CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application CVE-2024-40094 Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

5.3CVSS7AI score0.1753EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2024/08/26 7:14 a.m.•21 views

Security Bulletin: IBM Storage Scale Install toolkit may be affected by a vulnerability in Jinja (CVE-2024-34064)

Summary There is a vulnerability in Jinja, used by Storage Scale Install toolkit which could allow a remote attacker to steal the victim's cookie-based authentication credentials. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the...

5.4CVSS5.9AI score0.0123EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/07/09 3:37 p.m.•35 views

Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL...

10CVSS9.8AI score0.0035EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/05/13 2:27 p.m.•34 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.5CVSS5.2AI score0.00339EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/03/13 9:45 p.m.•182 views

Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Asset Management (CVE-2023-43643)

Summary There is a vulnerability in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2023-43643 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using...

6.1CVSS6.4AI score0.00463EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/01/03 11:3 a.m.•29 views

Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted...

5.3CVSS6.7AI score0.62079EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2023/12/29 7:44 a.m.•68 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects App Connect Professional.

Summary App Connect Professional has addressed the following vulnerability reported in Apache ActiveMQ. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused by an...

10CVSS9.7AI score0.94436EPSS

Exploits30Affected Software1

IBM Security Bulletins•added 2023/12/14 5:21 p.m.•32 views

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses Apache ActiveMQ software, as a core module in processing analytics data. The vulnerability CVE-2023-46604 found in Apache ActiveMQ could be exploited to download and infect Linux systems with the Kinsing malware. This bulletin identifies t...

10CVSS9.5AI score0.94436EPSS

Exploits30Affected Software1

IBM Security Bulletins•added 2023/11/16 10:16 a.m.•44 views

Security Bulletin: A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2023-37920)

Summary A vulnerability in Certifi package may affect the IBM Storage Scale call home feature. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CVSS Base score: 7.5 CVSS...

9.8CVSS7.8AI score0.00119EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/10/26 8:49 p.m.•61 views

Security Bulletin: There is a vulnerability in netty used by IBM Maximo Asset Management (CVE-2023-34462)

Summary There is a vulnerability in netty used by IBM Maximo Asset Management CVE-2023-34462. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the...

6.5CVSS7.1AI score0.00736EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/09/22 10:43 a.m.•36 views

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Workload Scheduler is vulnerable to an unspecified vulnerability.

Summary IBM® SDK Java™ Technology Edition is used by IBM Workload Scheduler. CVE-2023-21830, CVE-2023-21843 Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of...

5.3CVSS5.5AI score0.00135EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/09/22 7:30 a.m.•39 views

Security Bulletin: Vulnerability in Apache MINA SSHD package may affect IBM Storage Scale GUI (CVE-2022-25883)

Summary There is a vulnerability in Apache MINA SSHD package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, cause...

7.5CVSS6.6AI score0.00598EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/07/17 12:21 p.m.•21 views

Security Bulletin: A vulnerability in OpenStack Swift affects IBM Storage Scale environments with the S3 capability of Object protocol enabled (CVE-2022-47950)

Summary IBM Storage Scale, shipped with OpenStack Swift, is exposed to vulnerabilities as detailed below. The exposure to this vulnerability only exists if the Object protocol has been configured with S3 enabled. Vulnerability Details CVEID:CVE-2022-47950 DESCRIPTION: OpenStack Swift could allow ...

6.5CVSS6.5AI score0.00249EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/06/26 4:56 a.m.•53 views

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code

Summary Logback could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...

9.8CVSS8.1AI score0.10144EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/05/30 4:14 p.m.•20 views

Security Bulletin: IBM Copy Services Manager is vulnerable to crypto attack vulnerabilities due to IBM Java 8 vulnerabilities.

Summary IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Java 8.0.7.0 through 8.0.7.11. IBM Java is used by IBM Copy Services Manager as a code base and virtal machine runtime. The following vulnerabilities have been identified: CVE-2023-30441...

7.5CVSS7.8AI score0.00059EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/05/02 12:17 p.m.•36 views

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can cause denial of service (CVE-2022-41881)

Summary A vulnerability in IBM Spectrum Scale Transparent Cloud Tiering could allow a remote attacker to cause a denial of service condition. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder...

7.5CVSS6.2AI score0.00448EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/04/20 2:28 a.m.•39 views

Security Bulletin: Unprivileged GPU access vulnerability - CVE-2013-5987

Summary NVIDIA device driver bug that could allow an unprivileged user to control target system. Vulnerability Details Abstract NVIDIA device driver bug that could allow an unprivileged user to control target system. Content Vulnerability Details: CVE ID : CVE-2013-5987 Description: NVIDIA Graphi...

7.2CVSS7.2AI score0.00138EPSS

Exploits0

IBM Security Bulletins•added 2023/04/13 5:5 p.m.•38 views

Security Bulletin: Vulnerability Identified in Cloud Pak System (CVE-2020-4914)

Summary Invalidate session vulnerability identified in IBM Cloud Pak System UI and Rest API at logout. IBM Cloud Pak System has addressed vulnerability. Vulnerability Details CVEID:CVE-2020-4914 DESCRIPTION: IBM Cloud Pak System does not invalidate session after logout which could allow a local...

5.5CVSS4.6AI score0.00073EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/03/31 2:4 p.m.•44 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 for Linux, UNIX and Windows affect Cloud Pak System (CVE-2022-22389, CVE-2022-22390)

Summary IBM Db2 for Linux, UNIX and Windows is shipped with Cloud Pak System PSM and as PatternType pType . Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-22389 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to ...

7.5CVSS7.2AI score0.00529EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/03/23 6:6 p.m.•37 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to a bypass vulnerability due to the use of Python (CVE-2023-24329)

Summary A publicly disclosed vulnerability in Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-24329 Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a flaw in the urllib.parse...

7.5CVSS7.5AI score0.01445EPSS

Exploits3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by