Lucene search
K
IbmMost viewed

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:31 a.m.48 views

Security Bulletin: Vulnerabilities in curl affect Power Hardware Management Console (CVE-2015-3143 CVE-2015-3148 CVE-2015-3153 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150)

Summary curl is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently...

5CVSS8.7AI score0.17942EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/08 12:40 p.m.48 views

Security Bulletin: CVE-2021-2161 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary CVE-2021-2161 was disclosed in the Oracle April 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high...

5.9CVSS0.4AI score0.03125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/23 5:48 a.m.48 views

Security Bulletin: CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary Under certain circumstances, encrypted LDAP connections can be downgraded to unencrypted connections. The fix ensures that encrypted LDAP connections cannot be downgraded in this way. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related ...

4.3CVSS0.5AI score0.02296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/16 3:9 p.m.48 views

Security Bulletin: Prototype pollution flaw in y18n in IBM DataPower Gateway

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, an attacker could exploit this...

9.8CVSS4.1AI score0.69062EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/02 8:47 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions, specifically Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Spectrum Conductor with Spark 2.2.0 and 2.2.1. These issues were disclosed as part of the IBM Java SDK updates in April 2018...

8.3CVSS0.6AI score0.15141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:6 a.m.48 views

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources...

7.5CVSS0.6AI score0.7795EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:4 a.m.48 views

Security Bulletin: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator, affecting IBM Cloud Pak for Applications

Summary An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator, affecting IBM Cloud Pak for Applications Vulnerability Details CVEID: CVE-2020-10756 DESCRIPTION: libslirp could allow a local authenticated attacker to obtain sensitive information,...

6.5CVSS0.6AI score0.0051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:0 a.m.48 views

Security Bulletin: IBM Security Privileged Identity Manager is affected by vulnerability in Java SE (CVE-2020-14579)( CVE-2020-14578)(CVE-2020-14577)

Summary IBM Security Privileged Identity Manager has addressed a command execution vulnerability in Java SE related to the Libraries component Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

4.3CVSS5.8AI score0.04044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/22 10:30 a.m.48 views

Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform

Summary Multiple Oracle Database server security vulnerabilities affect IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2245 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Unified Audit...

5.3CVSS4.9AI score0.01654EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 9:30 p.m.48 views

Security Bulletin: Security vulnerabilities affecting IBM InfoSphere Optim Performance Manager (CVE-2015-1916, CVE-2015-0488)

Summary This advisory covers all the issues disclosed by Oracle in their April 2015 Critical Patch Update CPU, plus additional CVEs which are specific to the IBM JRE/SDK. Vulnerability Details CVE-2015-1916 Description: Server applications which use the IBM Java Secure Socket Extension provider t...

5CVSS4.8AI score0.04204EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/24 4:12 p.m.48 views

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in Eclipse Jetty used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28163 DESCRIPTION: In Eclipse Jetty 9.4.32 to...

7.8CVSS0.9AI score0.82371EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/04 4:40 p.m.48 views

Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)

Summary The cURL libcurl vulnerabilities CVE-2020-8284, CVE-2020-8286 and CVE-2020-8285 impacts Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0.0 and earlier. The fix is delivered in Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.1.0...

7.5CVSS0.9AI score0.09917EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/20 6:6 p.m.48 views

Security Bulletin: IBM MQ is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition (CVE-2020-27221)

Summary An issue was identified in the IBM® Runtime Environment Java™ Technology Edition shipped with IBM MQ. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8...

9.8CVSS1.4AI score0.01532EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 7:34 p.m.48 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an...

7.8CVSS1AI score0.77385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.48 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2015-5174, others)

Summary The Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational Requirements...

8.8CVSS0.2AI score0.1838EPSS
Exploits0Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.48 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

9.1CVSS0.5AI score0.1684EPSS
Exploits1Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 6:3 a.m.48 views

Security Bulletin: dom4j Vulnerability in Apache Solr shipped with IBM Operations Analytics - Log Analysis Analysis (CVE-2018-1000632)

Summary There is an XML Injection vulnerability in dom4j that affects Apache Solr. Vulnerability Details CVEID: CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a...

7.5CVSS1.8AI score0.0657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/12 10:46 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability ...

9.8CVSS3AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/06 1:51 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-14803...

9.8CVSS1AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/23 4:28 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2020-14803, CVE-2020-27221)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle January 2021 Critical Patch Update, plus CVE-2020-27221. Vulnerabili...

9.8CVSS1.6AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/12 7:31 p.m.48 views

Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-23840 and CVE-2021-23841

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this...

7.5CVSS2.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 11:5 a.m.48 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-8277

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-8277. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit thi...

7.5CVSS1.6AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/03 4:5 p.m.48 views

Security Bulletin: IBM MQ Appliance is affected by libxslt vulnerabilities (CVE-2019-11068, CVE-2019-18197)

Summary IBM MQ Appliance has resolved libxslt vulnerabilities. Vulnerability Details CVEID: CVE-2019-11068 DESCRIPTION: libxslt could allow a remote attacker to bypass security restrictions, caused by a flaw in the xsltCheckRead and xsltCheckWrite routines. By sending a specially-crafted request,...

9.8CVSS1.2AI score0.05089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/01 9:53 p.m.48 views

Security Bulletin: jackson-databind vulnerabilities CVE-2020-36185/36181/36189/36188/36184/36180 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

Summary Jackson-databind vulnerabilities CVE-2020-36185, CVE-2020-36181, CVE-2020-36189, CVE-2020-36188, CVE-2020-36184, CVE-2020-36180, CVE-2020-36183, CVE-2020-36179, CVE-2020-36187, CVE-2020-36186, CVE-2020-36182 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer...

8.8CVSS1.8AI score0.20929EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/27 5:25 p.m.48 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary IBM Rational Functional Tester is affected by an Eclipse Jetty vulnerability that can allow a local authenticated user to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated user could exploit this vulnerability to gain elevated privileges...

7CVSS1.9AI score0.043EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 4:32 p.m.48 views

Security Bulletin: Multiple vulnerabilities in Rational Directory Server (CVE-2012-2203, CVE-2012-2191)

Summary Notice of security vulnerabilities which impacts IBM Rational Directory Server 5.2.x Tivoli variant only along with instructions to resolve the issues. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

7.5CVSS0.2AI score0.28154EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/21 12:38 p.m.48 views

Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626)

Summary Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by tool...

7.5CVSS1.4AI score0.10248EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/16 9:27 p.m.48 views

Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager

Summary Multiple vulnerabilities identified in IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager have been addressed in the release 10.8. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper...

6.1CVSS1AI score0.87218EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 6:3 p.m.48 views

Security Bulletin: cURL vulnerabilities CVE-2020-8169 CVE-2020-8177 impact IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier

Summary Security Bulletin: cURL vulnerabilities CVE-2020-8169 CVE-2020-8177 impact IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier. The fix was delivered in IBM Aspera High-Speed Transfer Server 4.0.0 and Aspera High-Speed...

7.8CVSS1.3AI score0.03427EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 4:3 p.m.48 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerability

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-8277 Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could...

7.5CVSS0.7AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 4:5 p.m.48 views

Security Bulletin: Potential security vulnerability for the Oracle June 2012 CPU (CVE-2012-1713) shipped with Rational Developer for System z

Summary IBM Rational Developer for System z is shipped with an IBM Java that is based on the Oracle Java. Oracle has released a June 2012 critical patch updates CPU which contain security vulnerability fixes and the IBM Java is affected. Vulnerability Details | Subscribe to My Notifications to be...

10CVSS1AI score0.05983EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/15 6:25 p.m.48 views

Security Bulletin: Vulnerabilities in Apache ActiveMQ affect IBM Operations Analytics Predictive Insights (CVE-2020-11998, CVE-2020-13920)

Summary Apache ActiveMQ is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper...

9.8CVSS2.1AI score0.51225EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 12:56 p.m.48 views

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries...

8.3CVSS0.9AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 11:2 p.m.48 views

Security Bulletin: IBM API Connect V10 is impacted by denial of service vulnerabilities in Crunchy kernel (CVE-2020-8616, CVE-2020-8617)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-8616 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the failure to limit the number of fetches performed when processing referrals. By using specially crafted referral...

8.6CVSS0.8AI score0.93422EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 4:13 p.m.48 views

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2019-3846 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiexupdatebssdescwithie function in...

8.8CVSS1.5AI score0.05649EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/24 4:22 p.m.48 views

Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2020 CPU plus CVE-2020-2590 and CVE-2020-2601 affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition from July 2020 CPU, the CVE-2020-2590 deferred from Oracle Jan 2020 CPU and CVE-2020-2601 deferred from Oracle Jan 2020 CPU that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based...

8.3CVSS1.1AI score0.04315EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/23 12:32 p.m.48 views

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-9383 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the setfdc...

7.1CVSS0.3AI score0.00731EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/11 12:41 p.m.48 views

Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436)

Summary Vulnerability has been identified in libcurl that is used in OS image for RedHat Enterprise Linux for IBM Cloud Pak System. This security bulletin applies to the OS image for RedHat Enterprise Linux v7.7. OS image for RedHat Enterprise Linux has addressed the vulnerability. Vulnerability...

7.8CVSS1AI score0.49739EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/31 1:37 p.m.48 views

Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affect IBM Operations Analytics Predictive Insights

Summary Faster-XML Jackson-databind is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Jackson Databind within IBM Operations Analytics Predictive Insights is limited to the REST Mediation...

8.8CVSS2.2AI score0.07963EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/04 6:49 p.m.48 views

Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan

Summary CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan Vulnerability Details CVEID: CVE-2009-2625 DESCRIPTION: Sun Java Runtime Environment JRE is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote...

7.8CVSS1.1AI score0.3038EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/28 3:18 p.m.48 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability...

9.1CVSS1.2AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.48 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704)

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption"...

10CVSS1AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2108, CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on 3 May 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION:...

10CVSS0.5AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2183)

Summary An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for Microsoft Windows uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenS...

7.5CVSS0.2AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.48 views

Security Bulletin: CVE-2014-3524 CSV Injection in reports

Summary Cells in csv reports need to sanitize for legacy CSV Injection concerns. Vulnerability Details Third Party Entry: PSIRT-ADV0017245 DESCRIPTION: Created from Advisory: ADV0017245 CVSS Base score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products and Versions...

1AI score0.14596EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/23 9:47 a.m.48 views

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.

Summary GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17450 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an infinite recursion in findabstractinstance in...

7.8CVSS1.5AI score0.02752EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/22 6:10 a.m.48 views

Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2020-2654)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 and Version 7 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-26...

4.3CVSS1AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: OpenSSL vulnerabilities affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to several OpenSSL vulnerabilities, attackers could exploit them to cause a denial of service or execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

10CVSS1.2AI score0.44016EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)

Summary IBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...

7.5CVSS0.1AI score0.94999EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SmartCloud Entry appliance. Vulnerability Details CVE-ID:...

10CVSS1.8AI score0.99999EPSS
Exploits158Affected Software1
Total number of security vulnerabilities5000