CVE-2021-045960

IBM Robotic Process Automation for Cloud Pak 21.0.2 is affected by multiple vulnerabilities tied to Expat/libexpat and related components, including CVE-2021-045960. The bulletin lists Expat-derived CVEs impacting the base container images and the .NET 6 runtime, with various CVSS details. Remedi...

CVE-2022-44705

Technical details for CVE-2022-44705 are not publicly available in the provided documents. There is no information on affected products, impact, vectors, or remediation. Monitor for future updates.

CVE-2022-24476

CVE-2022-24476 affects IBM WebSphere Application Server Liberty (and Open Liberty) within IBM Watson Assistant for IBM Cloud Pak for Data, version ranges 17.0.0.3–22.0.0.7 and Open Liberty with authenticated identity spoofing via a specially crafted request. IBM Clover: vulnerable products includ...

CVE-2105-2342

VMware vCenter/ESXi advisory coverage CVE-2015-2342 and CVE-2015-5177 describing two issues: (1) a double-free in OpenSLP's SLPDProcessMessage() on ESXi that may allow unauthenticated remote code execution; (2) a vulnerable vCenter Server JMX RMI service that can permit remote code execution. The...

CVE-2021-44823

Technical details for CVE-2021-44823 are not publicly available in the provided documents. Monitor for updates as information may be released later.

CVE-2929-2773

Summary: IBM DataQuant for z/OS version 2.1 is affected by CVE-2020-2773 (referenced in the IBM bulletin as CVE-2929-2773 in this entry). The vulnerability is described as an unspecified issue in the Java SE Security component that could allow an unauthenticated attacker to cause a denial of serv...

CVE-2022-16126

Technical details for CVE-2022-16126 are not publicly available in the provided documents. No affected products, impact, or remediation are specified. Monitor for updates from official sources.

CVE-2021-41624

CVE-2021-41624 is associated with a memory-leak DoS in F5 BIG-IP. The CNNVD entry describes F5 BIG-IP as an application delivery platform and notes a memory leak vulnerability that triggers denial of service. The provided documents do not specify affected versions, vulnerable components, exploit ...

CVE-2022-41647

WordPress Optinly plugin (versions

CVE-2022-41295

CVE-2022-41295 affects IBM Robotic Process Automation products. IBM Robotic Process Automation Client may be vulnerable to sensitive data being stored in temporary managed memory, enabling exposure of data in memory during operation. Affected products/versions: IBM Robotic Process Automation for ...

CVE-2022-41293

Summary: IBM Robotic Process Automation (RPA) is vulnerable to insufficient protection of credentials created in the control center (CVE-2022-41293). The vulnerability affects IBM RPA for Cloud Pak (< 21.0.3), IBM RPA as a Service (< 21.0.3), and IBM RPA (

CVE-2020-35282

The connected IBM advisories confirm CVE-2020-35282 affects IBM WebSphere Application Server (WAS) when shipped with IBM Operations Analytics Predictive Insights. Affected: WAS 8.0, 8.5, 9.0 as part of Predictive Insights; vulnerability type: Server-Side Request Forgery (and related spoofing/remo...

CVE-2022-42013

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

CVE-2013-3013

Summary of CVE-2013-3013 context (IBM Smart Analytics System 5600): The related IBM security bulletin notes that the 5600 system’s management host runs Firefox configured to use the IBM Java SDK for Java Web Start, exposing the system to Java SDK vulnerabilities identified in CVEs such as CVE-201...

CVE-2019-4626

IBM InfoSphere Subscription Manager is affected by CVE-2019-4626, a Cross-Site Request Forgery in IBM InfoSphere Information Server components. Affected products and versions include IBM InfoSphere Information Server (11.3, 11.5, 11.7) and InfoSphere Information Server on Cloud (11.5, 11.7). The ...

CVE-2019-4717

IBM Jazz for Service Management (JazzSM) is affected by a cross-site scripting (XSS) vulnerability (CVE-2019-4717) in version 1.1.3. The issue enables a remote attacker to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credentials disclosure within ...

CVE-2019-4618

CVE-2019-4618 is confirmed in IBM InfoSphere Metadata Asset Manager (and Information Server on Cloud) with a Stored cross-site scripting vulnerability. Affected products/versions include IBM InfoSphere Metadata Asset Manager: 11.3, 11.5, 11.7 and IBM InfoSphere Information Server on Cloud: 11.5, ...

CVE-2019-4097

CVE-2019-4097 is a spoofing vulnerability in Platform System Manager (PSM) shipped with IBM Cloud Pak System/PureApplication System. An authenticated user could steal or manipulate customer sessions and cookies. Affected product: IBM Cloud Pak System (V2.3.0). CVSS Base score 4.3. Remediation: up...

CVE-2022-3102

CVE-2022-3102 affects the jwcrypto library, where the JWT/JWE handling can allow token substitution that may lead to authentication or authorization bypass. The issue arises from jwcrypto’s ability to auto-detect token types (JWS vs JWE) and, under certain conditions, substitute a signed JWS with...

CVE-2022-41160

The CVE-2022-41160 issue affects FreeRDP (FreeRDP, an open-source RDP implementation). Advisory texts state the vulnerability stems from improper region checks in FreeRDP prior to version 2.4.1, potentially affecting clients using gateway connections. SUSE advisories SUSE-SU-2022:2890-1 and SUSE-...