Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35129 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/02/16 8:12 a.m.•35 views

Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilitiy in Apache Commons FileUpload affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/16 8:7 a.m.•25 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache Commons FileUpload

Summary This security bulletin addresses the vulnerabilitiy in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...

7.5CVSS7.7AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/16 4:58 a.m.•28 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java SE

Summary IBM Sterling Connect:Direct Web Service uses IBM Java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to...

3.7CVSS5.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/16 4:57 a.m.•34 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to man-in-the-middle attack due to Hot Rod (CVE-2023-4586)

Summary IBM Sterling Connect:Direct Web Services uses Hot Rod. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Hot Rod client is vulnerable to a man-in-the-middle attack, caused by the failure to enable hostname...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 7:37 p.m.•53 views

Security Bulletin: IBM Copy Services manager is affected by IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676

Summary IBM Copy Services Manager is affected by All applicable Java SE CVEs published by Oracle as part of their October 2023 Critical Patch Update plus CVE-2023-5676. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.9CVSS6.3AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 2:47 p.m.•38 views

Security Bulletin: There is a vulnerability in tinymce-6.3.1.min.js used by IBM Maximo Asset Management application (CVE-2023-45819 and CVE-2023-45818)

Summary There is a vulnerability in tinymce-6.3.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-45819 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Notification Manager API. A...

6.1CVSS5.9AI score0.0062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 1:10 p.m.•54 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS10AI score0.77901EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 12:47 p.m.•29 views

Security Bulletin: There are multiple vulnerabilities in IBM SDK, Java Technology Edition and Eclipse OpenJ9 that are shipped with CICS Transaction Gateway Desktop Edition (CVE-2023-22081, CVE-2023-22067 and CVE-2023-5676).

Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition and Eclipse OpenJ9 that are shipped with CICS Transaction Gateway Desktop Edition CVE-2023-22081, CVE-2023-22067 and CVE-2023-5676. An update to CICS Transaction Gateway Desktop Edition has been released to address the...

5.9CVSS6.1AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 12:46 p.m.•22 views

Security Bulletin: There are multiple vulnerabilities in IBM SDK, Java Technology Edition and Eclipse OpenJ9 that are shipped with CICS Transaction Gateway for Multiplatforms (CVE-2023-22081, CVE-2023-22067 and CVE-2023-5676).

Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition and Eclipse OpenJ9 that are shipped with CICS Transaction Gateway for Multiplatforms CVE-2023-22081, CVE-2023-22067 and CVE-2023-5676. An update to CICS Transaction Gateway for Multiplatforms has been released to addre...

5.9CVSS6.1AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 12:44 p.m.•18 views

Security Bulletin: There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway Desktop Edition (CVE-2023-22045 and CVE-2023-22049).

Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway Desktop Edition CVE-2023-22045 and CVE-2023-22049. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability...

3.7CVSS5.9AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 12:43 p.m.•57 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.4CVSS7.3AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 12:38 p.m.•25 views

Security Bulletin: There is a vulnerability in IBM Semeru Runtime that is shipped with CICS Transaction Gateway for Multiplatforms (CVE-2023-21968).

Summary There is a vulnerability in IBM Semeru Runtime that is shipped with CICS Transaction Gateway for Multiplatforms CVE-2023-21968. An update to CICS Transaction Gateway for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-21968 DESCRIPTION:...

3.7CVSS5.4AI score0.01044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 12:32 p.m.•39 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by unspecified vulnerability due to IBM Java and its runtime

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes CVE-2023-22045, CVE-2023-22049, CVE-2023-22081, CVE-2023-22067, CVE-2023-5676 Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in...

5.9CVSS5.8AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 8:18 a.m.•51 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability

Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...

6.9CVSS6.5AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 5:42 a.m.•33 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM MQ which is shipped with IBM Intelligent Operations Center.

Summary Multiple security vulnerabilities have been identified in IBM MQ which shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM MQ has been published in a security bulletin CVE-2023-5072, CVE-2023-22081, CVE-2023-5676 Vulnerability Details...

7.5CVSS6.4AI score0.01449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 4:16 a.m.•48 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Scale (CVE-2023-46158, CVE-2023-44487)

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could provide weaker than expected security due to improper resource expiration handling. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Libert...

9.8CVSS8.1AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/15 4:6 a.m.•35 views

Security Bulletin: Multiple urllib vulnerabilities may affect IBM Storage Scale (CVE-2023-43804)

Summary Multiple vulnerabilities in urllib repo, used by the IBM Storage Scale call home feature, which could allow a remote authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtai...

8.1CVSS6.8AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 6:57 p.m.•53 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused ...

9.1CVSS8.7AI score0.03915EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 6:50 p.m.•38 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

9.3CVSS8.3AI score0.02475EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 6:12 p.m.•57 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 4:50 p.m.•17 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in October 2023, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22081...

5.9CVSS6.1AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 2:19 p.m.•36 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system [CVE-2023-46604]

Summary Apache ActiveMQ is used by the IBM Datapower Operations Dashboard in its messaging infrastructure. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could all...

10CVSS9.7AI score0.99654EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 11:54 a.m.•27 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2023-22081 and CVE-2023-22067 were disclosed in the Oracle October 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact...

5.3CVSS5.5AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 11:53 a.m.•33 views

Security Bulletin: CVE-2023-22049 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2023-22049 was disclosed in the Oracle July 2023 Quarterly CPU Update. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts. CVSS Base score: 3.7...

3.7CVSS5.5AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 9:21 a.m.•36 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no...

5.9CVSS6AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 8:45 a.m.•26 views

Security Bulletin: There are multiple vulnerabilities in IBM Db2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities Vulnerability Details CVEID:CVE-2015-8383...

9.8CVSS10AI score0.07059EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 8:43 a.m.•55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 8:18 a.m.•19 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale

Summary There are vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

5.9CVSS6AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 8:1 a.m.•50 views

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2023-5676)

Summary There is a vulnerability in IBM® Java™ version 8 and 11 used by IBM CPLEX Optimization Studio. This issue was disclosed as part of the Oracle / OpenJDK October 2023 Critical Patch Updates. Vulnerability Details CVEID:CVE-2023-5676 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of...

5.9CVSS5.1AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 7:58 a.m.•43 views

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM ILOG CPLEX Optimization Studio (CVE-2023-22045, CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Versions 8 and 11 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the Oracle / OpenJDK July 2023 Critical Patch Updates. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified...

3.7CVSS5.8AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 7:45 a.m.•27 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Oracle October 2023 CPU (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6.1AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 7:42 a.m.•36 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle October 2023 CPU (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by v4.1.0.4 to v4.1.1.1 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details Refer to the security bulletins...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 7:24 a.m.•51 views

Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager

Summary This security bulletin addresses the vulnerabilities in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2022-46364,CVE-2022-46363. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementatio...

9.8CVSS8.8AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 6:45 a.m.•22 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Oracle July 2023 CPU (CVE-2023-22045, CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2023. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fix...

3.7CVSS6.8AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 6:9 a.m.•29 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle July 2023 CPU (CVE-2023-22045, CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by v4.1.0.4 to v4.1.1.1 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in July 2023. Vulnerability Details Refer to the security bulletins listed...

3.7CVSS6.8AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/14 5:51 a.m.•37 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CV...

3.7CVSS5.7AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 7:20 p.m.•43 views

Security Bulletin: IBM Spectrum Conductor with ISC BIND is vulnerable to a denial of service

Summary IBM Spectrum Conductor with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-3341 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a stack exhaustion flaw in control channel code. By sending a specially crafted message over the contro...

7.5CVSS7.6AI score0.02626EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 7:19 p.m.•20 views

Security Bulletin: IBM Spectrum Conductor with urllib3 could allow a remote authenticated attacker to obtain sensitive information

Summary IBM Spectrum Conductor with urllib3 could allow a remote authenticated attacker to obtain sensitive information Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request...

8.1CVSS6.9AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 7:18 p.m.•34 views

Security Bulletin: IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service

Summary IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-3341 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a stack exhaustion flaw in control channel code. By sending a specially crafted message over the control...

7.5CVSS7.6AI score0.02626EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 4:49 p.m.•36 views

Security Bulletin: Due to the use of OpenSSL, IBM CICS TX Advanced is vulnerable to a denial of service (DOS) (CVE-2023-3817 and CVE-2023-3446).

Summary There are vulnerabilities in OpenSSL when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH parameters. OpenSSL is used IBM CICS TX Advanced to provide cryptographic functionality within its applications. An update to IBM CICS TX Advanced has been release...

5.3CVSS6AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 4:42 p.m.•23 views

Security Bulletin: Due to the use of the gawk package, IBM CICS TX Advanced is vulnerable to a heap out-of-bounds flaw (CVE-2023-4156).

Summary IBM CICS TX Advanced is vulnerable to CVE-2023-4156 due to the use of the gawk package. The gawk package is used by IBM CICS TX Advanced to make it possible to handle simple data-reformatting jobs with just a few lines of code. An update to IBM CICS TX Advanced has been released to addres...

7.1CVSS5.4AI score0.00424EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 4:21 p.m.•30 views

Security Bulletin: Due to the use of curl, IBM CICS TX Advanced is vulnerable to security restrictions potentially being bypassed (CVE-2023-38546).

Summary IBM CICS TX Advanced is vulnerable to CVE-2023-38546 if curl function, curleasyduphandle, has cookies enabled during the transfer when the handle is duplicated. Curl is used by IBM CICS TX Advancede to transfer data. An update to IBM CICS TX Advanced has been released to address this...

3.7CVSS7.2AI score0.06208EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 4:16 p.m.•31 views

Security Bulletin: IBM Workload Automation potentially affected by a vulnerability in Google Guava (CVE-2023-2976)

Summary IBM Workload Automation is potentially affected by a vulnerability found in Google Guava that can cause sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused ...

7.1CVSS5.9AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 4:12 p.m.•23 views

Security Bulletin: IBM Workload Automation potentially affected by a vulnerability in Okio GzipSource (CVE-2023-3635)

Summary IBM Workload Automation is potentially affected by a vulnerability found in Okio GzipSource that can cause denial of service. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially...

7.5CVSS6.4AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 3:4 p.m.•30 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to QOS.ch Sarl Logback denial of service vulnerability ( CVE-2023-6378)

Summary Potential QOS.ch Sarl Logback denial of service vulnerability CVE-2023-6378 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-6378...

7.5CVSS7.2AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 2:49 p.m.•29 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34055)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34055 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

6.5CVSS6.4AI score0.01219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 2:41 p.m.•35 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Elastic Elasticsearch denial of service vulnerability ( CVE-2023-46673)

Summary Potential Elastic Elasticsearch denial of service vulnerability CVE-2023-46673 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-4667...

7.5CVSS7AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 10:52 a.m.•32 views

Security Bulletin: IBM Event Streams is affected by an unauthenticated access (CVE-2023-22045 and CVE-2023-22049).

Summary This security vulnerability in Java SE related to the VM component and Libraries component could allow a remote attacker to cause low confidentiality and integrity impacts. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM...

3.7CVSS5.5AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 10:49 a.m.•32 views

Security Bulletin: IBM Event Streams is affected by a remote code execution vulnerability (CVE-2023-26136).

Summary A Remote Code Execution RCE vulnerability in Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Vulnerability Detai...

9.8CVSS8.4AI score0.02139EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/02/13 10:6 a.m.•20 views

Security Bulletin: Improper Authorization for IBM Jazz for Service Management export file via ExportServlet url (CVE-2023-46186)

Summary Improper Authorization for IBM Jazz for Service Management export file via ExportServlet url CVE-2023-46186 Vulnerability Details CVEID:CVE-2023-46186 DESCRIPTION: IBM Jazz for Service Management could allow an unauthorized user to obtain sensitive file information using forced browsing d...

7.5CVSS5AI score0.00601EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35129