Lucene search
K

1339 matches found

CVE
CVE
added 2026/06/22 2:31 p.m.8 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/06/22 1:18 p.m.8 views

EUVD-2025-210299

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:15 p.m.6 views

EUVD-2024-55643

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:15 p.m.3 views

CVE-2024-54178

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:43 a.m.6 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...

9.3CVSS6.3AI score0.00952EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 9:16 a.m.8 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.x) Platform - Multiple Vulnerabilities in IBM Java

Summary IBM Cloud Pak for Data System CPDS 1.x Platform uses IBM Java versions that are affected by multiple critical vulnerabilities disclosed in the Oracle January 2026 CPU advisory. The vulnerabilities impact IBM Java 7.1 prior to 7.1.5.29 and 8.0 prior to 8.0.8.60. These vulnerabilities affec...

7.5CVSS5.5AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 8:14 a.m.8 views

Security Bulletin: IBM watsonx.ai on Cloud Pak for Data is vulnerable to python-Python-3.12.0b4 (Publicly disclosed vulnerability found by Mend) due to python pip package ( CVE-2023-5752, PRISMA-2022-0168)

Summary IBM watsonx.ai on Cloud Pak for Data internally uses CVE-2023-5752 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

5.5CVSS6.5AI score0.00476EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/26 3:55 p.m.18 views

CVE-2025-36221

Summary: CVE-2025-36221 affects IBM Cloud Pak for Data System – Cyclops 11.3.0.2 with Interim Fix 002. The root cause is the use of default passwords from the manufacturing process during installation, which could allow an attacker to bypass authentication. Impact (as documented): Authentication ...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 3:54 p.m.10 views

CVE-2025-36220 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

4.3CVSS5.9AI score0.0031EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:47 a.m.17 views

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NRS.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NRS addressed in 3.0.5.1. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

5.3CVSS6.7AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:40 a.m.13 views

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

7.5CVSS5.4AI score0.00962EPSS
Exploits3Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

IBM Cloud Pak for Data System 安全漏洞

IBM Cloud Pak for Data System is an enterprise data and AI integration platform provided by IBM. The version 11.3.0.2 of IBM Cloud Pak for Data System, as well as the Interim Fix 002, contain security vulnerabilities. These vulnerabilities stem from the use of default passwords during the...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:43 p.m.10 views

Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

8.7CVSS6.6AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:21 p.m.10 views

Security Bulletin: A vulnerability in the qs package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the qs package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled,...

7.5CVSS7.1AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/30 1:58 p.m.4 views

Security Bulletin: Watsonx.data Input Interpretation Vulnerability Could Enable Improper External Service Access

Summary Watonx.data could allow an authenticated user to interact with external services improperly due to interpretation conflicts of user supplied input. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36141 DESCRIPTION: IBM Lakehouse could allow an authenticated user to...

5.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:35 a.m.6 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper handling of Windows device names due to Werkzeug

Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. CVE-2025-66221 affects Werkzeug's handling of Windows device names, which could lead to improper resource handling and potential availability impact on Windows systems. This vulnerability relates to t...

6.3CVSS6.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:28 a.m.3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper handling of Windows device names due to Werkzeug

Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. CVE-2026-21860 affects Werkzeug's handling of Windows device names, which could lead to improper resource handling and potential availability impact on Windows systems. This vulnerability relates to t...

6.3CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:58 a.m.6 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by credential disclosure due to Python Requests library

Summary The Python Requests library is used by IBM Cloud Pak for Data System 1.0 to handle HTTP communications. CVE-2024-47081 affects Requests due to a URL parsing issue that may leak .netrc credentials to third parties when processing maliciously-crafted URLs. This vulnerability could result in...

5.3CVSS7AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 11:53 a.m.9 views

Security Bulletin: IBM Cloud Pak for Data System 2.0 is affected by credential leakage due to requests library

Summary The requests library is used by IBM Cloud Pak for Data System 2.0 as an HTTP library for Python applications. CVE-2024-47081 affects the requests library's URL parsing mechanism where a vulnerability allows .netrc credentials to be leaked to third parties when processing specific...

5.3CVSS5.8AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 5:44 a.m.8 views

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Master Data Management On Cloud Pak for Data

Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Master Data Management formerly known as IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2194...

7.5CVSS6.3AI score0.00864EPSS
Exploits1Affected Software1
Rows per page
Query Builder