Lucene search
K

35730 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/23 3:6 p.m.•23 views

Security Bulletin: IBM DataStage Flow Designer is vulnerable to information disclosure (CVE-2024-40704)

Summary An information disclosure vulnerability in DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-40704 DESCRIPTION: IBM DataStage Flow Designer could allow a privileged user to obtain sensitive information from authentication request headers. CVSS Base score: 4.9 CVS...

4.9CVSS4.8AI score0.0063EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/23 7:42 a.m.•30 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java (CVE-2022-3509).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite. They are most often used for defining communications protocols together with gRPC and for data storage. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite...

7.5CVSS7.2AI score0.00567EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/23 7:40 a.m.•34 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka (CVE-2024-27309).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka. It is primarily used to build real-time streaming data pipelines and applications that adapt to the data streams. It combines messaging, storage, and stream processing to allow storage and analysis of...

7.4CVSS7.4AI score0.01125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/23 7:39 a.m.•22 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java (CVE-2023-43642).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java component. In IBM Event Streams, Snappy-java boosts performance by compressing event payloads before transmission and decompressing them on the client side, reducing bandwidth usage and improving data...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/23 7:36 a.m.•16 views

Security Bulletin: IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component (CVE-2023-26159).

Summary IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component. In event streams, following redirects ensures uninterrupted data flow by automatically directing clients to new endpoints if the original one changes. It also aids in load balancing and failover...

7.3CVSS6.6AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 10:17 p.m.•30 views

Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2023-36665)

Summary Protobuf is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-36665. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary co...

9.8CVSS9.7AI score0.01683EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 8:53 p.m.•45 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795].

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP response splitting attacks due to improper input validation and flaws in multiple modules as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as...

7.3CVSS6.6AI score0.03914EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 7:14 p.m.•31 views

Security Bulletin: Multiple IBM® Db2® security vulnerability fixes

Summary If you use IBM® Db2® as your database in your IBM Datacap deployment, please follow the Db2 security bulletins referred here to remedy the vulnerabilities. IBM® Db2® is affected by a vulnerability in the open source zlib library CVE-2023-45853 and IBM® Db2® is vulnerable to sensitive...

9.8CVSS7.9AI score0.02918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 3:53 p.m.•35 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2023 Vulnerabilities Affect IBM SPSS

Summary IBM SPSS addressed vulnerabilities reported in IBM SDK, Java Technology Edition Quarterly CPU - Jul 2023 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- | SPSS Statistics| 29.0...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 3:17 p.m.•34 views

Security Bulletin: Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop...

7.5CVSS7.4AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 3:13 p.m.•21 views

Security Bulletin: Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect Go packages that are shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a memory exhaustion flaw due to floo...

7.5CVSS7.4AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 3:6 p.m.•32 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js (CVE-2024-35255, CVE-2024-37168)

Summary IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

5.5CVSS6.2AI score0.00788EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 2:45 p.m.•37 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: medikoo es5-ext is vulnerable to a...

8.2CVSS6.7AI score0.87211EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 12:48 p.m.•23 views

Security Bulletin: IBM Sterling Connect:Express for UNIX uses vulnerable version of OpenSSL

Summary IBM Sterling Connect:Express for UNIX uses a version OpenSSL which is vulnerable to denial of service CVE-2024-2511. This issue has been addressed by upgrading the version of OpenSSL. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

5.9CVSS6AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 12:20 p.m.•18 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to remote code execution (CVE-2024-35154)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jazz fo...

7.2CVSS7.5AI score0.01163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 9:28 a.m.•29 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite ( CVE-2022-3171).

Summary Protobuf-java core and lite are used by IBM Event Streams. The protobuf-java core library provides comprehensive functionality for working with Protocol Buffers, including advanced parsing and serialization, while the protobuf-java-lite library offers a performance-optimized version for...

7.5CVSS6AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/22 9:27 a.m.•34 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the json-path component (CVE-2023-51074).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the json-path component. JSON-Path is a query language for JSON, similar to XPath for XML. It allows us to select and extract data from a JSON document. we use a JSON-Path expression to traverse the path to an element in...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 11:0 p.m.•30 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-45803, CVE-2023-43804)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-45803, CVE-2023-43804. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...

8.1CVSS6.3AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 10:51 p.m.•45 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Missing Cryptographic Step in the RHEL UBI (CVE-2023-5363)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-5363. Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

7.5CVSS7.4AI score0.03332EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 10:30 p.m.•31 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Removal of Sensitive Information Before Storage or Transfer in Grafana (CVE-2021-23566)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-23566. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caus...

5.5CVSS5.2AI score0.0044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 9:48 p.m.•26 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insecure credentials submission in the RHEL UBI (CVE-2023-35789)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-35789. Vulnerability Details CVEID:CVE-2023-35789 DESCRIPTION: RabbitMQ C AMQP client library aka rabbitmq-c could allow a...

5.5CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 9:46 p.m.•42 views

Security Bulletin: IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana

Summary Moby is used by IBM Storage Ceph in Grafana as part of Metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-21285, CVE-2021-31525, CVE-2021-3121, CVE-2022-34038, CVE-2021-41103, CVE-2021-41089, CVE-2020-29652, CVE-2022-27536, CVE-2021-44716...

8.6CVSS9.2AI score0.06604EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 8:55 p.m.•27 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-28131, CVE-2022-30630, CVE-2022-30580, CVE-2022-32189, CVE-2022-30632, CVE-2022-28327, CVE-2022-30629, CVE-2022-30635, CVE-2022-30631, CVE-2022-32148, CVE-2022-1705, CVE-2022-1962, CVE-2022-24675,...

7.8CVSS8.4AI score0.05416EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 8:49 p.m.•31 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler ( CVE-2022-27664 )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-27664 Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could...

7.5CVSS7.4AI score0.02607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 8:36 p.m.•36 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to various issues due to go compiler ( CVE-2022-30630, CVE-2022-30635, CVE-2022-32148, CVE-2022-30631, CVE-2022-30632, CVE-2022-32189, CVE-2022-28131, CVE-2022-30633, CV )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-30630, CVE-2022-30635, CVE-2022-32148, CVE-2022-30631, CVE-2022-30632, CVE-2022-32189, CVE-2022-28131, CVE-2022-30633, CVE-2022-1705. Vulnerability Details CVEID:CVE-2022-30630 DESCRIPTION: Golang Go is...

7.5CVSS7.5AI score0.0198EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 8:28 p.m.•39 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler ( CVE-2021-33197 )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2021-33197. Vulnerability Details CVEID:CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sendi...

5.3CVSS6.2AI score0.02279EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 8:16 p.m.•32 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go compiler ( CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 Vulnerability Details CVEID:CVE-2022-29804 DESCRIPTION: Golang Go could allow a local attacker to bypass security restrictions, caused by a flaw in t...

7.8CVSS7.9AI score0.0187EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 6:56 p.m.•18 views

Security Bulletin: A Stored Cross-Site Scripting (XSS) security vulnerability has been identified in IBM Rational ClearQuest (CVE-2024-28796)

Summary An XSS security vulnerability has been identified in IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the CVE CVE-2024-28796 Vulnerability Details CVEID:CVE-2024-28796 DESCRIPTION: IBM ClearQuest CQ is vulnerable to stored cross-site scripting. This vulnerability allows user...

6.4CVSS5.9AI score0.00256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 1:3 p.m.•32 views

Security Bulletin: Vulnerability in Linux kernel may affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerability in Linux Kernel. Vulnerability includes elevation of privileges, as described by the CVE in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2023-51043 DESCRIPTION: Linux Kernel could allow a local authenticate...

7CVSS7.1AI score0.00247EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/19 9:47 a.m.•19 views

Security Bulletin: IBM App Connect Enterprise Certified Container Operations Dashboard is vulnerable to denial of service [CVE-2024-36129]

Summary OpenTelemetry is used by IBM App Connect Enterprise Certified Container for the Operations Dashboard. IBM App Connect Enterprise Certified Container Operations Dashboard is vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

8.2CVSS7.5AI score0.00994EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 7:35 p.m.•23 views

Security Bulletin: IBM Match 360 vulnerable to denial of service due to jose4j in IBM WebSphere Application Server Liberty (CVE-2023-51775)

Summary IBM Match 360 is vulnerable to jose4j used within IBM WebSphere Application Server Liberty. jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit this vulnerability to cause a denial of...

6.5CVSS6.7AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 7:22 p.m.•21 views

Security Bulletin: IBM Match 360 is vulnerable to IBM WebSphere Application Server Liberty (CVE-2023-50312)

Summary IBM Match 360 is vulnerable to weaker security from IBM WebSphere Application Server Liberty. The vulnerability from IBM WebSphere Application Server Liberty causes weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. Vulnerability...

6.5CVSS6AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 1:49 p.m.•23 views

Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition (CVE-2023-50310 and CVE-2023-50311).

Summary There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50311 DESCRIPTION: IBM CICS Transaction Gateway could...

7.5CVSS5.2AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 1:42 p.m.•14 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22329)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

4.3CVSS5.4AI score0.00302EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 1:41 p.m.•20 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7CVSS6.8AI score0.00649EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 1:40 p.m.•12 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-35154)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7.2CVSS6.8AI score0.01163EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 1:38 p.m.•18 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-37532)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera and...

8.8CVSS8.4AI score0.00353EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 11:16 a.m.•37 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 277. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined...

7.8CVSS8.6AI score0.03028EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 11:15 a.m.•24 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 277 Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote...

7.5CVSS7.7AI score0.19653EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 11:13 a.m.•27 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 277 Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted reques...

8.1CVSS7.9AI score0.08279EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 10:37 a.m.•51 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS8.3AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/18 8:29 a.m.•78 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases

Summary IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases. This bulletin identifies the steps required to address these...

8.8CVSS9.8AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/17 3:21 p.m.•36 views

Security Bulletin: Vulnerability with The Bouncy Castle Crypto affect IBM Cloud Object Storage Systems (July 2024v2)

Summary Vulnerability with The Bouncy Castle CryptoCVE-2024-29857, , Snappy CVE-2024-36124, CVE-2024-30171, CVE-2024-30172, This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is...

7.5CVSS7AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/17 2:49 p.m.•62 views

Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)

Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...

7.5CVSS7.8AI score0.02945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/17 2:21 p.m.•40 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-46813, CVE-2023-51385, CVE-2023-48795)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-46813 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect access checking in the VC handler and instruction emulation ...

7CVSS7.5AI score0.93305EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/17 1:4 p.m.•28 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Storage Scale packaged in Elastic Storage Server

Summary There are multiple vulnerabilities in Javaâ„¢ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945. Vulnerability Details CVEID:CVE-2024-20952...

7.4CVSS6.8AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/17 12:53 p.m.•30 views

Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affect IBM Storage Scale packaged in IBM Storage Scale System

Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Storage Scale System GUI, could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926,...

7.4CVSS6.8AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/17 10:5 a.m.•20 views

Security Bulletin: IBM Maximo Application Suite: follow-redirects-1.15.5.tgz is vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses follow-redirects-1.15.5.tgz which is vulnerable to CVE-2024-28849 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information,...

6.5CVSS6.7AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/16 10:4 p.m.•57 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2511, CVE-2024-0727) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-2511, CVE-2024-0727. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

5.9CVSS6.7AI score0.54026EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/07/16 8:1 p.m.•24 views

Security Bulletin: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response

Summary In IBM Sterling B2B Integrator's dashboard, many links have CSRF tokens at the end of URLs. An attacker could post something with a link to the B2Bi dashboard somewhere. If a B2Bi user who has the active http session and owns the token clicks the link then the request will be honored sinc...

3.7CVSS3.4AI score0.00314EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35730