Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:28 a.m.•40 views

Security Bulletin: A vulnerability in IBM Robotic Process Automation may result in exposure of the name and email for the creator/modifier of platform level objects (CVE-2022-43573)

Summary There is a vulnerability in IBM Robotic Process Automation. Accessing specific platform level objects created in RPA may expose the creator or modifiers email address. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...

5.3CVSS5.2AI score0.00473EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:28 a.m.•19 views

Security Bulletin: A vulnerability exists in Google Web Toolkit (GWT) framework used by ITNM (CVE-2007-2378)

Summary Vulnerability CVE-2007-2378 found in gwt-maps that is present in IBM Tivoli Network Manager ITNM IP Edition. The fix contains the removal of this library from ITNM Vulnerability Details CVEID:CVE-2007-2378 DESCRIPTION: The Google Web Toolkit GWT framework exchanges data using JavaScript...

5CVSS6.1AI score0.00734EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:27 a.m.•53 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to Cross-Site Scripting (CVE-2022-34330)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2022-34330 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code i...

6.1CVSS5.9AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:27 a.m.•37 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to Cross Origin Resource Sharing (CORS) (CVE-2021-38928)

Summary IBM Sterling B2B Integrator has addressed the Cross Origin Sharing vulnerability in B2B API Vulnerability Details CVEID:CVE-2021-38928 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged...

5.4CVSS5.1AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:27 a.m.•59 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to access control issue (CVE-2022-43920)

Summary IBM Sterling B2B Integrator has addressed the access control security vulnerability. Vulnerability Details CVEID:CVE-2022-43920 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an authenticated user to gain privileges in a different group due to an access control...

8.8CVSS8.7AI score0.00549EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:26 a.m.•56 views

Security Bulletin: Dashboard of IBM Sterling B2B Integrator is vulnerable to session mismanagment (CVE-2022-22371)

Summary IBM Sterling B2B Integrator has addressed the session mismangement vulnerability in Dashboard. Vulnerability Details CVEID:CVE-2022-22371 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition does not invalidate session after a password change which could allow an authenticated user t...

6.5CVSS6.3AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:26 a.m.•41 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2022-22337)

Summary IBM Sterling B2B Integrator has addressed the information disclousre vulnerability in B2B API Vulnerability Details CVEID:CVE-2022-22337 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information to an authenticated user. CVSS Base score: 4.3 CVSS...

6.5CVSS6AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:25 a.m.•40 views

Security Bulletin: EBICS Client of IBM Sterling B2B Integrartor is vulnerable SQL Injection (CVE-2022-22338)

Summary IBM Sterling B2B Integrator has addressed the SQL injection vulnerability in EBICS client. Vulnerability Details CVEID:CVE-2022-22338 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements,...

9.8CVSS9.8AI score0.00677EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:25 a.m.•50 views

Security Bulletin: Dashboard of IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-22352)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability in Dashboard. Vulnerability Details CVEID:CVE-2022-22352 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

5.4CVSS5.2AI score0.00365EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:24 a.m.•30 views

Security Bulletin: Security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-22461 DESCRIPTION: IBM Security Verify Governance uses weaker than expected cryptographic algorithms that could allow an attacker to...

7.5CVSS7.5AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 3:23 a.m.•40 views

Security Bulletin: Security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager Software component (CVE-2022-35646)

Summary IBM Security Verify Governance, Identity Manager Software component has addressed the following vulnerability: An authenticated user may be able modify or cancel any other user's access request. Vulnerability Details CVEID:CVE-2022-35646 DESCRIPTION: IBM Security Verify Governance, Identi...

5.9CVSS5.2AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:50 a.m.•63 views

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2022-22457 DESCRIPTION: IBM Security Verify Governance stores sensitive information including user credentials in plain clear text which...

6.5CVSS5.4AI score0.00765EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:49 a.m.•47 views

Security Bulletin: Multiple Vulnerabilities Affect IBM Financial Transaction Manager for SWIFT Services (CVE-2022-4387, CVE-2022-43875)

Summary Multiple vulnerabilities affect IBM Financial Transaction Manager for SWIFT Services. These are addressed. Vulnerability Details CVEID:CVE-2022-43872 DESCRIPTION: IBM Financial Transaction Manager authorization checks are done incorrectly for some HTTP requests which allows getting...

6.2CVSS5.7AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:49 a.m.•40 views

Security Bulletin: A vulnerability in IBM Spectrum Scale CSI could allow unauthorized access (CVE-2022-40607)

Summary A security vulnerability has been identified in IBM Spectrum Scale CSI that could allow unauthorized access. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-40607 DESCRIPTION: IBM Spectrum Scale could allow users with permissions to create pod, persistent...

6.8CVSS6.5AI score0.00924EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:48 a.m.•127 views

Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana

Summary Watson Machine Learning Accelerator on Cloud Pak for Data had an internal dependency on Grafana. Grafana dependency is now removed. Grafana component is no longer used or shipped with Watson Machine Learning Accelerator on Cloud Pak for Data. This bulletin identifies the steps to take to...

9.8CVSS9AI score0.68603EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:47 a.m.•49 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

Summary Vulnerabilities in IBM WebSphere Application Server Liberty and FasterXML jackson-databind such as HTTP header injection, identity spoofing, denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0...

8.8CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:46 a.m.•47 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...

7.5CVSS8.8AI score0.19653EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:45 a.m.•36 views

Security Bulletin: This Power System update is being released to address CVE 2022-2809

Summary POWER10: In response to a security issue with the BMC HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2022-2809. Vulnerability Details CVEID:CVE-2022-2809 DESCRIPTION: In IBM OPENBMC, when using using a...

8.2CVSS7.7AI score0.00591EPSS
Exploits0Affected Software7
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:45 a.m.•36 views

Security Bulletin: A vulnerability in IBM Spectrum Scale could allow a local attacker to execute arbitrary commands (CVE-2022-43867)

Summary A security vulnerability has been identified in IBM Spectrum Scale Container Native Access Storage that could allow a local attacker to execute arbitrary commands. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-43867 DESCRIPTION: IBM Spectrum Scale could...

7.8CVSS7.8AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:45 a.m.•33 views

Security Bulletin: Multiple vulnerabilities affect IBM Sterling Secure Proxy (CVE-2021-2163, CVE-2022-34361)

Summary A java vulnerability and an exposure of weak TLS ciphers affect IBM Sterling Secure Proxy. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...

7.5CVSS5.6AI score0.03566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:43 a.m.•84 views

Security Bulletin: IBM API Connect is impacted by host header injection vulnerability (CVE-2021-38997)

Summary IBM API Connect is impacted by host header injection vulnerability. The fix addresses the host header injection CVE-2021-38997. Vulnerability Details CVEID:CVE-2021-38997 DESCRIPTION: IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOS...

5.4CVSS5.4AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:43 a.m.•48 views

Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to information disclosure and weaker security (CVE-2022-43901, CVE-2022-43900)

Summary IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2022-43901 DESCRIPTION: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could...

6.5CVSS6AI score0.00194EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:42 a.m.•36 views

Security Bulletin: IBM Maximo Mobile is vulnerable to Information Disclosure (CVE-2022-41732)

Summary IBM Maximo Mobile stores user credentials in plain clear text which can be read by a local user. Vulnerability Details CVEID:CVE-2022-41732 DESCRIPTION: IBM Maximo Mobile stores user credentials in plain clear text which can be read by a local user. CVSS Base score: 6.2 CVSS Temporal Scor...

6.2CVSS5.4AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:42 a.m.•46 views

Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

Summary If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the...

5.4CVSS5.2AI score0.00315EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:41 a.m.•389 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system (CVE-2022-40746)

Summary IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. Vulnerability...

7.2CVSS7AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:41 a.m.•42 views

Security Bulletin: This Power System update is being released to address CVE 2022-22488

Summary POWER9: In response to a security issue with the BMC web server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-22488. Vulnerability Details CVEID:CVE-2022-22488 DESCRIPTION: IBM BMC could allow a privileged user ...

4.9CVSS5.3AI score0.00475EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:40 a.m.•75 views

Security Bulletin: Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF015 and 22.0.1-IF005. Vulnerability Details CVEID:CVE-2022-41735 DESCRIPTION: IBM Business Process Manager 21.0.1 throug...

8.2CVSS10AI score0.19653EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:39 a.m.•29 views

Security Bulletin: IBM Partner Engagement Manager is vulnerable to sensitive data exposure (CVE-2022-34354)

Summary IBM Sterling Partner Engagement Manager has addressed a client HTML5 vulnerability that allows encrypted storage of client data to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2022-34354 DESCRIPTION: IBM Sterling Partner Engagement...

4CVSS3.6AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:39 a.m.•56 views

Security Bulletin: This Power System update is being released to address CVE 2022-34331

Summary A security problem for CVE-2022-34331 was addressed where switches configured to monitor network traffic for malicious activity are not effective because of errant adapter configuration changes. The misconfigured adapter can cause network traffic to flow directly between the VFs and not o...

9.8CVSS9AI score0.00465EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:38 a.m.•47 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to possible information disclosure. (CVE-2022-38385)

Summary IBM Cloud Pak for Security is vulnerable to possible information disclosure. This has been updated in the latest release and the vulnerability has been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Securit...

8.1CVSS7.7AI score0.00514EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:38 a.m.•39 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to command injection (CVE-2022-38387)

Summary IBM Cloud Pak for Security is vulnerable to command injection. This has been updated in the latest release and the vulnerability has been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security CP4S...

8.8CVSS9.2AI score0.00875EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:37 a.m.•26 views

Security Bulletin: IBM Cloud Pak for Security is vulnerable to cross-site scripting (XSS) (CVE-2022-36776)

Summary IBM Cloud Pak for Security is vulnerable to cross-site scripting XSS. This has been updated in the latest release and the vulnerability has been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security CP4S...

5.4CVSS5.3AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:37 a.m.•37 views

Security Bulletin: Vulnerability in IBM® Host Access Beans affects IBM Host Access Transformation Services

Summary There is a vulnerability in IBM Host Access Beans 4 used by Host Access Transformation Services. Host Access Transformation Services has provided a fix for the applicable CVE. The CVE is listed as CVE-2021-38938. Vulnerability Details CVEID:CVE-2021-38938 DESCRIPTION: IBM Host Access...

6.2CVSS5.7AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:36 a.m.•47 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

9.8CVSS9.4AI score0.05664EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:36 a.m.•37 views

Security Bulletin: IBM Urbancode Deploy (UCD) is vulnerable to Insufficiently Protected LDAP Search Credentials ( CVE-2022-40751 )

Summary In certain circumstances, an Administrator user could gain access to previously configured LDAP search credentials used during authentication. Vulnerability Details CVEID:CVE-2022-40751 DESCRIPTION: IBM UrbanCode Deploy UCD 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 throu...

4.9CVSS5AI score0.00589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:35 a.m.•31 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform (CVE-2022-42442)

Summary IBM Robotic Process Automation for Cloud Pak is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. Vulnerability Details CVEID:CVE-2022-42442 DESCRIPTION: IBM Robotic Process Automation for Cloud Pak is vulnerable to exposure of...

3.3CVSS3.7AI score0.00179EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:35 a.m.•22 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of information that could aid in further system attacks. (CVD-2022-38710)

Summary IBM Robotic Process Automation could potentially expose system and software version information which could aid in further system attacks. Vulnerability Details CVEID:CVE-2022-38710 DESCRIPTION: IBM Robotic Process Automation could disclose sensitive version information that could aid in...

5.3CVSS5.1AI score0.0029EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:34 a.m.•29 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to incorrect permission assignment

Summary IBM Robotic Process Automation is vulnerable to incorrect permission assignment which could allow access to application configurations. Vulnerability Details CVEID:CVE-2022-43574 DESCRIPTION: IBM Robotic Process Automation is vulnerable to incorrect permission assignment which could allow...

7.5CVSS7.3AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:34 a.m.•89 views

Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...

9.1CVSS8.5AI score0.15046EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:33 a.m.•35 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service attack (CVE-2022-40235)

Summary A denial of service vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-40235 DESCRIPTION: IBM InfoSphere Information Server could allow a user to cause a denial of service by removing the ability to run jobs due to improper input...

6.5CVSS6.3AI score0.00605EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:32 a.m.•33 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2022-30608)

Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-30608 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

8.8CVSS8.6AI score0.00273EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:30 a.m.•38 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2022-30615, CVE-2022-35642)

Summary A cross-site scripting vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-30615 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...

5.4CVSS5.1AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:29 a.m.•120 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

Summary IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Vulnerability Details CVEID:CVE-2022-41292 DESCRIPTION: IBM Robotic Process Automation is vulnerable to HTTP header injection, caused by improper validation o...

6.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:28 a.m.•20 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficient protection of credentials created in the control center.

Summary IBM Robotic Process Automation is vulnerable to insufficient protection of credentials created in the control center. Vulnerability Details CVEID:CVE-2022-41293 DESCRIPTION: IBM Robotic Process Automation is vulnerable to insufficient protection of credentials created in the control cente...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:28 a.m.•29 views

Security Bulletin: IBM Robotic Process automation is vulnerable to storing sensitive data in temporary memory (CVE-2022-41295)

Summary IBM Robotic Process Automation Client may be vulnerable to sensitive data in temporary managed memory. Vulnerability Details CVEID:CVE-2022-41295 DESCRIPTION: IBM Robotic Process Automation Client may be vulnerable to sensitive data in temporary managed memory. CVSS Base score: 4 CVSS...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:27 a.m.•234 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP6. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.3. A vulnerability where user credentials are stored in plain cleartext in a log and could be read by an authenticated us...

9.8CVSS9.7AI score0.87816EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:27 a.m.•39 views

Security Bulletin: IBM Navigator Mobile Android app is vulnerable due to improper access control (CVE-2022-38388)

Summary Improper access control in the IBM Navigator Mobile Android app may allow an authenticated user to potentially enable information disclosure via local access CVE-2022-38388. Vulnerability Details CVEID:CVE-2022-38388 DESCRIPTION: IBM Navigator Mobile Android app could allow a local user t...

5.5CVSS5AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:26 a.m.•27 views

Security Bulletin: IBM Partner Engagement Manager vulnerable to authentication bypass (CVE-2022-34334)

Summary IBM Sterling Partner Engagement Manager has addressed an authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2022-34334 DESCRIPTION: IBM Sterling Partner Engagement Manager does not invalidate session after logout which could allow an authenticated user to impersonate...

6.5CVSS6.5AI score0.0033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:25 a.m.•37 views

Security Bulletin: IBM QRadar SIEM is vulnerable to possible information disclosure (CVE-2022-22480)

Summary IBM QRadar SIEM is vulnerable to possible information disclosure due to data node rebalancing not functioning correctly. Vulnerability Details CVEID:CVE-2022-22480 DESCRIPTION: IBM QRadar SIEM data node rebalancing does not function correctly when using encrypted hosts which could result ...

7.5CVSS6AI score0.00678EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/26 2:25 a.m.•111 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2022-30613)

Summary IBM QRadar SIEM is vulnerable to information disclosure. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2022-30613 DESCRIPTION: IBM QRadar could disclose sensitive information via a local service to a privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

5.5CVSS4.5AI score0.00189EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35661