Lucene search
K

21268 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:33 p.m.7 views

Security Bulletin: There is a vulnerability in the wheel package for Jinja2 affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the wheel package for Jinja2 affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to...

8.8CVSS7.9AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 11:52 a.m.5 views

Security Bulletin: IBM Maximo Application Suite Predict Component vulnerable to arbitrary code execution

Summary Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how th...

8.8CVSS7.9AI score0.005EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.21 views

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:1024-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1024-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixe...

10CVSS7.8AI score0.99945EPSS
Exploits58References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 6:21 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.9.0 Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by...

9.8CVSS10AI score0.73062EPSS
Exploits9Affected Software1
SUSE Linux
SUSE Linux
added 2025/03/26 11:29 a.m.6 views

Security update for tomcat10

This update for tomcat10 fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixes: Update to Tomcat 10.1.39 Fixes: launch with java 17 bsc1239676 Catalina Fix: 69602: Fix regression in releases from 12-2024 th...

9.2CVSS9.2AI score0.99945EPSS
Exploits58References8
OSV
OSV
added 2025/03/26 11:29 a.m.10 views

SUSE-SU-2025:1024-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixes: - Update to Tomcat 10.1.39 Fixes: + launch with java 17 bsc1239676 Catalina + Fix: 69602: Fix regression in releases from...

10CVSS9.8AI score0.99945EPSS
Exploits58References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 7:22 a.m.12 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to arbitrary code execution

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. This bulletin contains information regarding the vulnerability and i...

8.8CVSS7.6AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:12 a.m.37 views

Security Bulletin: IBM Sterling Control Center is vulnerable to directory traversal (CVE-2023-35020)

Summary IBM Sterling Control Center is vulnerable to unauthorized directory traversal. Vulnerability Details CVEID:CVE-2023-35020 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request...

5.4CVSS5.3AI score0.00537EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:11 a.m.34 views

Security Bulletin: CVE-2023-50164 affects Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION:...

9.8CVSS9.7AI score0.80819EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:10 a.m.47 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation...

9.8CVSS10AI score0.03092EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:10 a.m.76 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...

9.8CVSS9.9AI score0.91327EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:9 a.m.44 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2023-34054 DESCRIPTION: VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending specially...

9.1CVSS9.2AI score0.04322EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:7 a.m.87 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Open URL Redirection and Link Manipulation vulnerabilities. For more information abou...

8.6CVSS10AI score0.36081EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:6 a.m.57 views

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...

9.1CVSS6.1AI score0.00975EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:4 a.m.61 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.15014EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:3 a.m.54 views

Security Bulletin: IBM Security Guardium is affected by multiple OS level vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple...

7.8CVSS8.9AI score0.05794EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:3 a.m.83 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...

9.8CVSS10AI score0.60679EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:0 a.m.25 views

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Directory Suite (CVE-2022-32753, CVE-2022-32751, CVE-2022-33165)

Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

7.5CVSS6.1AI score0.01172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:58 a.m.71 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2002-0080 DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...

7.5CVSS9.4AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:57 a.m.72 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

10CVSS9.2AI score0.83223EPSS
Exploits25Affected Software1
Rows per page
Query Builder