Lucene search
K

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/23 3:56 p.m.26 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 283 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorre...

9.1CVSS8.4AI score0.10448EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/23 1:5 p.m.26 views

Security Bulletin: IBM Sterling Connect:Express for UNIX is vulnerable to denial of service due to OpenSSL

Summary OpenSSL is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks...

7.5CVSS6.7AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/23 10:42 a.m.28 views

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog On Cloud Pak for Data

Summary Lineage component is an internal component of IBM Knowledge Catalog On Cloud Pak for Data. Vulnerabilities in Java are affecting Lineage component of IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified...

4.8CVSS6.5AI score0.01056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 8:24 p.m.54 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included

Summary There are multiple vulnerabilities used by IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-36005 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to netfilter:...

8.8CVSS8.7AI score0.01565EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 7:13 p.m.18 views

Security Bulletin: IBM Watson Query (Data Virtualization) does not govern all of the columns of a published object

Summary IBM Watson Query Data Virtualization on Cloud Pak for Data integrates with IBM Knowledge Catalog IKC - formerly Watson Knowledge Catalog WKC - to enforce data protection rules on governed objects. When you publish objects from Watson Query to catalogs or projects, only the first n where...

6.5CVSS6.3AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 5:29 p.m.26 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Data Mapper for Jackson

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Data Mapper for Jackson shipped with product. Vulnerability Details CVEID:CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE err...

7.5CVSS6.7AI score0.17044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 11:10 a.m.28 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause low integrity impact, low availability impat. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the V...

7.5CVSS6.5AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 10:20 a.m.15 views

Security Bulletin: Apache Lucene denial of service Vulnerability Affects IBM Jazz Reporting Service

Summary There is a vulnerability in Apache Lucene used by IBM Jazz Reporting Service. This vulnerability has been addressed. 216835 Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remot...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 10:20 a.m.36 views

Security Bulletin: Apache Xerces vulnerability Affects IBM Jazz Reporting Service

Summary Apache Xerces-J XML parser XML4J shipped with IBM Jazz Reporting Service is vulnerable to a denial of service attack that can be triggered by malformed XML data. Vulnerability Details CVEID:CVE-2020-14338 DESCRIPTION: Wildfly could allow a remote attacker to bypass security restrictions,...

7.8CVSS7.2AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 10:19 a.m.24 views

Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Jazz Reporting Service

Summary There is a vulnerability in Apache Commons used by IBM Jazz Reporting Service. This vulnerability has been addressed. CVE-2024-29131, CVE-2024-29133 Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code...

7.3CVSS7.5AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 9:57 p.m.45 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-4921, CVE-2023-4622, CVE-2023-4623)

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-4921 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: schqfq...

7.8CVSS8.3AI score0.00549EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 7:7 p.m.25 views

Security Bulletin: There are multiple vulnerabilities in IBM WebSphere Application Server that can affect IBM Elastic Storage System that are now included

Summary There are multiple vulnerabilities in IBM WebSphere Application Server, used by IBM Storage Scale Elastic Storage System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0...

7.5CVSS9.6AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 3:52 p.m.42 views

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

8.1CVSS10AI score0.24928EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 3:51 p.m.26 views

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

9.8CVSS10AI score0.24928EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 3:19 p.m.22 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues in Eclipse Paho Client Mqttv3

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Eclipse Paho Client Mqttv3. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: Eclipse Paho Java client could allow a remote attacker to bypass security restrictions, caused by the failure to check the result when...

7.5CVSS6.7AI score0.00827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 2:45 p.m.19 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2024-32007, CVE-2024-29736. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementatio...

9.1CVSS6.8AI score0.01269EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 2:34 p.m.17 views

Security Bulletin: IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436

Summary IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32731 DESCRIPTION: gRPC...

7.5CVSS7AI score0.01009EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 2:25 p.m.18 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-37529)

Summary If you use IBM® Db2® as your database in your IBM Datacap deployment, please follow the Db2 security bulletin referred in the Title to remedy the vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

6.5CVSS6.4AI score0.0055EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 7:54 a.m.12 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-45071)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability...

5.5CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 7:44 a.m.15 views

Security Bulletin: IBM WebSphere Application Server traditional shipped with IBM Tivoli System Automation Application Manager is vulnerable to an XML External Entity Injection (XXE) vulnerability

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-45072 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

5.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 7:24 a.m.15 views

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application ManagerCVE-2024-45085 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

7.5CVSS6.8AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 2:28 a.m.15 views

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service due to jose4j Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

6.5CVSS6.3AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 3:11 p.m.30 views

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.

Summary IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that can cause denial of service CVE-2024-0727 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to...

5.5CVSS7AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 12:50 p.m.43 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, security restrictions bypass, sensitive information...

7.5CVSS8.5AI score0.06208EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 12:44 p.m.18 views

Security Bulletin: Multiple vulnerabilities in IBM Java and WebSphere may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java and WebSphere. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details"...

7.5CVSS8AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 12:44 p.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, highly sensitive information exposure,...

7.5CVSS8AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 9:48 a.m.21 views

Security Bulletin: Vulnerability in urllib3 affects IBM Integrated Analytics System [CVE-2023-43804, CVE-2023-45803].

Summary The package urllib3 is used by IBM Integrated Anayltics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-43804, CVE-2023-45803. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive...

8.1CVSS5.6AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 7:56 a.m.71 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

10CVSS9.9AI score0.99999EPSS
Exploits138Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 4:34 a.m.45 views

Security Bulletin: Due to use of International Components for Unicode, IBM Rational ClearQuest is vulnerable to buffer overflow.

Summary Multiple vulnerabilities in International Components for Unicode used within IBM Rational ClearQuest have been addressed CVE-2020-10531, CVE-2011-4599, CVE-2014-8146 Vulnerability Details CVEID:CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C++ is vulnerable to...

8.8CVSS10AI score0.2447EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 2:11 a.m.36 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in another security bulletin. Vulnerability Details Refer to the security...

6.8CVSS7AI score0.04196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 2:7 a.m.40 views

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in April and July 2020, to the Node.js runtime and builtin modules, to other open source packages and to offering vulnerabilities discovered during security testin...

9.8CVSS10AI score0.06273EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 2:5 a.m.60 views

Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

Summary IBM Aspera Faspex may be vulnerable to exposing data improperly CVE-2022-22497 due to an incorrectly computed security token. Vulnerability Details CVEID:CVE-2022-2497 DESCRIPTION: GitLab Community Edition and GitLab Enterprise Edition could allow a remote authenticated attacker to obtain...

8.5CVSS7.1AI score0.01105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 1:50 a.m.57 views

Security Bulletin: Vulnerabilities in GNU Binutils, Bootstrap, PortSmash, Node.js, and libarchive might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...

9.8CVSS9.8AI score0.05941EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 1:43 a.m.47 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...

10CVSS10AI score0.96032EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:37 p.m.15 views

Security Bulletin: IBM Sterling Control Center is affected by multiple container-level vulnerabilities

Summary IBM Sterling Control Center container includes a vulnerable version of glibc at the OS level, affected by a denial of service Vulnerability Details CVEID:CVE-2024-33602 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory corruption by the Name Service Cache Daemon'...

7.4CVSS6.8AI score0.00403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 8:54 a.m.25 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 283 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regula...

8.8CVSS7.3AI score0.02617EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 8:51 a.m.48 views

Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 281. Vulnerability Details CVEID:CVE-2022-41722 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by a flaw in the filepath.Clean...

7.5CVSS9.6AI score0.03796EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 5:33 a.m.9 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2023-50315)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

5.9CVSS6.1AI score0.00268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 1:6 a.m.27 views

Security Bulletin: Daeja ViewONE may return unauthorised content

Summary An authenticated user of ViewONE may be able to access ViewONE cached content that they do not have repository authorisation to view. Vulnerability Details CVEID:CVE-2020-4720 DESCRIPTION: IBM Daeja ViewONE Professional, Standard & Virtual could allow an authenticated user to obtain...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 1:2 a.m.37 views

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7769)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID:CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary...

9.8CVSS10AI score0.0232EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:55 a.m.31 views

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. Vulnerability Details...

8.2CVSS8.8AI score0.04754EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:44 a.m.115 views

Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.11 and IBM Planning Analytics Workspace 2.0.72. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytic...

9.8CVSS10AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:30 a.m.47 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2022-48195, CVE-2022-29577, CVE-2022-28367)

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS8.2AI score0.18763EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:20 a.m.104 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker ...

10CVSS9.7AI score0.99999EPSS
Exploits65Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:12 a.m.61 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.1CVSS9.7AI score0.60122EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:0 a.m.43 views

Security Bulletin: Multiple vulnerabilities in Watson NLP affect IBM Robotic Process Automation

Summary Multiple vulnerabilities in Watson NLP affect IBM Robotic Process Automation. Watson NLP is used by IBM Robotic Process Automation for Natural Language Understanding. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.81422EPSS
Exploits30Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 10:43 p.m.85 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially crafte...

8CVSS10AI score0.07087EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 7:38 p.m.29 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality, availability, and integrity impacts due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing confidentiality impact CVE-2024-21145, availability impact CVE-2024-21144, integrity impact CVE-2024-21131, and denial of service CVE-2024-27267 as described in t...

5.9CVSS7.7AI score0.01056EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 5:49 p.m.110 views

Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability (CVE-2023-38408)

Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially crafted requests,...

9.8CVSS9.7AI score0.76768EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 1:41 p.m.10 views

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Resty package for Golang Go (CVE-2023-45286).

Summary The HTTP and REST client library used in Golang Go by the IBM Storage Protect Server is vulnerable to potential exposure of sensitive information from the host system. This bulletin provides steps to mitigate these vulnerabilities. Vulnerability Details CVEID:CVE-2023-45286 DESCRIPTION: G...

5.9CVSS6.4AI score0.00728EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35705