Lucene search
K

186 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:23 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.4.0 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerab...

8.7CVSS7.3AI score0.00663EPSS
Exploits4Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.12 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...

5.3CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:31 p.m.3 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:26 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote...

9.8CVSS6.7AI score0.0115EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/22 2:16 p.m.13 views

CVE-2025-2669

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6.5CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:16 p.m.10 views

CVE-2024-54178

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 1:18 p.m.33 views

CVE-2025-2669 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:18 p.m.25 views

CVE-2025-2669

CVE-2025-2669 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions 4.8, 5.0, 5.1, 5.2, 5.3). The root cause is improper token validation, enabling a privileged user to perform operations and access sensitive information outside their authority. The available sou...

6.5CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/06/22 1:15 p.m.33 views

CVE-2024-54178 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:15 p.m.13 views

CVE-2024-54178

CVE-2024-54178 concerns IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data, affecting versions 4.8, 5.0, 5.1, 5.2, and 5.3. An authenticated user can cause a denial of service when creating new databases due to improper allocation of resources. The CVSS data indicates a Network...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 7:4 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities in the cryptography package

Summary IBM Cloud Pak for Data System CPDS 1.0 uses the Python cryptography package, which is affected by multiple security vulnerabilities. CVE-2026-34073 involves improper certificate validation where DNS name constraints are only validated against SANs within child certificates and not the "pe...

9.8CVSS5.5AI score0.00652EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:22 a.m.6 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by insufficient verification of data authenticity in PyJWT

Summary IBM Cloud Pak for Data System CPDS 1.0 uses the PyJWT library, a JSON Web Token implementation in Python. CVE-2026-32597 affects PyJWT's validation of the crit Critical Header Parameter as defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT do...

7.5CVSS5.4AI score0.00269EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 6:7 a.m.10 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include denial of service issues in the Linux kernel and Python components, command injection vulnerabilities in Python's imapli...

8.8CVSS7.6AI score0.01525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 3:55 p.m.7 views

Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not...

9.9CVSS7.6AI score0.01161EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 10:12 a.m.14 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 2 Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The...

9.8CVSS7AI score0.01735EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/05/26 5:16 p.m.13 views

CVE-2025-36220

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

9.8CVSS0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 3:55 p.m.8 views

CVE-2025-36221

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 3:55 p.m.10 views

CVE-2025-36221 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 3:54 p.m.11 views

EUVD-2025-209931

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

4.3CVSS5.9AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 3:54 p.m.24 views

CVE-2025-36220

Summary of CVE-2025-36220 : IBM Cloud Pak for Data System, Cyclops component, versions 11.3.0.2 through Interim Fix 002, is vulnerable to SQL injection. The root cause is improper handling of SQL commands in the Cyclops backend, allowing a remote attacker to view, add, modify, or delete data in t...

9.8CVSS5.9AI score0.0031EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder