Lucene search
K

110 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2026-22751)

Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22751. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22751 DESCRIPTION: Vulnerability in Spring Spring Security. Applications that...

4.8CVSS5.2AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 1:37 p.m.13 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in minimatch (CVE-2026-26996)

Summary A Regular Expression Denial of Service ReDoS vulnerability in the minimatch pattern matching library CVE-2026-26996 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch i...

8.7CVSS5.7AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:34 p.m.6 views

Security Bulletin: Common Vulnerability fixed in latest releases of Cloudera Data Platform Private Cloud Base

Summary Common Vulnerability fixed in latest releases of Cloudera Data Platform Private Cloud Base Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CWE:CWE-94: Improper Control of Generation of...

7.2CVSS6AI score0.2241EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 10:29 p.m.7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885)

Summary There is a vulnerability in bc-fips-1.0.2.5.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-8885. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling...

6.3CVSS5.5AI score0.00505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 8:35 a.m.4 views

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

9.8CVSS9.3AI score0.00791EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.5 views

IBM License Metric Tool 访问控制错误漏洞

The IBM License Metric Tool is a free tool from International Business Machines IBM that helps IBM Passport Advantage Software Upgrade and Support Services customers determine their Processor Value Unit PVU licensing needs. An Access Control Error vulnerability exists in IBM License Metric Tool...

4.3CVSS6.5AI score0.00222EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 8:13 a.m.12 views

Security Bulletin: Netty vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis

Summary There is a potential validation vulnerability in Netty that is used by Apache Solr. This has been addressed Vulnerability Details IBM X-Force ID: 221368 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by improper hostname verification. An attacker could exploit this...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 5:15 p.m.46 views

Security Bulletin: A Bouncy Castle vulnerability has been identified in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33201)

Summary There is a potential injection vulnerability in Bouncy Castle that is used by Apache Solr and Logstash. This has been addressed Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive...

5.3CVSS6.1AI score0.00772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/22 4:24 p.m.33 views

Security Bulletin: IBM Sterling B2B Integrator affected by vulnerabilities due to Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)

Summary IBM Sterling B2B Integrator uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or HttpServletRequest.getParts function. By sending a speciall...

5.3CVSS5.8AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/12 9:30 a.m.259 views

Security Bulletin: Vulnerability of Newtonsoft.Json-12.0.1.22727.dll has afftected to .NET Agent

Summary .NET Agent is vulnerable to Newtonsoft.Json 12.0.1.22727.dll. This fix has upgraded Newtonsoft.Json from Newtonsoft.Json-12.0.1.22727.dll to Newtonsoft.Json.13.0.3 Vulnerability Details IBM X-Force ID: 234366 DESCRIPTION: Newtonsoft.Json is vulnerable to a denial of service, caused by...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:44 p.m.40 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Sterling B2B Integrator uses Apache Commons FileUpload. Vulnerability Details CVEID: CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By...

7.5CVSS7.1AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:40 p.m.62 views

Security Bulletin: IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J (CVE-2022-45787)

Summary IBM Sterling B2B Integrator uses Apache James MIME4J. Vulnerability Details CVEID: CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

5.5CVSS6.1AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:37 p.m.43 views

Security Bulletin: IBM Sterling B2B Integrator affected by remote code execution due to Snake Yaml (CVE-2022-1471)

Summary IBM Sterling B2B Integrator uses Snake Yaml. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted ya...

9.8CVSS9.7AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/20 7:34 p.m.29 views

Security Bulletin: IBM Sterling B2B Integrator is affected by vulnerability in JDOM (CVE-2021-33813)

Summary IBM Sterling B2B Integrator uses JDOM. Vulnerability Details CVEID: CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the a...

7.5CVSS6.6AI score0.19442EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 3:49 p.m.39 views

Security Bulletin: IBM TRIRIGA Application Platform discloses server-side request forgery (CVE-2020-11988)

Summary CV-2020-11988 Apache XML Graphis Commons is vulerable to server-side request forgery. Vulnerability Details CVEID: CVE-2020-11988 DESCRIPTION: Apache XML Graphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a...

8.2CVSS6.8AI score0.0665EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 5:14 p.m.35 views

Security Bulletin: IBM TRIRIGA Application Platform suseptable to clickjacking (CBE-2017-4015)

Summary TRIRIGA could allow a remote authenticated attacker to hijack the clicking action of the victim, caused by improper validation of user supplied HTTP response header Vulnerability Details CVEID:CVE-2017-4015 DESCRIPTION: McAfee Network Data Loss Prevention could allow a remote authenticate...

4.5CVSS4.5AI score0.01067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 7:14 a.m.34 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 05 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.48 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

5.3CVSS5.8AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 7:13 a.m.46 views

Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 05 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.48 and earlier component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

5.3CVSS5.8AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 7:58 p.m.26 views

Security Bulletin: IBM TRIRIGA Application Platform discloses possible remote attacker (CVE-2020-4868

Summary IBM TRIRIGA could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. Vulnerability Details CVEID:CVE-2020-4868 DESCRIPTION: IBM TRIRIGA could allo...

5.3CVSS4.4AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 7:51 p.m.42 views

Security Bulletin: JSuites is vulnerable to cross-site scripting (CVE-2021-41086)

Summary CVE-2021-41086 JSuites is vulnerable to cross-site scripting Vulnerability Details CVEID:CVE-2021-41086 DESCRIPTION: jSuites is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard. A remote attacker could exploit this vulnerability to...

8.7CVSS5.6AI score0.01027EPSS
Exploits0Affected Software1
Rows per page
Query Builder