Lucene search
K

607 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/02/06 9:7 a.m.45 views

Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804.

Summary IBM Maximo Application Suite uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...

8.1CVSS6.9AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 9:38 a.m.32 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804 and CVE-2023-45803

Summary IBM Maximo Application Suite - IoT Component uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804 and CVE-2023-45803. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3...

8.1CVSS6.5AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 1:53 p.m.14 views

Security Bulletin: There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43642)

Summary There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By...

7.5CVSS7.4AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 1:44 p.m.31 views

Security Bulletin: There is a vulnerability in jetty-http-9.4.51.v20230217.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-40167 and CVE-2023-36478)

Summary There is a vulnerability in jetty-http-9.4.51.v20230217.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header...

7.5CVSS7.1AI score0.03754EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 2:4 p.m.20 views

Security Bulletin: There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (IBM X-Force ID: 256137)

Summary There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/23 7:9 a.m.45 views

Security Bulletin: IBM Maximo Application Suite uses Remote Integer Buffer Overflow Vulnerability which is vulnerable to CVE-2017-7529

Summary IBM Maximo Application Suite uses Remote Integer Buffer Overflow Vulnerability which is vulnerable to CVE-2017-7529. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2017-7529 DESCRIPTION: Nginx could allow a remote attacker t...

7.5CVSS7.5AI score0.62597EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 8:11 p.m.28 views

Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-44730 and CVE-2022-44729)

Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a...

7.1CVSS5.4AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 8:8 p.m.29 views

Security Bulletin: There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-47718)

Summary There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-47718 DESCRIPTION: IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious...

8.8CVSS6.4AI score0.00295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 6:29 p.m.40 views

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

9.8CVSS9.3AI score0.99615EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 5:15 p.m.20 views

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to Blind Server-Side Request Forgery (CVE-2023-32337)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to Blind Server-Side Request Forgery CVE-2023-32337 Vulnerability Details CVEID:CVE-2023-32337 DESCRIPTION: IBM Maximo Spatial Asset Management is vulnerable to server-side request forgery SSRF. This may allow an...

5.4CVSS5.3AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/01 12:45 p.m.27 views

Security Bulletin: IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857

Summary IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/26 11:30 a.m.37 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. [CVE-2023-39017]

Summary IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: Quartz Job Scheduler could allow a remote attacker to execut...

9.8CVSS9.8AI score0.01017EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/19 5:20 p.m.30 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses Pygments-2.14.0-py3-none-any.whl which is vulnerable to CVE-2022-40896

Summary IBM Maximo Application Suite - IoT Component uses Pygments-2.14.0-py3-none-any.whl which is vulnerable to CVE-2022-40896. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2022-40896 DESCRIPTION: Pygments is vulnerable to a...

5.5CVSS5.7AI score0.00503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/19 4:51 p.m.24 views

Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804

Summary IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...

8.1CVSS6.9AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 5:10 a.m.42 views

Security Bulletin: IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635

Summary IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by...

7.5CVSS6.5AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 8:23 p.m.20 views

Security Bulletin: IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920

Summary IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tug...

9.8CVSS8.4AI score0.00468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 2:8 p.m.33 views

Security Bulletin: IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010_x86_64.whl which is vulnerable to CVE-2023-41419

Summary IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010x8664.whl which is vulnerable to CVE-2023-41419. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to...

9.8CVSS9.6AI score0.01334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 11:58 a.m.24 views

Security Bulletin: Apache Commons Compress component is vulnerable to CVE-2023-42503 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Apache Commons Compress package which is vulnerable to CVE-2023-42503. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to ope...

5.5CVSS6.2AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 5:24 p.m.22 views

Security Bulletin: Gevent, used in IBM Maximo Application Suite - Monitor Component, is vulnerable to CVE-2023-41419 which allows remote attackers to escalate privileges.

Summary IBM Maximo Application Suite - Monitor Component uses gevent, which is vulnerable to CVE-2023-41419. An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. This bulletin identifies the steps to take to...

9.8CVSS9.6AI score0.01334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 7:18 p.m.53 views

Security Bulletin: Netty is vulnerable to CVE-2023-4586 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty which is vulnerable to CVE-2023-4586. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by th...

7.4CVSS7.3AI score0.00448EPSS
Exploits0Affected Software1
Rows per page
Query Builder