Lucene search
+L

1896 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 2:19 p.m.7 views

Security Bulletin: Vulnerability in Apache Batik library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40146)

Summary Apache Batik library is used by Tivoli Netcool/OMNIbus WebGUI as part of Gauges and Map viewing component. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar...

7.5CVSS6.7AI score0.05791EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-4820

Malware in sbrugna...

7.5CVSS6.4AI score0.00994EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-3944

Malware in sbrugna...

9.3CVSS6.4AI score0.01929EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 8:54 p.m.9 views

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2025-36088

Summary The web GUI did not sufficiently sanitize user input in certain dialogs, allowing HTML or JavaScript to be stored and later displayed to other users. Malicious code would only execute if a user opened the affected event entry. The issue has been resolved by adding proper input sanitizatio...

5.4CVSS6AI score0.00177EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:24 a.m.3 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang. which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled...

5.3CVSS7.5AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 2:13 p.m.7 views

Security Bulletin: IBM Master Data Management is vulnerable to arbitrary code execution from vulnerability in WebSphere Application Server (CVE-2025-36038)

Summary IBM Master Data Management is vulnerable to arbitrary code execution by a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of...

9.8CVSS8.1AI score0.08417EPSS
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2025/09/18 6:42 a.m.7 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: Oracle July 15 2025 CPU bsc1247754. CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications th...

8.6CVSS8AI score0.01058EPSS
Exploits1References22
OSV
OSV
added 2025/09/18 6:42 a.m.4 views

SUSE-SU-2025:03262-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU bsc1247754. - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java application...

8.6CVSS7.2AI score0.01058EPSS
Exploits1References12
SUSE Linux
SUSE Linux
added 2025/09/16 9:11 a.m.5 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: Oracle July 15 2025 CPU bsc1247754. CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications th...

8.6CVSS7.3AI score0.01058EPSS
Exploits1References22
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/10 9:58 p.m.10 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary A vulnerability in crypto.js library affects IBM WebSphere Application Server Liberty with the openidConnectServer-1.0 feature enabled. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the stri...

5.3CVSS5.5AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/10 1:30 p.m.10 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details...

7.5CVSS7.5AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 1:5 p.m.5 views

Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a denial of service due to Netty vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the...

5.5CVSS6.1AI score0.00384EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/25 9:5 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Vulnerability Details...

7.5CVSS6.2AI score0.00395EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 4:19 p.m.7 views

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142)

Summary IBM WebSphere Application Server could provide weaker than expected security for TLS connections. Vulnerability Details CVEID:CVE-2025-33142 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security for TLS connections. CWE:CWE-295: Improper Certificate...

7.5CVSS6.9AI score0.0027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/13 8:31 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36047)

Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerab...

7.5CVSS7.1AI score0.00451EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/01 12:0 a.m.4 views

IBM DB2 DoS (7240947) (Windows)

According to it self-reported version number, IBM Db2 is affected by denial of service vulnerability. - IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. CVE-2025-2533 Note that Nessus...

7.5CVSS6.5AI score0.00283EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/28 9:20 p.m.5 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass vulnerability (CVE-2024-56339)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass caused by a failure to honor security configuration. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS6.8AI score0.004EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/28 1:15 a.m.9 views

CVE-2024-52900

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS5.5AI score0.00171EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/05 7:40 a.m.13 views

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41232...

9.1CVSS6.7AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/27 6:19 p.m.12 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

7.6CVSS6.3AI score0.00199EPSS
Exploits0Affected Software1
Rows per page
Query Builder