Lucene search
K

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/31 5:52 p.m.•42 views

Security Bulletin: Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-38812, CVE-2024-38813]

Summary Vulnerabilities in VMware vCenter affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38812 DESCRIPTION: Broadcom VMware vCenter Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of the DCERPC protocol. By sending a...

9.8CVSS9.6AI score0.54143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/30 1:58 p.m.•15 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2023-33976

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl CVE-2023-33976. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-33976 DESCRIPTION:...

7.5CVSS6.8AI score0.00429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/30 12:12 p.m.•16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Detail...

5.3CVSS6.7AI score0.02527EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/27 12:22 a.m.•27 views

Security Bulletin: IBM SPSS Analytic Server is affected by netty vulnerability (CVE-2024-29025)

Summary IBM SPSS Analytic Server uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network...

5.3CVSS6.2AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/24 5:52 p.m.•20 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site.

Summary IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application...

9.8CVSS6.3AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/24 5:51 p.m.•19 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

Summary IBM Engineering Lifecycle Optimization - Engineering Insights could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. When an error message is...

5.3CVSS6.2AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/23 6:34 a.m.•23 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high...

7.4CVSS6AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/20 6:1 a.m.•12 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as described in the "Vulnerability...

7.5CVSS6AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/20 5:55 a.m.•10 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as...

7.5CVSS5.8AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/20 5:52 a.m.•12 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as...

7.5CVSS5.8AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/20 5:36 a.m.•10 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server. Network to conduct spoofing attacks, as described in the "Vulnerability Details" section. CVE-2023-50314. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere...

7.5CVSS6AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 9:48 p.m.•29 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included

Summary There are multiple vulnerabilities that can affect IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2023-52451 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to acces...

7.8CVSS6.8AI score0.00286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 7:9 p.m.•19 views

Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Directory Integrator (CVE-2023-32328, CVE-2023-43017, CVE-2022-2068)

Summary Multiple Security Vulnerabilities have been addressed in the IBM Security Directory Integrator Container affecting other products. Vulnerability Details CVEID:CVE-2023-32328 DESCRIPTION: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that...

10CVSS7.9AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 4:32 p.m.•60 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect v10.0.9.0 Vulnerability Details CVEID:CVE-2024-5535 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the SSLselectnextproto API function when calling with an empty supported client...

9.8CVSS9.6AI score0.27018EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 3:29 p.m.•19 views

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2020-15250 DESCRIPTION: JUnit4 could allow a local attacker to obtain sensitive information,...

9.2CVSS8.8AI score0.03278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 2:47 p.m.•20 views

Security Bulletin: This Power System update is being released to address CVE-2023-52881

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-52881, by upgrading PowerVM and thus addressing the exposure ...

5.5CVSS6.3AI score0.00227EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 10:55 a.m.•26 views

Security Bulletin: Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed (CVE-2020-13956).

Summary Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed CVE-2020-13956. Apache HttpClient has been removed from IBM EntireX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could...

5.3CVSS6.8AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 9:34 a.m.•30 views

Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerability in SBLIM and Apache Commons Library

Summary SBLIM and Apache Commons used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2008-7230, CVE-2010-1937 and CVE-2012-2328 Vulnerability Details CVEID:CVE-2008-7230 DESCRIPTION: An unspecified vulnerability in SBLIM-SFCB Small Footprint CIM Broker has an...

10CVSS7.8AI score0.05818EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 6:14 a.m.•14 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - requests

Summary IBM Sterling Connect:Direct Web Service uses python - requests , python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. Vulnerability Details...

6.1CVSS6.3AI score0.02782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/19 6:11 a.m.•26 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - urllib3

Summary IBM Sterling Connect:Direct Web Service uses python - urllib3 ,urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header during cross-origin redirects. Vulnerability Details CVEID:CVE-2024-37891...

8.1CVSS6.1AI score0.01207EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/18 2:39 p.m.•17 views

Security Bulletin: There is an Information Disclosure vulnerability in IBM WebSphere Application Server Liberty that is shipped with CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms (CVE-2023-50314).

Summary There is an Information Disclosure vulnerability in IBM WebSphere Application Server Liberty that is shipped with CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms CVE-2023-50314. An update to CICS Transaction Gateway Desktop Edition and CICS...

7.5CVSS5.9AI score0.00254EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/18 1:38 p.m.•29 views

Security Bulletin: IBM Security Guardium is affected by an http2-common-9.4.44.v20210927.jar vulnerability (CVE-2023-44487)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests...

7.5CVSS7.6AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/18 9:57 a.m.•38 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-7254, CVE-2022-46363, CVE-2015-2156, CVE-2020-11612. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol...

8.7CVSS7.9AI score0.09438EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/18 9:21 a.m.•14 views

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

7.5CVSS6.2AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 10:50 p.m.•26 views

Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java

Summary There are vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java consumed by IBM Cognos Transformer. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to third-party components...

7.5CVSS7.2AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 8:48 p.m.•17 views

Security Bulletin: Vulnerabilities in Node.js Elliptic module may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential information disclosure vulnerabilities has been identified related toNode.js Elliptic module that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details...

9.1CVSS6.4AI score0.00617EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 7:28 p.m.•27 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Informix 14.10.xC10W2

Summary In addition to various updates, the security vulnerabilities mentioned in the Remediation/Fixes section have been addressed with IBM Informix 14.10.xC10W2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.4CVSS9.2AI score0.03203EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 7:5 p.m.•18 views

Security Bulletin: Multiple vulnerabilities which can affect IBM Storage Scale are now fixed.

Summary There are several vulnerabilities in IBM Storage Scale which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to th...

7.8CVSS8.8AI score0.01386EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 6:28 p.m.•32 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2015-7450)

Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes Affected...

10CVSS9.7AI score0.97655EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 6:27 p.m.•24 views

Security Bulletin: IBM Fusion HCI Installer is vulnerable to arbitrary code execution, gaining of elevated privileges, obtaining sensitive information, and denial of service due to various Python packages

Summary The IBM Fusion Installer is affected by vulnerabilities in Ansible and Python packages dnspython, requests, certifi and idna. Vulnerabilities include arbitrary code execution, gaining of elevated privileges, obtaining sensitive information, and denial of service. CVE-2023-5764,...

7.8CVSS8.4AI score0.01857EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 6:26 p.m.•49 views

Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager

Summary IBM Java Runtime as shipped with Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM Java Runtime have been published in a security bulletin. Vulnerability Details CVEID:CVE-2019-2766 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded...

9.8CVSS9.4AI score0.09393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 6:24 p.m.•9 views

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to a denial of service

Summary The IBM Fusion HCI and IBM Fusion Backup and Restore services are affected by a vulnerability in the Go package protobuf. The vulnerability allows for a denial of service if processing certain forms of invalid JSON. CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION:...

7.5CVSS6.7AI score0.01262EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 6:23 p.m.•40 views

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to a denial of service

Summary IBM Fusion HCI and IBM Fusion are affected by a vulnerability in the Kubernetes package k8s.io/Apimachinery. The HTTP/2 protocol allows for a denial of service. CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service,...

7.5CVSS7.4AI score0.99999EPSS
Exploits19Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 6:19 p.m.•25 views

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to retrieval of senstive informtion, arbitrary code execution, denial of service, and security restrictions bypass

Summary IBM Fusion and IBM Fusion HCI's backup and restore service, due to the use of python package urllib3, setuptools, Werkzeug, zipp, Requests and Dnspython, are vulnerable to the retrieval of senstive informtion, arbitrary code execution, denial of service, and the bypass of security...

8.8CVSS8.1AI score0.01939EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 2:13 p.m.•14 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - setuptools

Summary IBM Sterling Connect:Direct Web Service uses python - setuptools , pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...

8.8CVSS7.8AI score0.02617EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 2:11 p.m.•9 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to os - glib2

Summary IBM Sterling Connect:Direct Web Service uses os - glib2 ,GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to signals from a trusted system service Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib...

5.2CVSS6.5AI score0.00756EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/17 7:36 a.m.•11 views

Security Bulletin: IBM Operational Decision Manager for Nov 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-47554...

4.3CVSS8.1AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/16 9:28 p.m.•29 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details CVEID:CVE-2024-45085 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, under...

7.5CVSS6.8AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/16 5:50 p.m.•31 views

Security Bulletin: IBM Storage Scale System may be affected by vulnerabilities in OpenSSL

Summary Security vulnerabilities have been discovered in OpenSSL that are now fixed. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...

5.3CVSS7AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/14 1:7 p.m.•23 views

Security Bulletin: Vulnerability in linux-firmware (CVE-2023-31346) affects Power HMC.

Summary The linux-firmware library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated attacker to obtain sensitive information, caused by the failure...

6CVSS5.6AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/14 12:58 p.m.•20 views

Security Bulletin: Vulnerabilities in libssh (CVE-2023-6004, CVE-2023-6918) affect Power HMC.

Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the...

5.3CVSS7.7AI score0.01421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/14 12:57 p.m.•38 views

Security Bulletin: Vulnerability in openssh (CVE-2020-15778) affects Power HMC.

Summary The openssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the...

7.8CVSS7.3AI score0.12996EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/14 12:45 p.m.•29 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-38709) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38709 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by improper input validation in the...

7.3CVSS6.5AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/14 12:3 p.m.•53 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-45802) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45802 DESCRIPTION: When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources...

5.9CVSS7.2AI score0.03024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/13 8:12 p.m.•19 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js.

Summary Multiple vulnerabilities in Node.js that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-27980 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by the improper handling of batch files in...

8.1CVSS8.4AI score0.01387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/13 5:54 p.m.•12 views

Security Bulletin: Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Node.js vulnerability 351136

Summary Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Node.js vulnerability 351136 with details below. The vulnerabilities have been addressed. Vulnerability Details IBM X-Force ID: 351136 DESCRIPTION: Node.js npm inflight module is...

7.1AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/13 4:34 p.m.•37 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.

Summary IBM Storage Protect Server, which uses IBM Db2, may be affected by multiple vulnerabilities that could result in denial of service or the loss of confidentiality, integrity. These vulnerabilities include CVE-2024-31882, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2024-35136,...

7.5CVSS7.5AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/13 4:32 p.m.•23 views

Security Bulletin: Loss of confidentiality in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-50314).

Summary IBM Storage Protect Operations Center may be affected by loss of confidentiality caused by using a certificate issues by trusted authority in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3...

7.5CVSS5.6AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/13 3:20 p.m.•22 views

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a spoofing attack [CVE-2023-50314].

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an attacker with access to the network to conduct spoofing attacks as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

7.5CVSS5.7AI score0.00254EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/12 4:58 p.m.•37 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Operator package issues.. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

8.1CVSS9.8AI score0.60122EPSS
Exploits10Affected Software1
Total number of security vulnerabilities35702