Lucene search
+L

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 10:46 a.m.18 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for May 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF005. These vulnerabilities have been also adressed in 24.0.0-IF007, 24.0.1-IF007 and 25.0.1-IF001. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a...

7.6CVSS6.9AI score0.01525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 9:25 a.m.25 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...

8.6CVSS8.6AI score0.13204EPSS
Exploits6Affected Software1
Cvelist
Cvelist
added 2025/11/03 3:15 p.m.11 views

CVE-2025-36092 IBM Business Automation Insights improper input validation

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length...

6.5CVSS0.00396EPSS
Exploits0References1
CVE
CVE
added 2025/11/03 3:15 p.m.25 views

CVE-2025-36092

CVE-2025-36092 affects IBM Cloud Pak for Business Automation (25.0.0, 24.0.1, 24.0.0) and stems from improper validation of input length, allowing an authenticated user to cause a denial of service. IBM’s sources confirm the issue and provide targeted fixes: 25.0.0 should install security fix 25....

6.5CVSS6AI score0.00396EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/03 3:14 p.m.11 views

CVE-2025-36091 IBM Business Automation Insights unverified ownership

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment...

4.3CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/03 3:14 p.m.3 views

CVE-2025-36091 IBM Business Automation Insights unverified ownership

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment...

4.3CVSS6.1AI score0.0031EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 5:17 p.m.6 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for September 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF005. These vulnerabilities have been also addressed in 25.0.0-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling...

8.7CVSS6.4AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 7:4 a.m.8 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...

9.8CVSS7.3AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 8:58 a.m.20 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for July 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF004 and 24.0.0-IF006 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 t...

8.8CVSS10AI score0.10639EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/05 4:23 p.m.31 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for April 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF002 and IBM Business Automation Insights 24.0.0-IF003 Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client...

9.8CVSS9.4AI score0.04505EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/04 9:55 a.m.29 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for February 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF001 and IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management...

7.5CVSS8.7AI score0.01157EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 6:48 p.m.28 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for Junuary 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...

9.2CVSS9AI score0.14718EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 12:56 p.m.37 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for September 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF001 Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

7.5CVSS9.7AI score0.01257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 1:14 p.m.23 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for June 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

8.2CVSS8.1AI score0.87211EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/31 10:42 a.m.63 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

7CVSS7.2AI score0.0138EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/27 1:48 p.m.37 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for April 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

6.5CVSS7.5AI score0.01639EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/24 11:55 a.m.27 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for March 2023.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF003. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially...

8.1CVSS7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/07 9:24 a.m.18 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for February 2023.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF002. Vulnerability Details CVEID:CVE-2023-6267 DESCRIPTION: Quarkus could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the json payload when...

9.8CVSS7.7AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/04 8:10 p.m.33 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for January 2023.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF001. Vulnerability Details CVEID:CVE-2023-46673 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by improper handling of exceptional conditions. By sending a specially...

7.5CVSS7.1AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/06 4:35 p.m.66 views

Security Bulletin: Multiple vulnerabilities in TLS in Cloud Pak for Automation

Summary There are multiple vulnerabilities in the TLS protocol implementation in Business Automation Insights BAI in Cloud Pak for Automation. These have been addressed. Vulnerability Details CVEID: CVE-2013-0169 DESCRIPTION: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used...

5CVSS1.3AI score0.66422EPSS
Exploits2Affected Software1
Rows per page
Query Builder