Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:3 a.m.14 views

Security Bulletin: Vulnerability in Samba affect Specrtum Scale shipped with Cloud pak System

Summary Vulnerability in Samba affect Specrtum Scale shipped with Cloud pak System CVE-2023-4091 Vulnerability Details CVEID:CVE-2023-4091 DESCRIPTION: Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using the aclxattr Samba VFS module with...

6.5CVSS6.9AI score0.01174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:3 a.m.83 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...

9.8CVSS10AI score0.60679EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:2 a.m.92 views

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest IBM Security Verify Governance release. Vulnerability Details CVEID:CVE-2023-33840 DESCRIPTION: IBM Security Verify Governance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

9.8CVSS9.7AI score0.17699EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:1 a.m.66 views

Security Bulletin: IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service

Summary IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-3488 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error related to the processing of repeated responses to the same query, where both responses contain...

7.5CVSS7.8AI score0.19045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:0 a.m.25 views

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Directory Suite (CVE-2022-32753, CVE-2022-32751, CVE-2022-33165)

Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

7.5CVSS6.1AI score0.01172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:0 a.m.56 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...

7.5CVSS7.4AI score0.99019EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:58 a.m.109 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2022-36227 DESCRIPTION: libarchive s vulnerable to a denial of service, caused by a NULL pointer dereference flaw due to not check for an error after calling calloc function...

9.8CVSS9.8AI score0.03776EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:58 a.m.71 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2002-0080 DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...

7.5CVSS9.4AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:57 a.m.47 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing multiple actions separated by a...

9.8CVSS9.7AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:57 a.m.72 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

10CVSS9.2AI score0.83223EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:56 a.m.46 views

Security Bulletin: Security vulnerability has been identified in IBM License Metric Tool v9.

Summary IBM License Metric Tool could allow a remote attacker to get read access to '/WEB-INF' folder on the ILMT server. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43044 DESCRIPTION: IBM License Metric Tool could allow ...

7.5CVSS6.3AI score0.00816EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:56 a.m.60 views

Security Bulletin: Unauthenticated Path Traversal security vulnerability CVE-2023-38366 in IBM Content Navigator in FileNet Content Manager

Summary Unauthenticated Path Traversal security vulnerability CVE-2023-38366 in Administration Console for Content Platform Engine ACCE/IBM Content Navigator ICN in FileNet Content Manager FNCM Vulnerability Details CVEID:CVE-2023-38366 DESCRIPTION: IBM Content Navigator could allow a remote...

5.3CVSS5.3AI score0.00754EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:55 a.m.50 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

9.8CVSS10AI score0.03567EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:55 a.m.56 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS10AI score0.09304EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:54 a.m.51 views

Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)

Summary Several vulnerabilities have been addressed in IBM Security Directory Server, IBM Security Directory Suite, and IBM Security Verify Directory products. Vulnerability Details CVEID:CVE-2022-33164 DESCRIPTION: IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse...

9.1CVSS7.7AI score0.01476EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:54 a.m.57 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.2 Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially...

9.8CVSS9.8AI score0.76768EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:54 a.m.63 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

9.8CVSS9.2AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:53 a.m.31 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS9.3AI score0.19312EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:52 a.m.62 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Java, Go, Python, OpenSSL and Node.js Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused b...

9.8CVSS9.8AI score0.03872EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:51 a.m.79 views

Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.

Summary Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities, listed in multiple CVEs CVE-2023-34981, CVE-2022-1471, CVE-2022-4065, CVE-2021-23450, CVE-2021-23450, CVE-2022-40151, CVE-2022-41966, CVE-2023-41080, CVE-2022-48285, CBE-2020-11971, CVE-2023-28709,...

9.8CVSS9.9AI score0.99615EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:51 a.m.45 views

Security Bulletin: IBM Security Verify Governance - Identity Manager Virtual Appliance has multiple vulnerabilities (CVE-2023-35019, CVE-2023-35016)

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance, Identity Manager - Virtual Appliance component. Vulnerability Details CVEID:CVE-2023-35019 DESCRIPTION: IBM Security Verify Governance, Identity Manager could allow a remote authenticated attacker to...

8.8CVSS7.5AI score0.01EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:50 a.m.101 views

Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...

9.8CVSS9.6AI score0.02453EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:49 a.m.67 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC

Summary Multiple vulnerabilities in Progress DataDirect Connect for ODBC used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34363 DESCRIPTION: Progress DataDirect Connect for ODBC could allow a remote attacker to obtain sensitive information, caused by...

9.8CVSS9.8AI score0.02195EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:49 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.1 Vulnerability Details CVEID:CVE-2024-27043 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal...

8.8CVSS10AI score0.02224EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:48 a.m.95 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in t...

8.7CVSS9.7AI score0.12966EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:48 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer.deserializeFromArray function. By sending a...

7.7CVSS9.8AI score0.1158EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:45 a.m.24 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2019-13631 DESCRIPTION: Linux Kernel could allow a physical attacker to execute...

10CVSS9.3AI score0.07619EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:44 a.m.99 views

Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues

Summary Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are...

9.8CVSS10AI score0.98518EPSS
Exploits30Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:42 a.m.33 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.7 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge v4.8.7 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below...

8.1CVSS9.9AI score0.60122EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:41 a.m.73 views

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

7.8CVSS8.3AI score0.46836EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:39 a.m.124 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass...

7.5CVSS9.6AI score0.0325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:39 a.m.46 views

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

9.8CVSS8.4AI score0.24738EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:38 a.m.69 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly consider...

9.8CVSS9.1AI score0.05623EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:38 a.m.76 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2023-0044 DESCRIPTION: Quarkus could allow a remote attacker to obtain sensitive information, caused by a flaw when the Form Authentication session cookie Path attribute is se...

7.8CVSS10AI score0.0486EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:37 a.m.58 views

Security Bulletin: Vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi. Vulnerabilities include denial of service, bypass security restrictions, HTTP request smuggling, spyware,...

7.5CVSS8.7AI score0.89955EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:37 a.m.43 views

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 . Please upgrade to GKLM v4.2 for the fixes. Vulnerability Details CVEID:CVE-2023-25689 DESCRIPTION: IBM...

9.8CVSS6.5AI score0.00971EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:36 a.m.80 views

Security Bulletin: Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities.

Summary The vulnerabilities addressed include access control, sensitive information disclosure, cross site scripting and directory traversal. Vulnerability Details CVEID:CVE-2020-5002 DESCRIPTION: IBM Financial Transaction Manager could allow an authenticated user to perform unauthorized actions...

9.1CVSS6.5AI score0.01836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:35 a.m.23 views

Security Bulletin: IBM FTM for ACH Services and Check Services (v3.0.2.1 - v3.0.5) is impacted by a directory traversal vulnerability.

Summary The vulnerability addressed allowed a remote attacker to traverse server directories. Vulnerability Details CVEID:CVE-2020-5001 DESCRIPTION: IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a...

7.5CVSS5.5AI score0.01019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:34 a.m.64 views

Security Bulletin: Multiple Vulnerabilities in Multicloud Management Security Services

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Multicloud Management Security Services Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw with accepting of some invalid Transfer-Encoding headers in the HTTP/...

8CVSS9.9AI score0.24928EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:34 a.m.61 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2022-22307 DESCRIPTION: IBM Security Guardium could allow a local user to obtain elevated privileges due to incorrect authorization checks. CVSS Base score: 4.4 CVSS Temporal Score: See:...

9.8CVSS9.3AI score0.11334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:34 a.m.27 views

Security Bulletin: IBM InfoSphere Information Server is affected by a path traversal vulnerability (CVE-2023-24960)

Summary A path traversal vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-24960 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL...

7.5CVSS7.5AI score0.01406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:33 a.m.116 views

Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of Apache Tomcat libraries CVE-2005-3164, CVE-2005-4836, CVE-2005-4838, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128, CVE-2007-5333, CVE-2008-1232, CVE-2008-2370, CVE-2008-4308, CVE-2009-0781,...

7.8CVSS8.3AI score0.9444EPSS
Exploits45Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:32 a.m.86 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.1 Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when using DNS forwarders. An attacker could exploit this...

9.8CVSS9.6AI score0.1593EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:32 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in Apache Ivy affect IBM Cloud Pak System

Summary Vulnerabilities found in Apache Ivy affect IBM Cloud Pak SystemCVE-2022-46751, CVE-2022-2765,CVE-2022-37866. Vulnerability Details CVEID:CVE-2022-46751 DESCRIPTION: Apache Ivy could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

9.8CVSS7.9AI score0.01855EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:31 a.m.31 views

Security Bulletin: Path traversal vulnerability affects IBM Business Monitor - CVE-2022-43864

Summary IBM Business Monitor is vulnerable to a Path Traversal attack in the Business Space component. Vulnerability Details CVEID:CVE-2022-43864 DESCRIPTION: IBM Business Automation Workflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially...

7.5CVSS7.5AI score0.01966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:30 a.m.64 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

9.8CVSS10AI score0.10539EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:30 a.m.50 views

Security Bulletin: IBM Security Verify Governance stores user credentials in plain clear text which can be read by a local user (CVE-2022-22470)

Summary IBM Security Verify Governance is vulnerable to exposure of user credentials to local users due to storage of credentials in cleartext CVE-2022-22470. This vulnerability has been removed by a code fix. Vulnerability Details CVEID:CVE-2022-22470 DESCRIPTION: IBM Security Verify Governance...

5.5CVSS5.3AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:29 a.m.37 views

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection (CVE-2022-35281)

Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection. Vulnerability Details CVEID:CVE-2022-35281 DESCRIPTION: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are...

8.8CVSS7AI score0.00505EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:29 a.m.40 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak (CVE-2022-43844)

Summary IBM Robotic Process Automation for Cloud Pak is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerabili...

8.8CVSS8.6AI score0.00687EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:29 a.m.30 views

Security Bulletin: A vulnerability in IBM Robotic Process Automation may result in sensitive information disclosure (CVE-2022-41740)

Summary There is a vulnerability in IBM Robotic Process Automation, Sensitive information may be disclosed if an attacker has physical access to system memory. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:CVE-2022-41740 DESCRIPTIO...

4.6CVSS4.2AI score0.00196EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35661