Lucene search
K

1615 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 6:8 p.m.6 views

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities due to libexpat (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat. Vulnerability Details CVEID:CVE-2026-32776 DESCRIPTION: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CWE:CWE-476: NULL...

5.5CVSS5.9AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 3:29 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Vulnerability Details...

9.8CVSS5.8AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:12 p.m.8 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server could provide weaker than expected security when using the Security Utility to encode a secret. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security when using the...

9.8CVSS5.5AI score0.00173EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2026/03/17 11:16 p.m.3 views

CVE-2026-3856

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...

9.1CVSS5.8AI score0.00152EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 6:50 a.m.9 views

Security Bulletin: IBM Transformation Extender Advanced is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM WebSphere Application Server Liberty is used by IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine. Liberty has been updated to address CVE-2025-14923 which causes a weaker then expected security posture when using the Security Utility contained in...

9.8CVSS5.7AI score0.00173EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.12 views

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 5.5 IF 2 of IBM Db2 Recovery Expert contains a security vulnerability. This vulnerability stems from an insecure mechanism used to verify data integrity during transmission, which could allow attackers to modify or...

9.1CVSS5.8AI score0.00152EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 9:36 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS7.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/09 3:12 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when using the Security Utility to administer security settings. Vulnerability Details Refer to the security...

9.8CVSS5.8AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:3 p.m.6 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-12635, CVE-2025-14914. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere...

7.6CVSS6AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 7:18 p.m.6 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting...

7.5CVSS5.5AI score0.00244EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.10 views

CVE-2025-27899

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

5.3CVSS5.4AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.6 views

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

6.5CVSS5.5AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.10 views

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.5AI score0.00154EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 11:30 a.m.24 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow traditional - CVE-2025-46392

Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable version of Apache commons-configuration. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in...

6.5CVSS6.3AI score0.01663EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/17 10:18 p.m.12 views

CVE-2025-33135

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 Multiplatforms is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to...

6.1CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/17 9:37 p.m.6 views

CVE-2025-33135 IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 Multiplatforms is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to...

6.1CVSS5.1AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 8:22 p.m.5 views

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

6.5CVSS0.00112EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 8:22 p.m.3 views

CVE-2025-27900

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

6.1CVSS5.6AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 8:22 p.m.5 views

CVE-2025-27899

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 8:22 p.m.4 views

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

6.5CVSS5.7AI score0.00112EPSS
Exploits0References1
Rows per page
Query Builder