

Security Bulletin: A vulnerability in Apache Log4j affects IBM Db2 Web Query for i (CVE-2021-45105)

Summary There is a vulnerability in Apache Log4j as described in the vulnerability details section. Apache Log4j v2.16 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in Db2 Web Query for i. Vulnerability...

5.9CVSS1.1AI score0.99999EPSS
Exploits20Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/28 8:32 p.m.48 views

Security Bulletin: Apache Log4j vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches.

Summary Apache Log4j Java logging library vulnerability - CVE-2021-45046 affecting versions prior to v2.16 impacts DCNM Network Management Software. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of...

10CVSS0.8AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/26 9:9 p.m.48 views

Security Bulletin: Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Subscription

Summary There are vulnerabilities in the version of Log4j that is part of IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the...

10CVSS1.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 10:7 a.m.48 views

Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability.

Summary App Connect Professional have addressed the following vulnerability reported in GNU C Library. Vulnerability Details CVEID: CVE-2021-33574 DESCRIPTION: GNU C Library aka glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the mqnotify function. By sending a...

9.8CVSS8.5AI score0.02898EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 10:5 a.m.48 views

Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability.

Summary App Connect Professional have addressed the following vulnerability reported in GNU C Library. Vulnerability Details CVEID: CVE-2020-27618 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by an error when processing some invalid inputs from severa...

5.5CVSS7.1AI score0.00887EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 10:3 p.m.48 views

Security Bulletin: Apache Log4J Vulnerability affects Watson Studio in Cloud Pak for Data (CVE-2021-44228)

Summary Apache Log4j is used for logging in Watson Studio in Cloud Pak for Data is impacted by the Apache Log4j vulnerability CVE-2021-44228. Customers are encouraged to take quick action to update their systems. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 8:53 a.m.48 views

Security Bulletin: Apache Log4j Affects IBM Sterling Connect:Direct File Agent (CVE-2021-44228)

Summary There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code o...

10CVSS1.2AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 6:5 p.m.48 views

Security Bulletin: March 2016 OpenSSL Vulnerabilities affect Multiple N series Products

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by Multiple N series. Multiple N series has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a...

10CVSS8.8AI score0.53655EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 7:41 a.m.48 views

Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.

Summary WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb. These vulnerabilities are addressed in App connect professional v7.5.4.0 and v7.5.5.0, customer can migrate to these versions without incurring any...

10CVSS10.8AI score0.55874EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/14 8:39 p.m.48 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with WebSphere Remote Server

Summary IBM Db2 is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

8.7CVSS6.4AI score0.01482EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/14 5:4 a.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus (CVE-2021-3712)

Summary Vulnerabilities in OpenSSL affect IBM Integration Bus The DataDirect ODBC Drivers & Nodejs used by IBM Integration Bus have addressed the applicable CVEs Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused b...

7.4CVSS7.4AI score0.50445EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/09 4:57 p.m.48 views

Security Bulletin: March 2021 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE cou...

9.8CVSS9.5AI score0.03122EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000