Lucene search
K

35744 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 5:10 p.m.•35 views

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

6.5CVSS7.1AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 2:18 p.m.•27 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus.

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker t...

9.8CVSS8.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 2:16 p.m.•31 views

Security Bulletin: Vulnerability in IBM Semeru Runtime affects Host On-Demand

Summary There is a vulnerability in IBM Semeru Runtime Quarterly Critical Patch Update - Jan 2024 - Includes OpenJDK Jan 2024 Critical Patch Update. Host On-Demand has addressed the applicable CVE plus CVE-2024-22361. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified...

7.5CVSS6.6AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 2:13 p.m.•40 views

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023 Critica...

5.9CVSS5.2AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 12:46 p.m.•62 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX...

9.8CVSS9.8AI score0.98518EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 11:0 a.m.•30 views

Security Bulletin:IBM Asset Data Dictionary Component uses vertx-core-4.5.0.jar which is vulnerable to CVE-2024-1023 and CVE-2024-1300.

Summary IBM Asset Data Dictionary Component uses vertx-core-4.5.0.jar which is vulnerable to CVE-2024-1023 and CVE-2024-1300. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a...

6.5CVSS6AI score0.01639EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 6:54 a.m.•38 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2023 Critical Patch...

9.1CVSS6AI score0.01208EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 2:53 a.m.•35 views

Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment

Summary YAJSW service is used for registering XSLD services with operating system. Vulnerabilities CVE-2024-29131 and CVE-2024-29133 are reported on commons-configuration2-2.8.0.jar used in YAJSW package. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could...

7.3CVSS7.6AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 9:46 p.m.•60 views

Security Bulletin: IBM Controller has addressed multiple vulnerabilities

Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details CVEID:CVE-2023-40695 DESCRIPTION: IBM Cognos Controller...

9.8CVSS9.8AI score0.28839EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 9:37 p.m.•14 views

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products are vulnerable due to a Jave SE issue. The vulnerability has been addressed and can be resolved by applying the SANnav code level listed below. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Jav...

3.7CVSS5.8AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 9:23 p.m.•28 views

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

5.3CVSS6.4AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 9:21 p.m.•35 views

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

7.5CVSS7.7AI score0.03658EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 9:19 p.m.•36 views

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...

5.3CVSS6.4AI score0.01625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 8:47 p.m.•38 views

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

5.3CVSS5.9AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 6:20 p.m.•29 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow a remo...

7.5CVSS7.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 4:16 p.m.•31 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to Eclipse Jetty (CVE-2024-22201)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to a denial of service due to Eclipse Jetty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is...

7.5CVSS7.3AI score0.01433EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 1:12 p.m.•27 views

Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks

Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard parameters. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version...

4.3CVSS4.9AI score0.00348EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 1:9 p.m.•33 views

Security Bulletin: IBM QRadar SIEM on Azure Cloud deployed from Azure Marketplace is vulnerable to remote code execution (CVE-2024-21334)

Summary IBM QRadar SIEM on Azure Cloud deployed from Azure Marketplace is vulnerable to a remote code execution issue found within the Microsoft Open Management Infrastructure OMI. The information below shows how to remove this vulnerable component. Vulnerability Details CVEID:CVE-2024-21334...

9.8CVSS9.9AI score0.20157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 10:52 a.m.•78 views

Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary The certificate for a remote system in a policy-based replication partnership is not correctly validated in the GUI on IBM Storage Virtualize products. Vulnerability Details CVEID:CVE-2023-47700 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtuali...

7.5CVSS6.7AI score0.00546EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 10:50 a.m.•16 views

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to...

5.9CVSS6AI score0.014EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 10:33 a.m.•34 views

Security Bulletin: IBM Maximo Application Suite - IOT Component uses dnspython-1.16.0-py2.py3-none-any.whl which is vulnerable to CVE-2023-29483

Summary IBM Maximo Application Suite - IOT Component uses dnspython-1.16.0-py2.py3-none-any.whl which is vulnerable to CVE-2023-29483. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to...

7CVSS6.8AI score0.01857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 10:14 a.m.•29 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-25026)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

7.5CVSS6.2AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/01 9:28 a.m.•39 views

Security Bulletin: A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Struts affects the product's management GUI. The Command Line Interface is unaffected CVE-2023-50164. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remo...

9.8CVSS9.8AI score0.80819EPSS
Exploits15Affected Software13
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 9:48 p.m.•40 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129)

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL CVE-2023-6129. OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000...

6.5CVSS7.2AI score0.02323EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 9:45 p.m.•32 views

Security Bulletin: Vulnerabilities in Apache Commons Compress and PostgreSQL might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details...

8.1CVSS8.2AI score0.01465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 9:44 p.m.•66 views

Security Bulletin: Vulnerabilities in OpenSSH, Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in OpenSSL and Linux Kernel. A remote or local authenticated attacker could exploit these vulnerabilities to break SSH extension negotiation and downgrading the client connection security, to cause the system to crash, to...

7.8CVSS9.2AI score0.93305EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 9:41 p.m.•43 views

Security Bulletin: Vulnerability in Linux Kernel could affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Linux Kernel. A remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system as described by the CVE in the "Vulnerability Details" section. CVE-2023-45871 Thi...

7.5CVSS8.9AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 6:52 p.m.•40 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5 Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitra...

9.8CVSS9.5AI score0.99615EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 5:34 p.m.•43 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements when using...

10CVSS9.6AI score0.0481EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 5:16 p.m.•24 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-25026)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.5CVSS6.2AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 4:46 p.m.•80 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products (CVE-2023-45648, CVE-2023-42795, CVE-2023-46589, CVE-2024-21733)

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing HTTP request smuggling and the obtaining of sensitive information. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to...

7.5CVSS7.3AI score0.14286EPSS
Exploits5Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 4:44 p.m.•50 views

Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through...

7.5CVSS7.6AI score0.00609EPSS
Exploits0Affected Software13
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 4:35 p.m.•15 views

Security Bulletin: IBM WebSphere Automation is vulnerable to a Privilege Escalation vulnerability (CVE-2024-28764)

Summary IBM WebSphere Automation is vulnerable to a Privilege Escalation vulnerability. Vulnerability Details CVEID:CVE-2024-28764 DESCRIPTION: IBM WebSphere Automation could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary...

7.8CVSS7AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 4:33 p.m.•30 views

Security Bulletin: IBM WebSphere Automation is vulnerable to cross-site scripting (CVE-2024-28775)

Summary IBM WebSphere Automation is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2024-28775 DESCRIPTION: IBM WebSphere Automation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...

5.4CVSS4.6AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 2:38 p.m.•24 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-25026

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS6.2AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 8:34 a.m.•23 views

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)

Summary IBM QRadar Suite software is vulnerable to information exposure through cookie settings. This has been addressed in the latest update. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details CVEID:CVE-2022-38386...

5.9CVSS5.5AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 7:39 a.m.•21 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data may be vulnerable to a remote attacker (CVE-2024-29041)

Summary There is a vulnerability in Express.js Express used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remo...

6.1CVSS6.1AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 7:36 a.m.•41 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data may be vulnerable to a remote attacker (CVE-2024-28849)

Summary There is a vulnerability in follow-redirects used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could...

6.5CVSS6.3AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 7:32 a.m.•34 views

Security Bulletin: Multiple vulnerabilities in Apache Commons Compress may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-26308 & CVE-2024-25710)

Summary There are multiple vulnerabilities in Apache Commons Compress used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compre...

8.1CVSS7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 7:19 a.m.•43 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, Java SE, IBM GSKit-Crypto, open redirect, buffer overflow condition and golang-fips/openssl vulnerabilities.

Summary IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, golang-fips/openssl which were identified in RedHat UBI. IBM MQ is vulnerable to a buffer overflow condition, phishing attacks in open redirect , Java SE, IBM GSKit-Crypto. This bulletin...

7.5CVSS8.9AI score0.06208EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/30 7:0 a.m.•39 views

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850) affect Power HMC

Summary IBM Java SDK is used by Power Hardware Management Console HMC. Since V10R1 is a Java 8 based HMC, HMC has addressed the affected CVEs, which were specific to Java 8: CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, and CVE-2023-33850. The specified CVEs have...

7.5CVSS6.8AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 4:48 p.m.•41 views

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets...

8.6CVSS8.6AI score0.55526EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 4:12 p.m.•37 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in kotlin 2

Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in kotlin 2 Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for Message-Type Extensions. By sending...

7.5CVSS7.2AI score0.00483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 4:12 p.m.•32 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in kotlin

Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in kotlin Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for textformat data. By sending...

7.5CVSS7.2AI score0.00567EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 4:12 p.m.•46 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rack-2.0.7.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rack-2.0.7.gem Vulnerability Details CVEID:CVE-2024-26146 DESCRIPTION: Rack is vulnerable to a denial of service, caused by improper validation of user-supplied input by the header parsing process. By sending...

7.5CVSS5.8AI score0.01996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 2:19 p.m.•26 views

Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway

Summary Security Vulnerabilities in Liberty affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor use...

6.5CVSS5.9AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 12:41 p.m.•18 views

Security Bulletin: rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate is vulnerable to WS-2023-0366 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate which is vulnerable to WS-2023-0366 Vulnerability Details IBM X-Force ID: 269579 DESCRIPTION: Bytecode Alliance rustix is vulnerable to a denial of service, caused by...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 10:37 a.m.•42 views

Security Bulletin: Multiple Vulnerabilities in IBM SDK Java affect IBM Cloud Pak System

Summary Multiple vulnerabilities found in IBM Java SDK reported in the IBM Java SDK CPU update October 2022 affect OS Image shipped with Cloud Pak System. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP...

5.3CVSS5.7AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 9:39 a.m.•38 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale (CVE-2023-50312)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 throug...

6.5CVSS5.8AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/04/29 9:37 a.m.•25 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2024-3177)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that may allow mountable secret policy enforcement to be bypassed during pod admission CVE-2024-3177. Vulnerability Details CVEID: CVE-2024-3177 Description: Kubernetes kube-apiserver could...

2.7CVSS3.9AI score0.02224EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35744