Lucene search
K
IbmMost viewed

35726 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/05/20 6:6 p.m.48 views

Security Bulletin: IBM MQ is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition (CVE-2020-27221)

Summary An issue was identified in the IBM® Runtime Environment Java™ Technology Edition shipped with IBM MQ. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8...

9.8CVSS1.4AI score0.01532EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 7:34 p.m.48 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an...

7.8CVSS1AI score0.77385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.48 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

9.1CVSS0.5AI score0.1684EPSS
Exploits1Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.48 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2015-5174, others)

Summary The Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational Requirements...

8.8CVSS0.2AI score0.1838EPSS
Exploits0Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 6:3 a.m.48 views

Security Bulletin: dom4j Vulnerability in Apache Solr shipped with IBM Operations Analytics - Log Analysis Analysis (CVE-2018-1000632)

Summary There is an XML Injection vulnerability in dom4j that affects Apache Solr. Vulnerability Details CVEID: CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a...

7.5CVSS1.8AI score0.0657EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/12 10:46 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability ...

9.8CVSS3AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/06 1:51 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-14803...

9.8CVSS1AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/23 4:28 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2020-14803, CVE-2020-27221)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle January 2021 Critical Patch Update, plus CVE-2020-27221. Vulnerabili...

9.8CVSS1.6AI score0.03122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/19 11:23 a.m.48 views

Security Bulletin: A vulnerability in IBM Java SE affects IBM Elastic Storage System

Summary There is a vulnerability in IBM SDK Java Technology Edition, used by IBM Elastic Storage System. This issue was disclosed as part of the IBM Java SDK updates in Oct 2020. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

4.3CVSS2.3AI score0.03713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/12 7:31 p.m.48 views

Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-23840 and CVE-2021-23841

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this...

7.5CVSS2.1AI score0.50732EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 11:5 a.m.48 views

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-8277

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-8277. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit thi...

7.5CVSS1.6AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/03 9:46 p.m.48 views

Security Bulletin: Vulnerabilities in Linux Kernel and Java affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in the Linux Kernel and Java may affect IBM Spectrum Protect Plus. The Java vulnerabilities were disclosed as part of the Java Critical Patch Updates in July and October 2020. UPDATED: 3 March 2021: Added CVE-2020-10711 Vulnerability Details CVEID: CVE-2020-14782...

8.3CVSS0.9AI score0.04315EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/03 4:5 p.m.48 views

Security Bulletin: IBM MQ Appliance is affected by libxslt vulnerabilities (CVE-2019-11068, CVE-2019-18197)

Summary IBM MQ Appliance has resolved libxslt vulnerabilities. Vulnerability Details CVEID: CVE-2019-11068 DESCRIPTION: libxslt could allow a remote attacker to bypass security restrictions, caused by a flaw in the xsltCheckRead and xsltCheckWrite routines. By sending a specially-crafted request,...

9.8CVSS1.2AI score0.05089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/01 9:53 p.m.48 views

Security Bulletin: jackson-databind vulnerabilities CVE-2020-36185/36181/36189/36188/36184/36180 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

Summary Jackson-databind vulnerabilities CVE-2020-36185, CVE-2020-36181, CVE-2020-36189, CVE-2020-36188, CVE-2020-36184, CVE-2020-36180, CVE-2020-36183, CVE-2020-36179, CVE-2020-36187, CVE-2020-36186, CVE-2020-36182 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer...

8.8CVSS1.8AI score0.20929EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/27 5:25 p.m.48 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary IBM Rational Functional Tester is affected by an Eclipse Jetty vulnerability that can allow a local authenticated user to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated user could exploit this vulnerability to gain elevated privileges...

7CVSS1.9AI score0.043EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 4:32 p.m.48 views

Security Bulletin: Multiple vulnerabilities in Rational Directory Server (CVE-2012-2203, CVE-2012-2191)

Summary Notice of security vulnerabilities which impacts IBM Rational Directory Server 5.2.x Tivoli variant only along with instructions to resolve the issues. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

7.5CVSS0.2AI score0.28154EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/16 9:27 p.m.48 views

Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager

Summary Multiple vulnerabilities identified in IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager have been addressed in the release 10.8. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper...

6.1CVSS1AI score0.87218EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 6:3 p.m.48 views

Security Bulletin: cURL vulnerabilities CVE-2020-8169 CVE-2020-8177 impact IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier

Summary Security Bulletin: cURL vulnerabilities CVE-2020-8169 CVE-2020-8177 impact IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier. The fix was delivered in IBM Aspera High-Speed Transfer Server 4.0.0 and Aspera High-Speed...

7.8CVSS1.3AI score0.03427EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 4:3 p.m.48 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerability

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-8277 Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could...

7.5CVSS0.7AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 4:5 p.m.48 views

Security Bulletin: Potential security vulnerability for the Oracle June 2012 CPU (CVE-2012-1713) shipped with Rational Developer for System z

Summary IBM Rational Developer for System z is shipped with an IBM Java that is based on the Oracle Java. Oracle has released a June 2012 critical patch updates CPU which contain security vulnerability fixes and the IBM Java is affected. Vulnerability Details | Subscribe to My Notifications to be...

10CVSS1AI score0.05983EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/15 6:25 p.m.48 views

Security Bulletin: Vulnerabilities in Apache ActiveMQ affect IBM Operations Analytics Predictive Insights (CVE-2020-11998, CVE-2020-13920)

Summary Apache ActiveMQ is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper...

9.8CVSS2.1AI score0.51225EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/12 11:53 a.m.48 views

Security Bulletin: Publicly disclosed vulnerability from Qemu affects IBM Netezza Host Management

Summary Open Source Qemu is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14364 DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds read/write...

5CVSS0.7AI score0.05447EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 12:56 p.m.48 views

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries...

8.3CVSS0.9AI score0.04315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/24 4:22 p.m.48 views

Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2020 CPU plus CVE-2020-2590 and CVE-2020-2601 affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition from July 2020 CPU, the CVE-2020-2590 deferred from Oracle Jan 2020 CPU and CVE-2020-2601 deferred from Oracle Jan 2020 CPU that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based...

8.3CVSS1.1AI score0.04315EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/23 12:32 p.m.48 views

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-9383 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the setfdc...

7.1CVSS0.3AI score0.00731EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/23 12:26 p.m.48 views

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs. Vulnerability Details CVEID: CVE-2020-11609 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the stv06xx subsystem in stv06xx.c an...

4.9CVSS0.4AI score0.00588EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/11 12:41 p.m.48 views

Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436)

Summary Vulnerability has been identified in libcurl that is used in OS image for RedHat Enterprise Linux for IBM Cloud Pak System. This security bulletin applies to the OS image for RedHat Enterprise Linux v7.7. OS image for RedHat Enterprise Linux has addressed the vulnerability. Vulnerability...

7.8CVSS1AI score0.49739EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/09 3:12 a.m.48 views

Security Bulletin: A Security Vulnerability Has Been Identified In Apache Batik used by IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-17566)

Summary A Security Vulnerability Has Been Identified In Apache Batik. IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On is affected by Apache Batik. Information about this security vulnerability affecting IBM WebSphere Application...

7.5CVSS2AI score0.1074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/31 1:37 p.m.48 views

Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affect IBM Operations Analytics Predictive Insights

Summary Faster-XML Jackson-databind is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Jackson Databind within IBM Operations Analytics Predictive Insights is limited to the REST Mediation...

8.8CVSS2.2AI score0.07963EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/04 6:49 p.m.48 views

Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan

Summary CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan Vulnerability Details CVEID: CVE-2009-2625 DESCRIPTION: Sun Java Runtime Environment JRE is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote...

7.8CVSS1.1AI score0.3038EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/04 6:46 p.m.48 views

Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker

Summary CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object. Vulnerability Details CVEID: CVE-2015-5254...

9.8CVSS3.2AI score0.38191EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2108, CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on 3 May 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION:...

10CVSS0.5AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2183)

Summary An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for Microsoft Windows uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenS...

7.5CVSS0.2AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.48 views

Security Bulletin: CVE-2014-3524 CSV Injection in reports

Summary Cells in csv reports need to sanitize for legacy CSV Injection concerns. Vulnerability Details Third Party Entry: PSIRT-ADV0017245 DESCRIPTION: Created from Advisory: ADV0017245 CVSS Base score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products and Versions...

1AI score0.14596EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/22 6:10 a.m.48 views

Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2020-2654)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 and Version 7 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-26...

4.3CVSS1AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)

Summary IBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...

7.5CVSS0.1AI score0.94999EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SmartCloud Entry appliance. Vulnerability Details CVE-ID:...

10CVSS1.8AI score0.99999EPSS
Exploits158Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.48 views

Security Bulletin: OpenSSL vulnerabilities affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to several OpenSSL vulnerabilities, attackers could exploit them to cause a denial of service or execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...

10CVSS1.2AI score0.44016EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/30 8:53 a.m.48 views

Security Bulletin: Vulnerabilities in jQuery affect IBM License Metric Tool v9.

Summary Vulnerabilities discovered in jQuery component affect IBM License Metric Tool v9. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...

6.9CVSS0.5AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/19 6:20 p.m.48 views

Security Bulletin: Multiple potential vulnerabilities in Node.js

Summary Node.js is potentially exposed to 2 identified vulnerabilities. Vulnerability Details CVEID: CVE-2019-15605 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attack...

9.8CVSS1AI score0.57132EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/19 5:7 a.m.48 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown impac...

9.8CVSS1.3AI score0.26587EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/12 4:54 p.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.6.0 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability...

8.1CVSS1.4AI score0.04903EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/09 2:20 a.m.48 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section...

6.8CVSS2.6AI score0.03823EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/27 8:28 a.m.48 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-12406)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to a security vulnerability. A remote attacker could exploit a vulnerability in Apache CXF causing a denial of service. Vulnerability Details CVEID: CVE-2019-12406 DESCRIPTION: Apache CXF is...

6.5CVSS1.9AI score0.06257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/20 3:25 p.m.48 views

Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7060, CVE-2020-7059)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7060 DESCRIPTION: PHP is vulnerable to a buffer overflow, caused by improper bounds checking by the mbflfiltconvbig5wchar function. By sending specially crafted data, a remote attacker could...

9.1CVSS1.2AI score0.08888EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/20 2:40 p.m.48 views

Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat (CVE-2018-1304 and CVE-2018-1305)

Summary Apache Tomcat has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational Buil...

6.5CVSS0.5AI score0.17378EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.48 views

Security Bulletin: OpenSSLにある複数の脆弱性のWebSphere Message BrokerとIBM Integration Busへの影響について

Summary OpenSSLの脆弱性について、OpenSSL Projectより2016年 9月22日、9月26日、11月10日にそれぞれ公表されております。WebSphere Message BrokerならびにIBM Integration Busにて使用されているDataDirect ODBC ドライバーに対して該当するCVEがあり、対処しております。 Vulnerability Details 最新の情報は下記の文書(英語)をご参照ください。 Security Bulletin: Multiple vulnerabilities in OpenSSL affect...

9.8CVSS0.6AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.48 views

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability

Summary WebSphere Message Broker and IBM Integration Bus are affected by Open Source Apache Tomcat vulnerability Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote...

7.1CVSS0.4AI score0.39633EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/19 9:25 p.m.48 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. This were disclosed as part of the IBM Java SDK updates in October 2019 and January 2020. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecifie...

7.2CVSS1.8AI score0.03239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/16 5:42 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker V8.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7.0.10.45 used by WebSphere Message Brokerr V8. These issues were disclosed as part of the IBM Java SDK updates in July 2019 Vulnerability Details CVEID: CVE-2019-2816 DESCRIPTION: An unspecified vulnerabili...

8.4CVSS0.9AI score0.04351EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000