21268 matches found
Security Bulletin: There is a vulnerability in the wheel package for Jinja2 affecting watsonx Code Assistant On Prem Extensions
Summary There is a vulnerablity in the wheel package for Jinja2 affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to...
Security Bulletin: IBM Maximo Application Suite Predict Component vulnerable to arbitrary code execution
Summary Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how th...
SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:1024-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1024-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixe...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.9.0 Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by...
Security update for tomcat10
This update for tomcat10 fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixes: Update to Tomcat 10.1.39 Fixes: launch with java 17 bsc1239676 Catalina Fix: 69602: Fix regression in releases from 12-2024 th...
SUSE-SU-2025:1024-1 Security update for tomcat10
This update for tomcat10 fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixes: - Update to Tomcat 10.1.39 Fixes: + launch with java 17 bsc1239676 Catalina + Fix: 69602: Fix regression in releases from...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to arbitrary code execution
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. This bulletin contains information regarding the vulnerability and i...
Security Bulletin: IBM Sterling Control Center is vulnerable to directory traversal (CVE-2023-35020)
Summary IBM Sterling Control Center is vulnerable to unauthorized directory traversal. Vulnerability Details CVEID:CVE-2023-35020 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request...
Security Bulletin: CVE-2023-50164 affects Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION:...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2023-34054 DESCRIPTION: VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending specially...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Java™, IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Open URL Redirection and Link Manipulation vulnerabilities. For more information abou...
Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager
Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Security Bulletin: IBM Security Guardium is affected by multiple OS level vulnerabilities
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...
Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Directory Suite (CVE-2022-32753, CVE-2022-32751, CVE-2022-33165)
Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2002-0080 DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...
Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect
Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...