Lucene search
K

34 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 5:25 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2025-13466

Summary body-parser is used by the IBM Datapower Operations Dashboard as part of their network implementation Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of...

6.9CVSS5.5AI score0.00342EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 5:21 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Authentication Bypass by Alternate Name CVE-2025-14777

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14777 DESCRIPTION: A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization...

6CVSS5.5AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:40 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Time-of-check Time-of-use Race Condition CVE-2026-1035

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14559 DESCRIPTION: A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh toke...

6.5CVSS5.4AI score0.00443EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:37 p.m.8 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Server-side Request Forgery CVE-2026-1180

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1180 DESCRIPTION: A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjw...

5.8CVSS5.6AI score0.00363EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:22 p.m.8 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Directory Traversal CVE-2026-23745

Summary node-tar is used by the IBM Datapower Operations Dashboard as part of their server implementation Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries wh...

8.2CVSS5.5AI score0.00334EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 3:52 p.m.10 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Improper Authorization CVE-2026-2733

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-2733 DESCRIPTION: A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker...

3.8CVSS5.3AI score0.0033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 1:42 p.m.12 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2025-12183

Summary LZ4 is used by the IBM Datapower Operations Dashboard for their compression and xxHash hashing algorithm Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read...

8.8CVSS7.8AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:18 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP Parameter Pollution CVE-2025-7783

Summary form-data is used by the IBM Datapower Operations Dashboard for their streaming implementation Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with...

9.4CVSS7.1AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:34 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

7.5CVSS7.4AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:32 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS5.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:28 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-34109

Summary zxcvbn is used by the IBM Datapower Operations Dashboard to improve password security Vulnerability Details CVEID:CVE-2023-34109 DESCRIPTION: zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform whic...

7.5CVSS5.7AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:27 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to improper resource shutdown or release CVE-2025-61795

Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in their HTTP web server implementation Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...

5.3CVSS5.7AI score0.01139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/09 1:33 p.m.8 views

Security Bulletin: IBM Datapower Operations Dashboard could be vulnerable to an out-of-memory (OOM) issue CVE-2025-2240

Summary Smallrye is used by the IBM Datapower Operations Dashboard for repository hosting including build, CI, and release publishing setup Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM...

7.5CVSS6.3AI score0.00908EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/08 3:14 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a potential data leak CVE-2025-49574

Summary vert.x is used in KeyCloak which is used by the IBM Datapower Operations Dashboard for authentication and authorization Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to...

6.4CVSS6.4AI score0.0025EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/26 7:7 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard could potentially cause SSRF and credential leakage CVE-2025-27152

Summary Axios is used by the IBM Datapower Operations Dashboard for HTTP requests to communicate with servers or APIs Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...

8.7CVSS5.4AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/26 7:6 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could cause a native crash CVE-2025-24970

Summary Netty is used by the IBM Datapower Operations Dashboard for it's network application framework implementation Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final an...

7.5CVSS6.6AI score0.01966EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/26 7:4 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard could cause a denial of service CWE-1321

Summary Axios is used by the IBM Datapower Operations Dashboard for HTTP requests to communicate with servers or APIs Vulnerability Details IBM X-Force ID: 294242 DESCRIPTION: Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function...

7.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.43 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to obtain sensitive information CVE-2024-38476

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38476 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend...

9.8CVSS6.4AI score0.41611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.30 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...

7.5CVSS6.6AI score0.03153EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.34 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

8.1CVSS6.7AI score0.25878EPSS
Exploits1Affected Software1
Rows per page
Query Builder