Lucene search
K

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 1:38 p.m.26 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center.

Summary IBM Storage Protect Operations Center may be impacted by multiple vulnerabilities CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267 in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of...

7.4CVSS6.3AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 10:50 a.m.21 views

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-24790).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of integrity of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various...

9.8CVSS6.9AI score0.01952EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 10:46 a.m.20 views

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-24789).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24789 DESCRIPTION: Golang Go could all...

5.5CVSS6.5AI score0.00446EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 9:24 a.m.35 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server.

Summary IBM Storage Protect Server may be impacted by multiple vulnerabilities CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267 in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of confidentiality,...

7.4CVSS7.1AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 9:23 a.m.12 views

Security Bulletin: Out of bound read/write access vulnerability in IBM® SDK, Java™ Technology Edition version 8 may affect IBM Storage Protect Server (CVE-2024-3933)

Summary Unrestricted out-of-bound read / write access vulnerability CVE-2024-3933 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to...

7.3CVSS7AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 9:17 a.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).

Summary IBM Storage Protect Server may be impacted by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of availability and integrity of the host system. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability ...

7.5CVSS7AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 9:14 a.m.23 views

Security Bulletin: Denial of service in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-25026).

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by specially crafted request in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Serve...

7.5CVSS6.4AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 8:10 a.m.29 views

Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by multiple Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 281 CVE-2024-24790, CVE-2023-24538, CVE-2023-24540, CVE-2022-1996 Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivat...

9.8CVSS8.4AI score0.02737EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/16 7:14 a.m.43 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA - Vulnerabilities addressed in IBM® License Key Server

Summary IBM Engineering Requirements Management DOORS Family is subject to multiple vulnerabilities in IBM License Key Server LKS Administration and Reporting Tool ART and Agent v9.0. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused...

9CVSS9.2AI score0.99977EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 9:18 p.m.11 views

Security Bulletin: Cross Site Scripting Vulnerability Affects IBM Watson Studio Local

Summary Cross Site Scripting Vulnerability Affects IBM Watson Studio Local Jupyter notebooks. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2024-49340 DESCRIPTION: IBM Watson Studio Local is vulnerable to cross-site request forgery which could allow an attacker to execut...

8.8CVSS6.9AI score0.00168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 2:50 p.m.34 views

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

7.5CVSS7.8AI score0.00932EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 1:6 p.m.25 views

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 9:46 a.m.24 views

Security Bulletin: Vulnerability in urllib3 affects IBM Integrated Analytics System [CVE-2023-43804, CVE-2021-33503].

Summary The urllib3 package is used by IBM Integrated Anayltics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-43804, CVE-2021-33503. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive...

8.1CVSS8.3AI score0.03273EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 8:48 a.m.18 views

Security Bulletin: Vulnerability in urllib3 affects IBM Integrated Analytics System [CVE-2023-43804]

Summary The urllib3 package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-43804. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information,...

8.1CVSS7.8AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/14 4:40 p.m.25 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Oct 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF003 Vulnerability Details CVEID:CVE-2018-15209 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer...

8.8CVSS10AI score0.03969EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/14 5:58 a.m.34 views

Security Bulletin: IBM Daeja ViewONE Virtual 5.0.14 iFix 5 addresses CVE-2017-9096

Summary IBM Daeja ViewONE Virtual 5.0.14 iFix 5 released on October 3, 2024 addresses the vulnerable library iText reported under CVE-2017-9096 by removing it. Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: iText PDF Library could allow a remote authenticated attacker to obtain sensitive...

8.8CVSS6AI score0.09946EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/14 4:15 a.m.34 views

Security Bulletin: Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation. IBM Robotic Process Automation uses Bouncy Catle Crypto for some cryptographic processing. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

7.5CVSS7.3AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/14 4:14 a.m.17 views

Security Bulletin: A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2022-29153).

Summary A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-29153 DESCRIPTION: HashiCorp Consul and HashiCorp...

7.5CVSS6.7AI score0.08912EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/14 4:13 a.m.35 views

Security Bulletin: Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

7.5CVSS10AI score0.01433EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/14 4:2 a.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22081, CVE-2023-22067, and CVE-2023-5676 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability i...

7.4CVSS8.8AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/13 7:0 p.m.39 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an attacker or local attacker could exploit these vulnerabilities to cause a denial of service condition and to execute code in the context of the kernel as described by the CVEs i...

8.1CVSS8.2AI score0.01305EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/11 4:18 p.m.21 views

Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to this CVE-2023-29483

Summary Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to this CVE-2023-29483 Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service, caused by a flaw in...

7CVSS6.5AI score0.01857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/11 3:47 p.m.19 views

Security Bulletin: Vulnerability in Apache UIMA ( CVE-2022-32287) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability CVE-2022-32287 has been identified related to Apache UIMA that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-32287 DESCRIPTION:...

7.5CVSS6.5AI score0.01556EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/11 11:22 a.m.35 views

Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. Updates for CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been released to address these vulnerabilities...

7.4CVSS7.2AI score0.01257EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/11 6:35 a.m.14 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to Apache HttpClient Vulnerability

Summary IBM Sterling Connect:Direct Web Services uses Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs.. This bulletin identifies the steps to take to address the vulnerabilities...

5.3CVSS7AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/11 12:37 a.m.39 views

Security Bulletin: A vulnerability in RedHat UBI minimal affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to obtain sensitive information (CVE-2023-5388).

Summary A vulnerability in RedHat UBI minimal affects IBM Robotic Process Automation for Cloud Pak. RedHat UBI images are used as base images for IBM Robotic Process Automation containers. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

6.5CVSS6.3AI score0.00816EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 10:27 p.m.19 views

Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations

Summary Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1 Vulnerability Details CVEID:CVE-2024-22348 DESCRIPTION: IBM UCV - UrbanCode Velocity uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions...

7.5CVSS6.1AI score0.00345EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 10:11 p.m.20 views

Security Bulletin: This Power System update is being released to address CVE-2023-45871

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-45871, by upgrading PowerVM and thus addressing the exposure ...

7.5CVSS8AI score0.00544EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 5:8 p.m.73 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.

Summary Mulitple vulnerabilities have been addressed in IBM Cloud Pak System 2.3.4.0 and IBM Cloud Pak System 2.3.5.0. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the...

9.8CVSS10AI score0.90407EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 1:46 p.m.23 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.3.1 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.3.1 or...

7.4CVSS6.1AI score0.01257EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 1:22 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow Configuration Editor is packaging a vulnerable version of the Node.js runtime and vulnerable library versions. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of...

8.1CVSS8.2AI score0.01104EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/09 9:25 a.m.29 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

8.8CVSS9.1AI score0.14663EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 8:15 p.m.26 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21012 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component cou...

3.7CVSS6.5AI score0.01056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 6:56 p.m.34 views

Security Bulletin: IBM Security SOAR password recovery is vulnerable (CVE-2024-45670)

Summary The password reset function in IBM Security QRadar SOAR had vulnerabilities that could allow hackers to exploit and take over user privileges. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.2.0 or later of IBM Security SOAR...

8.1CVSS6.9AI score0.00319EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 6:50 p.m.31 views

Security Bulletin: IBM InfoSphere Information Server low level authenticated user can view sensitive information (CVE-2024-31898)

Summary A vulnerability in IBM InfoSphere Information Server allowed a lower level authenticated user to view sensitive information. This vulnerabity was addressed. Vulnerability Details CVEID:CVE-2024-31898 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to read ...

5.4CVSS5AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 6:3 p.m.37 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2017-5637, CVE-2019-0201, CVE-2018-8012, CVE-2023-44981)

Summary IBM Security Guardium uses Apache ZooKeeper as a component. This component has multiple vulnerabilities which might affect the product. These vulnerabilities have been addressed in an update. Vulnerability Details CVEID:CVE-2017-5637 DESCRIPTION: Apache Zookeeper is vulnerable to a denial...

9.1CVSS8AI score0.73654EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 4:4 p.m.44 views

Security Bulletin: IBM Security Guardium is affected by a remote code execution vulnerability (CVE-2022-37434)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote...

9.8CVSS9.8AI score0.1593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 3:41 p.m.24 views

Security Bulletin: IBM Security Guardium is affected by a Kernel vulnerability (CVE-2022-2601)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2022-2601 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the grubfontconstructglyph function in grub2. By using a...

8.6CVSS9.4AI score0.00514EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 3:29 p.m.46 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafte...

8.1CVSS9.1AI score0.8833EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 2:40 p.m.111 views

Security Bulletin: RC4 Bar Mitzvah Attack for SSL/TLS (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS6.4AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 2:6 p.m.74 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM i (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS7AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 2:2 p.m.39 views

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575).

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM i. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS...

5.9CVSS6.2AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:59 p.m.11 views

Security Bulletin: IBM Event Processing is vulnerable to a denial of service

Summary Operator of IBM Event Processing backend and operator is vulnerable to denial of service. CVE-2024-25710, CVE-2024-26308 Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a...

8.1CVSS6.7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:47 p.m.38 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in Eclipse Jetty shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a...

7.5CVSS8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:40 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2.6

Summary Vulnerabilities in the Java Runtime Environment JRE 8.0.8.0 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

9.8CVSS8.7AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:28 p.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow a...

7.5CVSS5.8AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:24 p.m.18 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

7.4CVSS9.1AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:7 p.m.41 views

Security Bulletin: Multiple Vulnerabilities in Rational Change

Summary Vulnerabilities in the Jetty component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...

7.5CVSS8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 11:29 a.m.34 views

Security Bulletin: IBM Engineering Systems Design Rhapsody - Model Manager - Race Condition Format Flaw (Uses of non-thread safe SimpleDateFormat.format() when enabling DEBUG log for IDMappingsService.verbose)

Summary In 'IBM Engineering Systems Design Rhapsody - Model Manager RMM' if DEBUG logging is enabled for 'IDMappingsService.verbose', then there is a possibility of an incorrect date being written to the logs, or the possibility of an exception being thrown due to a race-condition involving the u...

9.8CVSS7.2AI score0.00838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 10:11 a.m.22 views

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2024-0232 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a heap use-after-free flaw in the jsonParseAddNodeArray function in sqlite3.c. By...

5.5CVSS7.1AI score0.00343EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35705