Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35013 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:41 a.m.41 views

Security Bulletin: This Power System update is being released to address CVE 2022-22488

Summary POWER9: In response to a security issue with the BMC web server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-22488. Vulnerability Details CVEID:CVE-2022-22488 DESCRIPTION: IBM BMC could allow a privileged user ...

4.9CVSS5.3AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:40 a.m.73 views

Security Bulletin: Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF015 and 22.0.1-IF005. Vulnerability Details CVEID:CVE-2022-41735 DESCRIPTION: IBM Business Process Manager 21.0.1 throug...

8.2CVSS10AI score0.03694EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:39 a.m.28 views

Security Bulletin: IBM Partner Engagement Manager is vulnerable to sensitive data exposure (CVE-2022-34354)

Summary IBM Sterling Partner Engagement Manager has addressed a client HTML5 vulnerability that allows encrypted storage of client data to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2022-34354 DESCRIPTION: IBM Sterling Partner Engagement...

4CVSS3.6AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:39 a.m.55 views

Security Bulletin: This Power System update is being released to address CVE 2022-34331

Summary A security problem for CVE-2022-34331 was addressed where switches configured to monitor network traffic for malicious activity are not effective because of errant adapter configuration changes. The misconfigured adapter can cause network traffic to flow directly between the VFs and not o...

9.8CVSS9AI score0.00261EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:38 a.m.47 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to possible information disclosure. (CVE-2022-38385)

Summary IBM Cloud Pak for Security is vulnerable to possible information disclosure. This has been updated in the latest release and the vulnerability has been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Securit...

8.1CVSS7.7AI score0.00296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:38 a.m.39 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to command injection (CVE-2022-38387)

Summary IBM Cloud Pak for Security is vulnerable to command injection. This has been updated in the latest release and the vulnerability has been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security CP4S...

8.8CVSS9.2AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:37 a.m.23 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to cross-site scripting (XSS) (CVE-2022-36776)

Summary IBM Cloud Pak for Security is vulnerable to cross-site scripting XSS. This has been updated in the latest release and the vulnerability has been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security CP4S...

5.4CVSS5.3AI score0.0053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:37 a.m.37 views

Security Bulletin: Vulnerability in IBM® Host Access Beans affects IBM Host Access Transformation Services

Summary There is a vulnerability in IBM Host Access Beans 4 used by Host Access Transformation Services. Host Access Transformation Services has provided a fix for the applicable CVE. The CVE is listed as CVE-2021-38938. Vulnerability Details CVEID:CVE-2021-38938 DESCRIPTION: IBM Host Access...

6.2CVSS5.7AI score0.00024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:36 a.m.47 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

9.8CVSS9.4AI score0.03141EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:36 a.m.37 views

Security Bulletin: IBM Urbancode Deploy (UCD) is vulnerable to Insufficiently Protected LDAP Search Credentials ( CVE-2022-40751 )

Summary In certain circumstances, an Administrator user could gain access to previously configured LDAP search credentials used during authentication. Vulnerability Details CVEID:CVE-2022-40751 DESCRIPTION: IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 throu...

4.9CVSS5AI score0.00128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:35 a.m.30 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform (CVE-2022-42442)

Summary IBM Robotic Process Automation for Cloud Pak is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. Vulnerability Details CVEID:CVE-2022-42442 DESCRIPTION: IBM Robotic Process Automation for Cloud Pak is vulnerable to exposure of...

3.3CVSS3.7AI score0.00052EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:35 a.m.20 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of information that could aid in further system attacks. (CVD-2022-38710)

Summary IBM Robotic Process Automation could potentially expose system and software version information which could aid in further system attacks. Vulnerability Details CVEID:CVE-2022-38710 DESCRIPTION: IBM Robotic Process Automation could disclose sensitive version information that could aid in...

5.3CVSS5.1AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:34 a.m.27 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to incorrect permission assignment

Summary IBM Robotic Process Automation is vulnerable to incorrect permission assignment which could allow access to application configurations. Vulnerability Details CVEID:CVE-2022-43574 DESCRIPTION: IBM Robotic Process Automation is vulnerable to incorrect permission assignment which could allow...

7.5CVSS7.3AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:34 a.m.87 views

Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...

9.1CVSS8.5AI score0.68838EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:33 a.m.35 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service attack (CVE-2022-40235)

Summary A denial of service vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-40235 DESCRIPTION: IBM InfoSphere Information Server could allow a user to cause a denial of service by removing the ability to run jobs due to improper input...

6.5CVSS6.3AI score0.00462EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:32 a.m.31 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2022-30608)

Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-30608 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

8.8CVSS8.6AI score0.00142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:30 a.m.37 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2022-30615, CVE-2022-35642)

Summary A cross-site scripting vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-30615 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...

5.4CVSS5.1AI score0.00493EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:29 a.m.119 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

Summary IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Vulnerability Details CVEID:CVE-2022-41292 DESCRIPTION: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation o...

6.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:28 a.m.19 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficient protection of credentials created in the control center.

Summary IBM Robotic Process Automation is vulnerable to insufficient protection of credentials created in the control center. Vulnerability Details CVEID:CVE-2022-41293 DESCRIPTION: IBM Robotic Process Automation is vulnerable to insufficient protection of credentials created in the control cente...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:28 a.m.28 views

Security Bulletin: IBM Robotic Process automation is vulnerable to storing sensitive data in temporary memory (CVE-2022-41295)

Summary IBM Robotic Process Automation Client may be vulnerable to sensitive data in temporary managed memory. Vulnerability Details CVEID:CVE-2022-41295 DESCRIPTION: IBM Robotic Process Automation Client may be vulnerable to sensitive data in temporary managed memory. CVSS Base score: 4 CVSS...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:27 a.m.234 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP6. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.3. A vulnerability where user credentials are stored in plain cleartext in a log and could be read by an authenticated us...

9.8CVSS9.7AI score0.02544EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:27 a.m.39 views

Security Bulletin: IBM Navigator Mobile Android app is vulnerable due to improper access control (CVE-2022-38388)

Summary Improper access control in the IBM Navigator Mobile Android app may allow an authenticated user to potentially enable information disclosure via local access CVE-2022-38388. Vulnerability Details CVEID:CVE-2022-38388 DESCRIPTION: IBM Navigator Mobile Android app could allow a local user t...

5.5CVSS5AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:26 a.m.26 views

Security Bulletin: IBM Partner Engagement Manager vulnerable to authentication bypass (CVE-2022-34334)

Summary IBM Sterling Partner Engagement Manager has addressed an authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2022-34334 DESCRIPTION: IBM Sterling Partner Engagement Manager does not invalidate session after logout which could allow an authenticated user to impersonate...

6.5CVSS6.5AI score0.00097EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:25 a.m.36 views

Security Bulletin: IBM QRadar SIEM is vulnerable to possible information disclosure (CVE-2022-22480)

Summary IBM QRadar SIEM is vulnerable to possible information disclosure due to data node rebalancing not functioning correctly. Vulnerability Details CVEID:CVE-2022-22480 DESCRIPTION: IBM QRadar SIEM data node rebalancing does not function correctly when using encrypted hosts which could result ...

7.5CVSS6AI score0.00238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:25 a.m.110 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2022-30613)

Summary IBM QRadar SIEM is vulnerable to information disclosure. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2022-30613 DESCRIPTION: IBM QRadar could disclose sensitive information via a local service to a privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

5.5CVSS4.5AI score0.00043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:24 a.m.33 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to man in the middle attacks through manipulation of client proxy (CVE-2022-36774)

Summary IBM Robotic Process automation is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. Vulnerability Details CVEID:CVE-2022-36774 DESCRIPTION: IBM Robotic Process automation is vulnerable to man in the middle attacks through manipulation of the...

6.5CVSS5.2AI score0.00089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:24 a.m.32 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross site scripting (CVE-2022-38709)

Summary IBM Robotic Process Automation for Cloud Pak is vulnerable to cross site scripting through DOM manipulation. Vulnerability Details CVEID:CVE-2022-38709 DESCRIPTION: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed...

6.1CVSS5.9AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:23 a.m.37 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross origin resource shareing using the bot api (CVE-2022-41294)

Summary IBM Robotic Process Automation is vulnerable to cross origin resource sharing using the bot api. Vulnerability Details CVEID:CVE-2022-41294 DESCRIPTION: IBM Robotic Process Automation is vulnerable to cross origin resource sharing using the bot api. CVSS Base score: 6.5 CVSS Temporal Scor...

6.5CVSS6.5AI score0.00076EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:22 a.m.33 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to proxy credential exposure in upgrade logs (CVE-2022-39168)

Summary IBM Robotic Process Automation Client is vulnerable to proxy credential exposure in upgrade logs. Vulnerability Details CVEID:CVE-2022-39168 DESCRIPTION: IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. CVSS Base score: 4.6 CVSS...

7.5CVSS7.4AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:22 a.m.20 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to use-after-free due to systemd ( CVE-2022-2526 )

Summary Systemd is used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-2526 Vulnerability Details CVEID:CVE-2022-2526 DESCRIPTION: systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the onstreamio function and...

9.8CVSS9.7AI score0.00295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:21 a.m.48 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2021-40528 DESCRIPTION: GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a...

9.8CVSS10AI score0.03367EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:21 a.m.13 views

Security Bulletin: A Security Vulnerability was fixed in IBM Application Gateway.

Summary IBM Security Application Gateway is vulnerable to cross-site scripting. This has been fixed in IBM Application Gateway 22.07 Vulnerability Details CVEID:CVE-2022-22387 DESCRIPTION: IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed...

5.4CVSS5.4AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:21 a.m.24 views

Security Bulletin: Information disclosure vulnerability in IBM QRadar User Behavior Analytics (CVE-2022-36771)

Summary Non-Admin access to some admin level information was available if users had correct paths to the information. Checks were added to authorize access even when it is not initiated from the user interface. Vulnerability Details CVEID:CVE-2022-36771 DESCRIPTION: IBM QRadar User Behavior...

6.5CVSS6AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:20 a.m.36 views

Security Bulletin: IBM InfoSphere Information Server is affected by a session management vulnerability (CVE-2022-41291)

Summary IBM InfoSphere Information Server is affected by a session management vulnerability. Vulnerability Details CVEID:CVE-2022-41291 DESCRIPTION: IBM InfoSphere Information Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on th...

6.5CVSS6.3AI score0.00118EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:19 a.m.28 views

Security Bulletin: XML External Entity Injection (XXE) attack Affects IBM Partner Engagement Manager (CVE-2022-34348)

Summary IBM Sterling Partner Engagement Manager is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. Vulnerability Details CVEID:CVE-2022-34348...

7.1CVSS6.9AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:18 a.m.59 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to authentication bypass (CVE-2022-40616)

Summary IBM Maximo Asset Management is vulnerable to authentication bypass. Vulnerability Details CVEID:CVE-2022-40616 DESCRIPTION: IBM Maximo Asset Management could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. CVSS Base...

8.1CVSS7.2AI score0.0006EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:17 a.m.40 views

Security Bulletin: Directory traversal attack in IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-40608)

Summary The IBM Spectrum Protect Plus Microsoft File Systems restore operation is vulnerable to a directory traversal attack which can result in gaining access to unauthorized files . Vulnerability Details CVEID:CVE-2022-40608 DESCRIPTION: IBM Spectrum Protect Plus Microsoft File Systems restore...

7.5CVSS7.4AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:17 a.m.42 views

Security Bulletin: Insecure handling of TLS certificates by IBM Spectrum Protect Plus (CVE-2022-40234)

Summary IBM Spectrum Protect Plus incorrectly handles TLS certificates which can result in an attacker obtaining private key information for the uploaded certificate. Vulnerability Details CVEID:CVE-2022-40234 DESCRIPTION: Versions of IBM Spectrum Protect Plus prior to 10.1.12 excluding 10.1.12...

5.9CVSS5.5AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:16 a.m.41 views

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...

5.3CVSS4.1AI score0.00172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:16 a.m.68 views

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability due to invscout (CVE-2022-36768)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to obtain root privileges CVE-2022-36768. Vulnerability Details CVEID:CVE-2022-36768 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtai...

8.4CVSS7.5AI score0.00048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:15 a.m.63 views

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356)

Summary UPDATED Oct 10 Added iFixes with the correct prereqs for VIOS 3.1.2.30 and 3.1.2.40: A vulnerability in the AIX kernel could allow a non-privileged local user to obtain root privileges CVE-2022-34356. Vulnerability Details CVEID:CVE-2022-34356 DESCRIPTION: IBM AIX could allow a...

8.4CVSS7.5AI score0.00048EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:15 a.m.42 views

Security Bulletin: IBM Aspera Faspex 5.0.x affected by vulnerability (CVE-2022-22403)

Summary Aspera Faspex 5.0.2 has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-22403 DESCRIPTION: IBM Aspera Faspex 5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link...

5.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:14 a.m.43 views

Security Bulletin: IBM Aspera Faspex 5.0.0/5.0.1 affected by vulnerability (CVE-2022-22399)

Summary This security bulletin addresses a HTTP header injection vulnerability that have been remediated in IBM Aspera Faspex 5.0.2. Vulnerability Details CVEID:CVE-2022-22399 DESCRIPTION: IBM Aspera Faspex 5 is vulnerable to HTTP header injection, caused by improper validation of input by the HO...

6.5CVSS5.9AI score0.00101EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:14 a.m.57 views

Security Bulletin: DataStage on Cloud Pak for Data Is Vulnerable to Sensitive Information Disclosure Error (CVE-2022-38714)

Summary A vulnerability in DataStage on Cloud Pak for Data had the potential of exposing database connection details database names, database user-id, database credential to authorized users with Cluster Admin role had they performed remote access to running datastage containers that was processi...

4.9CVSS5AI score0.00044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:12 a.m.37 views

Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager (CVE-2021-29864)

Summary A security vulnerability has been fixed in IBM Security Identity Manager. Vulnerability Details CVEID:CVE-2021-29864 DESCRIPTION: IBM Security Identity Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a...

6.8CVSS6AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:12 a.m.43 views

Security Bulletin: Custom "Execution States" names on IBM Engineering Test Management TCER pages are vulnerable to XSS ( CVE-2021-38934 )

Summary ETM allows customization of "Execution States" names, allowing the injection of XSS payloads and making them vulnerable to XSS. Custom values into the names of "Execution States" are not encoded while displaying them on the "Test Cases Execution Records" TCER pages, allowing the execution...

5.4CVSS5.5AI score0.00377EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:11 a.m.82 views

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22968, CVE-2022-24785, CVE-2017-18214, CVE-2016-4055, CVE-2018-1000613, CVE-2020-15522, CVE-2018-1000180, CVE-2020-26939, CVE-2022-22314)

Summary IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Spring is used in IBM Planning Analytics Workspace in Server-Side Rest APIs as an indirect dependency by MongoDB that is used to store content CVE-2022-22968. Node.js moment is used in IBM Planning Analytics Workspa...

9.8CVSS9AI score0.2051EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:3 a.m.58 views

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-35714)

Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2022-35714 DESCRIPTION: IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows...

5.4CVSS5.2AI score0.00377EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:2 a.m.58 views

Security Bulletin: This Power System update is being released to address CVE 2021-29891

Summary POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-29891. Vulnerability Details CVEID:CVE-2021-29891 DESCRIPTION: IBM OPENBMC could allow a privileged...

4.9CVSS5.2AI score0.00127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 2:1 a.m.34 views

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-22455)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-22455 DESCRIPTION: IBM Security Verify Identity Manager performs an operation at a privilege level that is higher than the minimum...

9.8CVSS9.5AI score0.00116EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35013