Lucene search
K

3774 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:58 a.m.8 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager.

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.3.0.0, 6.2.4.4, and 6.2.3.6. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression i...

8.7CVSS6.2AI score0.02448EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 3:55 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Sterling Connect:Direct for Microsoft Windows

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013,...

8.7CVSS6.1AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 11:42 a.m.5 views

Security Bulletin: Vulnerability in IBM Sterling Order Management

Summary golang.org/x/net-v0.52.0 is vulnerable, When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2...

7.5CVSS5.8AI score0.00781EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:15 a.m.3 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and ifix. Vulnerability Details CVEID:CVE-2026-8149 DESCRIPTION: A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated wi...

9CVSS7.5AI score0.01815EPSS
Exploits10Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-7253

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

8.8CVSS0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:21 p.m.9 views

EUVD-2026-38266

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:21 p.m.3 views

CVE-2026-7253

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.8AI score0.002EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:21 p.m.33 views

CVE-2026-7253 IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS0.002EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:21 p.m.21 views

CVE-2026-7253

CVE-2026-7253 summary: IBM Watson Speech Services Cartridge is affected by a Server-Side Request Forgery (SSRF) in Sterling File Gateway. Affected versions are 4.0.0–5.3.1. The root cause is SSRF allowing an authenticated attacker to issue unauthorized requests from the system, with potential net...

8.8CVSS5.8AI score0.002EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:35 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

8.8CVSS5.3AI score0.002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 6:42 a.m.4 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by broken or risky algorithm.

Summary bcprov-jdk18on-1.81.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-14813, CVE-2026-5598. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all cor...

9.9CVSS5.3AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:27 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Regular Expression Denial of Service.

Summary picomatch-2.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33671, CVE-2026-33672. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression...

7.5CVSS5.7AI score0.00412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:20 p.m.8 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Regular Expression Denial of Service.

Summary minimatch-9.0.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

8.7CVSS5.4AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:16 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary IBM Java is used by IBM Sterling Connect:Direct Web Services CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily...

8.7CVSS5.4AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 4:9 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-2200...

8.7CVSS5.4AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:2 p.m.9 views

Security Bulletin: Security Vulnerability in Spring Cloud Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Cloud Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444:...

8.6CVSS7.9AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:54 p.m.8 views

Security Bulletin: Security Vulnerability in Nimbus Jose JWT Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-53864)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Nimbus Jose JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a...

5.8CVSS6.2AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:50 p.m.11 views

Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type...

7.5CVSS6.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:47 p.m.9 views

Security Bulletin: Security Vulnerability in Spring Boot Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-22235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Boot Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been create...

7.3CVSS7.1AI score0.00358EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:28 p.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...

7.5CVSS6.9AI score0.01916EPSS
Exploits2Affected Software1
Rows per page
Query Builder