Lucene search
K

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 8:1 p.m.•13 views

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2024-0727. Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is...

5.5CVSS6.9AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 7:59 p.m.•19 views

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2024-2511. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is...

5.9CVSS6.8AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 7:57 p.m.•16 views

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2023-5678. Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is...

5.3CVSS6.9AI score0.04459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 6:17 p.m.•23 views

Security Bulletin: Security vulnerability CVE-2024-39689 in Certifi python-certifi that is used by FileNet Content Manager and CP4BA - Filenet Content Manager Component

Summary Security vulnerability CVE-2024-39689 in Certifi python-certifi that is used by FileNet Content Manager and CP4BA - Filenet Content Manager Component in container Operator Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected...

7.5CVSS6.2AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 5:54 p.m.•21 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071 Vulnerability Details Refer to the security bulletins...

7.5CVSS6.9AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:39 p.m.•15 views

Security Bulletin: Vulnerability in WebSphere Application Server affect IBM Cloud Pak System[CVE-2023-51775]

Summary Vulnerability found in jose4 used by WebSphere Application Server affect IBM Cloud Pak System Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attack...

6.5CVSS7.5AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:34 p.m.•17 views

Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Cloud Pak System [CVE-2024-22354]

Summary XML External Entity Injection XXE Vulnerability in WebSphere application Server and WebSphere Application Server Liberty affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...

7CVSS6.5AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:14 p.m.•25 views

Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a WebSphere Liberty vulnerability (CVE-2023-46158)

Summary IBM Sterling Global Availability Mailbox is affected by IBM WebSphere Application Server Liberty it could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details...

9.8CVSS9.1AI score0.00456EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:12 p.m.•16 views

Security Bulletin: IBM Global Availability Mailbox is affected by a Bouncy Castle vulnerability that could allow a remote attacker to obtain sensitive information (CVE-2023-33201)

Summary IBM Global Availability Mailbox is affected by the Bouncy Castle Crypto Package For Java bc-java it could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By...

5.3CVSS6.5AI score0.00772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:10 p.m.•31 views

Security Bulletin: IBM Sterling Global Mailbox is affected by a IBM WebSphere Vulnerability that could cause denial of service (CVE-2023-44487)

Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2023-44487...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:8 p.m.•10 views

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)

Summary IBM Sterling Global High Availability Mailbox is affected by a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Vulnerability Details CVEID:CVE-2023-44483...

6.5CVSS6.1AI score0.01212EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:6 p.m.•18 views

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected byWebSphere liberty vulnerability (CVE-2023-46158)

Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details...

9.8CVSS9.1AI score0.00456EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 2:5 p.m.•30 views

Security Bulletin: IBM Master Data Management is vulnerable to prototype pollution from vulnerability found in Dojo (CVE-2021-23450)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to prototype pollution from vulnerability found in Dojo. Dojo could allow a remote attacker to cause a denial of service, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an...

9.8CVSS6.8AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 1:57 p.m.•7 views

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by WebSphere Liberty vulnerability (CVE-2023-38737)

Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it is vulnerable to a denial of service with the restfulWS-3.0 or restfulWS-3.1 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS6.7AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/19 1:48 p.m.•13 views

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by a SnakeYaml deserialization vulnerability (CVE-2022-1471)

Summary IBM Sterling Global High Availability Mailbox is affected by SnakeYaml's Constructor class it does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's...

9.8CVSS8.2AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/18 10:41 p.m.•21 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in path-to-regexp-0.1.7.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By...

7.5CVSS7.1AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/18 9:52 p.m.•31 views

Security Bulletin: Security Vulnerabilities fixed in IBM Security Directory Integrator

Summary Several CVEs were fixed in the IBM Java SE that is bundled with IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high...

7.4CVSS7AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/18 9:41 p.m.•22 views

Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite

Summary Several Security Vulnerabilities in the IBM Security Directory Integrator and Eclipse Jetty were addressed in the IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0...

9.8CVSS8AI score0.7848EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/18 3:4 p.m.•36 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...

8.2CVSS8.9AI score0.10448EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/18 10:34 a.m.•19 views

Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

5.9CVSS6.8AI score0.01056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/18 10:32 a.m.•19 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty impacts IBM Common Licensing

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofin...

7.5CVSS5.7AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/18 6:25 a.m.•15 views

Security Bulletin: IBM Storage Insights is vulnerable to weakness related to Apache Avro

Summary Vulnerability in Apache Avro may affect IBM Storage Insights which could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code...

9.2CVSS7.3AI score0.03278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/15 9:51 p.m.•32 views

Security Bulletin: TSSC/IMC is vulnerable to a bypass security restrictions attack on curl

Summary TSSC/IMC is vulnerable to a bypass security restrictions attack on curl. A patch has been provided that updates the libssh library. CVE-2023-28322, CVE-2023-38546, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass...

6.5CVSS7AI score0.06208EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/15 9:49 p.m.•34 views

Security Bulletin: TSSC/IMC is vulnerable to a denial of service on Apache HTTP Server

Summary TSSC/IM is vulnerable to a denial of service on Apache HTTP Server. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-27316. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure t...

7.5CVSS7.2AI score0.91327EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/15 1:50 p.m.•14 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

Summary IBM Engineering Lifecycle Optimization - Engineering Insights ENI is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. In XML parsers, when XML...

8.2CVSS6.8AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/15 9:28 a.m.•18 views

Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution

Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...

9.8CVSS7.4AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 9:50 p.m.•19 views

Security Bulletin: IBM Sterling File Gateway is vulnerable to cross-site scripting

Summary IBM Sterling File Gateway is vulnerable to cross-site scripting Vulnerability Details CVEID:CVE-2023-52292 DESCRIPTION: IBM Sterling File Gateway is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th...

6.4CVSS5.8AI score0.00218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 8:0 p.m.•35 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-45087)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45087 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

4.8CVSS5.9AI score0.00238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 7:12 p.m.•28 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure (CVE-2021-37533)

Summary IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure CVE-2021-37533 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP clien...

6.5CVSS5.9AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 7:2 p.m.•29 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2023-32340 CVE-2023-50309)

Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2023-32340 DESCRIPTION: IBM Sterling B2B Integrator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...

6.4CVSS5.9AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 6:50 p.m.•18 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to SQL injection

Summary IBM Sterling B2B Integrator is vulnerable to SQL injection Vulnerability Details CVEID:CVE-2023-50316 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to...

9.8CVSS7.2AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 5:28 p.m.•31 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50387]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50387 Vulnerability Details CVEID:CVE-2023-50387 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when processing...

7.5CVSS7.1AI score0.99995EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 4:56 p.m.•24 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure

Summary IBM Sterling B2B Integrator is vulnerable to information disclosure . Vulnerability Details CVEID:CVE-2024-27263 DESCRIPTION: IBM Sterling B2B Integrator could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. CWE:CWE-300...

5.3CVSS5.8AI score0.0026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 4:48 p.m.•17 views

Security Bulletin: IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography

Summary IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound...

6.5CVSS6.3AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 4:44 p.m.•11 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Hutool's denial of service

Summary IBM B2B Sterling Integrator is affected by Hutool's denial of service Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this...

7.5CVSS6.8AI score0.01181EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 4:36 p.m.•22 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service

Summary IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to ope...

4.7CVSS6.5AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 4:32 p.m.•21 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery

Summary IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By...

7.2CVSS6.3AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 3:57 p.m.•31 views

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using t...

5.3CVSS6.6AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 3:53 p.m.•17 views

Security Bulletin: IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service

Summary IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload reques...

7.5CVSS6.7AI score0.06286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 3:47 p.m.•28 views

Security Bulletin: IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks

Summary IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker...

7.5CVSS6.5AI score0.01449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 3:38 p.m.•15 views

Security Bulletin: IBM B2B Sterling integrator is affected by Apache Santuario vulnerability to information disclosure

Summary IBM B2B Sterling integrator is vunerable to information disclosure due to Apache Santuario Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the lo...

6.5CVSS5.9AI score0.01212EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 3:12 p.m.•13 views

Security Bulletin: IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot

Summary IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or...

6.5CVSS6.8AI score0.01219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 2:58 p.m.•15 views

Security Bulletin: IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability

Summary IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to op...

8.1CVSS6.6AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 2:21 p.m.•19 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities Vulnerability Details CVEID:CVE-2024-8096 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when using...

7.5CVSS6.8AI score0.0197EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 2:0 p.m.•18 views

Security Bulletin: Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator is affected by vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all...

7.5CVSS7.9AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 1:57 p.m.•15 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50868]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50868 Vulnerability Details CVEID:CVE-2023-50868 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC...

7.5CVSS6.9AI score0.81729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 1:51 p.m.•58 views

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities

Summary IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate wi...

7.5CVSS6.9AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 1:36 p.m.•25 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure (CVE-2023-35887)

Summary IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers...

5CVSS5.9AI score0.01358EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 1:15 p.m.•23 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-4408]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-4408 Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS...

7.5CVSS6.8AI score0.01327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/14 9:21 a.m.•23 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2023-5678]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-5678 Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DHgeneratekey...

5.3CVSS6.7AI score0.04459EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35702