Lucene search
K

73 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 2:39 p.m.58 views

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.19. for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

8.1CVSS6.8AI score0.01361EPSS
Exploits2Affected Software1
Snyk
Snyk
added 2026/01/06 3:37 a.m.4 views

Malicious Package

Overview usaa-authentication-mocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:36 p.m.8 views

Security Bulletin: IBM Copy Services Manager may be affected by a vulnerabilities due to default security configuration allowing cross site scripting

Summary A vulnerability has been found that allows cross site scripting once a user has been authenticated or unauthenticated into the server. Although likelihood of this issue being exploited is very low, IBM Copy Services Manager frequently updates configuration files in the product dependency...

6.1CVSS5.5AI score0.00197EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/10/29 10:51 p.m.3 views

Malicious Package

Overview airbnb-base-typescript-prettier is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS6.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 4:9 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression DoS and command injection due to the python package (CVE-2024-6232, CVE-2024-9287)

Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...

7.8CVSS7AI score0.02203EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 6:26 p.m.8 views

Security Bulletin: IBM OpenPages express-4.21.1.tgz vulnerability fixes (CVE-2024-52798)

Summary Security vulnerabilities related to express-4.21.1.tgz have been resolved in the latest IBM OpenPages fix packs for both versions 9.0 and 8.3. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases,...

8.7CVSS7.4AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 5:53 p.m.9 views

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

8.7CVSS6.8AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 7:2 a.m.6 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2025-36038)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

9.8CVSS7.6AI score0.08023EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 9:19 p.m.6 views

Security Bulletin: IBM Fusion Data Catalog Service is vulnerable to elevated container linux kernel privileges (CVE-2022-0185)

Summary IBM Fusion's Data Catalog Service containers previously required certain elevated linux kernel privileges. CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context...

8.4CVSS6.6AI score0.25151EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 3:48 p.m.6 views

Security Bulletin: An unsafe reading of environment file could potentially cause a denial of service in Netty, affecting watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. These could affect watsonx.data. Vulnerability...

5.5CVSS6.7AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:27 p.m.6 views

Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Protect Operations Center (CVE-2025-23184).

Summary IBM Storage Protect Operations Center is affected by denial of service due to Apache CXF used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...

7.5CVSS5.6AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/20 6:47 a.m.7 views

Security Bulletin: IBM Cloud Pak for Data Object Injection due to YAML Parsing in RDoc gem (CVE-2024-27281)

Summary Potential vulnerabilities in rdoc module CVE-2024-27281 has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27281 DESCRIPTION: An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in...

4.5CVSS8.5AI score0.01571EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/17 8:28 a.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to axios ( CWE-1333)

Summary Potential vulnerabilities in axios module has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details IBM X-Force ID: 386108 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the format method. By...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/17 8:17 a.m.18 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Prototype Pollution due to ejs package ( CVE-2024-33883)

Summary Potential vulnerabilities in ejs package has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-33883 DESCRIPTION: The ejs aka Embedded JavaScript templates package before 3.1.10 for Node.js lacks certain pollution protection. CWE:CWE-693:...

4CVSS4.5AI score0.00614EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 7:12 p.m.13 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Cross-site Scripting (XSS) due to express.js ( CVE-2024-43796 )

Summary Potential vulnerabilities in express.js package CVE-2024-43796 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after...

5CVSS6.8AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 9:16 a.m.13 views

Security Bulletin: IBM Cloud Pak for Data s vulnerable to Improper Input Validation due to follow-redirects ( CVE-2023-26159 )

Summary Potential vulnerabilities in follow-redirects module has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper...

7.3CVSS6.6AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:21 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive header drop in Golang/net/http [CVE-2024-45336]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive header drop in Golang/net/http, which can occour following a cross-domain redirect CVE-2024-45336. The Golang/net/http package is used as part of our speech utilities. This vulnerabilitiy has been addressed. Please read the...

6.1CVSS6.5AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:9 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Jinja [CVE-2025-27516]

Summary IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Jinja, due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter CVE-2025-27516. Jinja is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the...

8.8CVSS7.2AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 1:58 a.m.15 views

Security Bulletin: A vulnerability in Watson NLP affects IBM Robotic Process Automation (CVE-2024-56171).

Summary A vulnerability in Watson NLP affects IBM Robotic Process Automation CVE-2024-56171. Watson NLP is used by IBM Robotic Process Automation for Natural Language Processing. This bulletin identifies the fixes required to address the vulnerablity. Vulnerability Details CVEID:CVE-2024-56171...

9.8CVSS8.1AI score0.0113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/09 4:36 a.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to injection due to cookie package ( CVE-2024-47764 )

Summary Potential vulnerabilities in cookie package CVE-2024-47764 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other...

6.9CVSS6.8AI score0.00749EPSS
Exploits0Affected Software1
Rows per page
Query Builder