1896 matches found
Security Bulletin: Vulnerability in Apache Batik library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40146)
Summary Apache Batik library is used by Tivoli Netcool/OMNIbus WebGUI as part of Gauges and Map viewing component. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar...
EUVD-2007-4820
Malware in sbrugna...
EUVD-2007-3944
Malware in sbrugna...
Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2025-36088
Summary The web GUI did not sufficiently sanitize user input in certain dialogs, allowing HTML or JavaScript to be stored and later displayed to other users. Malicious code would only execute if a user opened the affected event entry. The issue has been resolved by adding proper input sanitizatio...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang. which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled...
Security Bulletin: IBM Master Data Management is vulnerable to arbitrary code execution from vulnerability in WebSphere Application Server (CVE-2025-36038)
Summary IBM Master Data Management is vulnerable to arbitrary code execution by a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of...
Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: Oracle July 15 2025 CPU bsc1247754. CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications th...
SUSE-SU-2025:03262-1 Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU bsc1247754. - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java application...
Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: Oracle July 15 2025 CPU bsc1247754. CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications th...
Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security due to crypto.js (CVE-2020-36732)
Summary A vulnerability in crypto.js library affects IBM WebSphere Application Server Liberty with the openidConnectServer-1.0 feature enabled. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the stri...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)
Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details...
Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to a denial of service due to Netty (CVE-2025-25193)
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a denial of service due to Netty vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124)
Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Vulnerability Details...
Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server could provide weaker than expected security for TLS connections. Vulnerability Details CVEID:CVE-2025-33142 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security for TLS connections. CWE:CWE-295: Improper Certificate...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36047)
Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerab...
IBM DB2 DoS (7240947) (Windows)
According to it self-reported version number, IBM Db2 is affected by denial of service vulnerability. - IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. CVE-2025-2533 Note that Nessus...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass vulnerability (CVE-2024-56339)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass caused by a failure to honor security configuration. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
CVE-2024-52900
IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.
Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41232...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-33104)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...