Lucene search
+L

1896 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 1:36 a.m.35 views

Security Bulletin: IBM QRadar SIEM is vulnerable to improper certificate validation (CVE-2021-29755)

Summary IBM Qradar SIEM does not preform proper certificate validation for some inter-host communications. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-29755 DESCRIPTION: IBM Qradar SIEM does not preform proper certificate validation for some inter-host...

7.5CVSS7.5AI score0.00483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/25 6:41 p.m.9 views

Security Bulletin: IBM Match 360 is vulnerable to a denial of service from IBM WebSphere Application Server Liberty vulnerability found in Google Protocol Buffers (CVE-2024-7254)

Summary IBM Match 360 is vulnerable to a denial service from IBM WebSphere Application Server Liberty use of vulnerable Google Protocol Buffers. This affects IBM WebSphere Application Server Liberty 20.0.0.12 - 24.0.0.10 with the specified features enabled. Any project that parses untrusted...

8.7CVSS7AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/25 6:17 p.m.25 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerabili...

5.5CVSS6.8AI score0.00384EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:52 p.m.30 views

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by confidentiality vulnerability (CVE-2015-7399)

Summary WebSphere Message Broker and IBM Integration Bus could allow a potential attacker to identify the technology used to handle incoming HTTP requests Vulnerability Details CVEID: CVE-2015-7399 DESCRIPTION: IBM Integration Bus could allow a potential attacker to identify the technology used t...

5.3CVSS5.4AI score0.01869EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/04 2:25 p.m.14 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2023-52426 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-52426 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an XML entity expansion flaw if XMLDT...

5.5CVSS6.3AI score0.00373EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.5 views

IBM Cognos Analytics 路径遍历漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist organizations in adjusting their decisions by analyzing such things as key factors and key people. A path traversal...

6.5CVSS6.5AI score0.00553EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 10:33 p.m.59 views

Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...

10CVSS9.9AI score0.97655EPSS
Exploits10Affected Software1
SUSE Linux
SUSE Linux
added 2025/02/24 10:46 a.m.6 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 bsc1236470: CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API bsc1236278. Patch Instructions: To install this SU...

6.3CVSS7.4AI score0.00971EPSS
Exploits0References10
SUSE Linux
SUSE Linux
added 2025/02/24 10:45 a.m.3 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 bsc1236470: CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API bsc1236278. Patch Instructions: To install this SU...

6.3CVSS6.8AI score0.00971EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/20 6:8 a.m.12 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-52304 (Low) detected in aiohttp-3.9.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-52304

Summary IBM Maximo Application Suite Predict Component uses CVE-2024-52304 Low detected in aiohttp-3.9.2-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-52304. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.4AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/20 6:1 a.m.17 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl Publicly disclosed vulnerability found by Mend CVE-2024-47874. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.7CVSS6.3AI score0.00658EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 6:4 a.m.7 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Java SDK (CVE-2022-40609)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.8CVSS7.8AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/31 2:15 p.m.9 views

Security Bulletin: IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

Summary IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting CVE-2024-49349. Vulnerability Details CVEID:CVE-2024-49349 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services is vulnerable to cross-site scripting. This...

6.1CVSS6AI score0.00217EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.23 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMwa...

9.1CVSS6.4AI score0.01726EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...

7.5CVSS6.6AI score0.54862EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM Match 360 is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Match 360 is vulnerable to an XML External Entity XXE injection because of a vulnerable found in IBM Websphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

7CVSS6.9AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.5CVSS5.3AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.21 views

Security Bulletin: IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168

Summary IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: gRPC on Node.js is vulnerable to a denial of service, caused ...

5.3CVSS6.7AI score0.00671EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS7.2AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.27 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.4AI score0.00568EPSS
Exploits0Affected Software1
Rows per page
Query Builder