Lucene search
K
IbmMost viewed

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/04/12 10:46 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability ...

9.8CVSS3AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/06 1:51 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-14803...

9.8CVSS1AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/23 4:28 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2020-14803, CVE-2020-27221)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle January 2021 Critical Patch Update, plus CVE-2020-27221. Vulnerabili...

9.8CVSS1.6AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/12 7:31 p.m.48 views

Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-23840 and CVE-2021-23841

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this...

7.5CVSS2.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 11:5 a.m.48 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-8277

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-8277. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit thi...

7.5CVSS1.6AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/03 9:46 p.m.48 views

Security Bulletin: Vulnerabilities in Linux Kernel and Java affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in the Linux Kernel and Java may affect IBM Spectrum Protect Plus. The Java vulnerabilities were disclosed as part of the Java Critical Patch Updates in July and October 2020. UPDATED: 3 March 2021: Added CVE-2020-10711 Vulnerability Details CVEID: CVE-2020-14782...

8.3CVSS0.9AI score0.04315EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/03 4:5 p.m.48 views

Security Bulletin: IBM MQ Appliance is affected by libxslt vulnerabilities (CVE-2019-11068, CVE-2019-18197)

Summary IBM MQ Appliance has resolved libxslt vulnerabilities. Vulnerability Details CVEID: CVE-2019-11068 DESCRIPTION: libxslt could allow a remote attacker to bypass security restrictions, caused by a flaw in the xsltCheckRead and xsltCheckWrite routines. By sending a specially-crafted request,...

9.8CVSS1.2AI score0.05089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/01 9:53 p.m.48 views

Security Bulletin: jackson-databind vulnerabilities CVE-2020-36185/36181/36189/36188/36184/36180 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

Summary Jackson-databind vulnerabilities CVE-2020-36185, CVE-2020-36181, CVE-2020-36189, CVE-2020-36188, CVE-2020-36184, CVE-2020-36180, CVE-2020-36183, CVE-2020-36179, CVE-2020-36187, CVE-2020-36186, CVE-2020-36182 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer...

8.8CVSS1.8AI score0.20929EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/27 5:25 p.m.48 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary IBM Rational Functional Tester is affected by an Eclipse Jetty vulnerability that can allow a local authenticated user to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated user could exploit this vulnerability to gain elevated privileges...

7CVSS1.9AI score0.043EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 4:32 p.m.48 views

Security Bulletin: Multiple vulnerabilities in Rational Directory Server (CVE-2012-2203, CVE-2012-2191)

Summary Notice of security vulnerabilities which impacts IBM Rational Directory Server 5.2.x Tivoli variant only along with instructions to resolve the issues. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

7.5CVSS0.2AI score0.28154EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/16 9:27 p.m.48 views

Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager

Summary Multiple vulnerabilities identified in IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager have been addressed in the release 10.8. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper...

6.1CVSS1AI score0.87218EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 6:3 p.m.48 views

Security Bulletin: cURL vulnerabilities CVE-2020-8169 CVE-2020-8177 impact IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier

Summary Security Bulletin: cURL vulnerabilities CVE-2020-8169 CVE-2020-8177 impact IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier. The fix was delivered in IBM Aspera High-Speed Transfer Server 4.0.0 and Aspera High-Speed...

7.8CVSS1.3AI score0.03427EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 4:3 p.m.48 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerability

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-8277 Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could...

7.5CVSS0.7AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 4:5 p.m.48 views

Security Bulletin: Potential security vulnerability for the Oracle June 2012 CPU (CVE-2012-1713) shipped with Rational Developer for System z

Summary IBM Rational Developer for System z is shipped with an IBM Java that is based on the Oracle Java. Oracle has released a June 2012 critical patch updates CPU which contain security vulnerability fixes and the IBM Java is affected. Vulnerability Details | Subscribe to My Notifications to be...

10CVSS1AI score0.05983EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/15 6:25 p.m.48 views

Security Bulletin: Vulnerabilities in Apache ActiveMQ affect IBM Operations Analytics Predictive Insights (CVE-2020-11998, CVE-2020-13920)

Summary Apache ActiveMQ is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper...

9.8CVSS2.1AI score0.51225EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 12:56 p.m.48 views

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries...

8.3CVSS0.9AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 11:2 p.m.48 views

Security Bulletin: IBM API Connect V10 is impacted by denial of service vulnerabilities in Crunchy kernel (CVE-2020-8616, CVE-2020-8617)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-8616 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the failure to limit the number of fetches performed when processing referrals. By using specially crafted referral...

8.6CVSS0.8AI score0.93422EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/24 4:22 p.m.48 views

Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2020 CPU plus CVE-2020-2590 and CVE-2020-2601 affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition from July 2020 CPU, the CVE-2020-2590 deferred from Oracle Jan 2020 CPU and CVE-2020-2601 deferred from Oracle Jan 2020 CPU that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based...

8.3CVSS1.1AI score0.04315EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/23 12:32 p.m.48 views

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-9383 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the setfdc...

7.1CVSS0.3AI score0.00731EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/11 12:41 p.m.48 views

Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436)

Summary Vulnerability has been identified in libcurl that is used in OS image for RedHat Enterprise Linux for IBM Cloud Pak System. This security bulletin applies to the OS image for RedHat Enterprise Linux v7.7. OS image for RedHat Enterprise Linux has addressed the vulnerability. Vulnerability...

7.8CVSS1AI score0.49739EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/31 1:37 p.m.48 views

Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affect IBM Operations Analytics Predictive Insights

Summary Faster-XML Jackson-databind is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Jackson Databind within IBM Operations Analytics Predictive Insights is limited to the REST Mediation...

8.8CVSS2.2AI score0.07963EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/04 6:49 p.m.48 views

Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan

Summary CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan Vulnerability Details CVEID: CVE-2009-2625 DESCRIPTION: Sun Java Runtime Environment JRE is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote...

7.8CVSS1.1AI score0.3038EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/28 3:18 p.m.48 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability...

9.1CVSS1.2AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.48 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704)

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption"...

10CVSS1AI score0.82112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2108, CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on 3 May 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION:...

10CVSS0.5AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2183)

Summary An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for Microsoft Windows uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenS...

7.5CVSS0.2AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.48 views

Security Bulletin: CVE-2014-3524 CSV Injection in reports

Summary Cells in csv reports need to sanitize for legacy CSV Injection concerns. Vulnerability Details Third Party Entry: PSIRT-ADV0017245 DESCRIPTION: Created from Advisory: ADV0017245 CVSS Base score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products and Versions...

1AI score0.14596EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/23 9:47 a.m.48 views

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.

Summary GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17450 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an infinite recursion in findabstractinstance in...

7.8CVSS1.5AI score0.02752EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/22 6:10 a.m.48 views

Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2020-2654)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 and Version 7 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-26...

4.3CVSS1AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: OpenSSL vulnerabilities affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to several OpenSSL vulnerabilities, attackers could exploit them to cause a denial of service or execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

10CVSS1.2AI score0.44016EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)

Summary IBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...

7.5CVSS0.1AI score0.94999EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SmartCloud Entry appliance. Vulnerability Details CVE-ID:...

10CVSS1.8AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/30 8:53 a.m.48 views

Security Bulletin: Vulnerabilities in jQuery affect IBM License Metric Tool v9.

Summary Vulnerabilities discovered in jQuery component affect IBM License Metric Tool v9. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...

6.9CVSS0.5AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/19 6:20 p.m.48 views

Security Bulletin: Multiple potential vulnerabilities in Node.js

Summary Node.js is potentially exposed to 2 identified vulnerabilities. Vulnerability Details CVEID: CVE-2019-15605 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attack...

9.8CVSS1AI score0.57132EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/12 4:54 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.6.0 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability...

8.1CVSS1.4AI score0.04903EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/09 2:20 a.m.48 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section...

6.8CVSS2.6AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/27 8:28 a.m.48 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-12406)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to a security vulnerability. A remote attacker could exploit a vulnerability in Apache CXF causing a denial of service. Vulnerability Details CVEID: CVE-2019-12406 DESCRIPTION: Apache CXF is...

6.5CVSS1.9AI score0.06257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/20 3:25 p.m.48 views

Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7060, CVE-2020-7059)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7060 DESCRIPTION: PHP is vulnerable to a buffer overflow, caused by improper bounds checking by the mbflfiltconvbig5wchar function. By sending specially crafted data, a remote attacker could...

9.1CVSS1.2AI score0.08888EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/20 2:40 p.m.48 views

Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat (CVE-2018-1304 and CVE-2018-1305)

Summary Apache Tomcat has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational Buil...

6.5CVSS0.5AI score0.17378EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.48 views

Security Bulletin: OpenSSLにある複数の脆弱性のWebSphere Message BrokerとIBM Integration Busへの影響について

Summary OpenSSLの脆弱性について、OpenSSL Projectより2016年 9月22日、9月26日、11月10日にそれぞれ公表されております。WebSphere Message BrokerならびにIBM Integration Busにて使用されているDataDirect ODBC ドライバーに対して該当するCVEがあり、対処しております。 Vulnerability Details 最新の情報は下記の文書(英語)をご参照ください。 Security Bulletin: Multiple vulnerabilities in OpenSSL affect...

9.8CVSS0.6AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.48 views

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability

Summary WebSphere Message Broker and IBM Integration Bus are affected by Open Source Apache Tomcat vulnerability Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote...

7.1CVSS0.4AI score0.39633EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/19 9:25 p.m.48 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. This were disclosed as part of the IBM Java SDK updates in October 2019 and January 2020. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecifie...

7.2CVSS1.8AI score0.03239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/16 5:42 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker V8.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7.0.10.45 used by WebSphere Message Brokerr V8. These issues were disclosed as part of the IBM Java SDK updates in July 2019 Vulnerability Details CVEID: CVE-2019-2816 DESCRIPTION: An unspecified vulnerabili...

8.4CVSS0.9AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/11 3:28 p.m.48 views

Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in the WebSphere Application Server Liberty HTTP/2 implementation that is used by Watson Knowledge Catalog for IBM Cloud Pak for Data. This affects various Watson Knowledge Catalog services. These vulnerabilities have been addressed. Vulnerability Detail...

7.8CVSS0.8AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/03 2:5 p.m.48 views

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability with the IPv6 networking support (CVE-2015-2922)

Summary The following vulnerability in IPv6 has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2015-2922 DESCRIPTION: Linux Kernel, built with the IPv6 networking supportCONFIGIPV6, is vulnerable to a denial of service, caused by the improper handling...

3.3CVSS0.8AI score0.03052EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/04 4:40 p.m.48 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of...

9.8CVSS0.7AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/30 12:59 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Security Privileged Identity Manager ISPIM. Vulnerability Details CVEID: CVE-2019-11775 DESCRIPTION: All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize ...

9.8CVSS0.3AI score0.04351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.48 views

Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2019-11358)

Summary IBM Tivoli Netcool Impact has addressed the following jQuery vulnerability. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an...

6.1CVSS0.9AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 5:50 p.m.48 views

Security Bulletin: Vulnerability in jQuery affects IBM Watson Studio Local

Summary Security Bulletin: Vulnerability in jQuery affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an...

6.1CVSS0.6AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 10:47 p.m.48 views

Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM Control Center (CVE-2016-1000031)

Summary The DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in Control Center, could allow remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior. Vulnerability Details CVEID: CVE-2016-1000031 Description: Apache...

9.8CVSS3AI score0.34731EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000