CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

IBM Security Bulletins•added 2025/05/16 7:21 p.m.•26 views

Security Bulletin: Vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework. Vulnerabilities include an attacker and remote attacker could exploit these vulnerabilities to execute arbitrary code on the...

9.8CVSS8.8AI score0.32257EPSS

Exploits8Affected Software1

IBM Security Bulletins•added 2025/05/08 2:39 p.m.•14 views

Security Bulletin: VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system and this could affect watsonx.data...

5.3CVSS6.6AI score0.00631EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/05/01 7:54 p.m.•11 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a denial of service in VMware Tanzu Spring [CVE-2024-38809]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in VMware Tanzu Spring, caused by improper input validation CVE-2024-38809. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...

5.3CVSS6.8AI score0.00858EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/05/01 7:50 p.m.•7 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an authorization bypass in VMware Tanzu Spring [CVE-2024-38827]

Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in VMware Tanzu Spring, due to Locale dependent exceptions in the usage of usage of String.toLowerCase and String.toUpperCase CVE-2024-38827. VMware Tanzu Spring is used in our Speech microservices. This...

4.8CVSS6.2AI score0.00377EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/05/01 7:49 p.m.•13 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38819]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web framework: WebMvc.fn or WebFlux.fn CVE-2024-38819. VMware Tanzu Spring is used in our Speech microservices. This...

7.5CVSS6.3AI score0.54862EPSS

Exploits6Affected Software1

IBM Security Bulletins•added 2025/05/01 7:47 p.m.•13 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38816]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web frameworks: WebMvc.fn or WebFlux.fnCVE-2024-38816. VMware Tanzu Spring is used in our Speech microservices. This...

7.5CVSS6.1AI score0.14595EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/29 2:34 a.m.•102 views

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu...

7.8CVSS9.9AI score0.0616EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2025/04/15 2:48 a.m.•75 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2025/03/28 8:45 p.m.•15 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2024-38827)

Summary A vulnerability in VMware Tanzu Spring Security that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a locale dependent...

4.8CVSS6.8AI score0.00377EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/03/26 4:8 a.m.•111 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

9.8CVSS9.8AI score0.99999EPSS

Exploits22Affected Software1

IBM Security Bulletins•added 2025/03/26 3:55 a.m.•49 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

9.8CVSS10AI score0.03635EPSS

Exploits8Affected Software1

IBM Security Bulletins•added 2025/03/26 3:54 a.m.•63 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

9.8CVSS9.2AI score0.32257EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2025/02/05 12:58 a.m.•48 views

Security Bulletin: spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services (CVE-2024-22259)

Summary spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services CVE-2024-22259 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.1CVSS6.2AI score0.03967EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/02/03 11:4 p.m.•52 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.

Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...

8.2CVSS9.2AI score0.8496EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2025/02/03 10:48 p.m.•39 views

Security Bulletin: Due to the use of VMWare Tanzu Spring Framework, IBM DevOps Build is vulnerable to remote attacker to conduct phising attacks

Summary IBM DevOps Build 7.0.0.2 addresses CVE-2024-22259 by updating spring-web jar.. Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation...

8.1CVSS8AI score0.03967EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/01/30 3:1 p.m.•17 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a special...

5.3CVSS5.5AI score0.00858EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/30 2:17 p.m.•13 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

4.3CVSS5.7AI score0.00536EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•30 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in VMware Tanzu Spring [CVE-2024-38816]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in VMware Tanzu Spring, caused by a path traversal attack in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn CVE-2024-38816. VMware Tanzu Spring is us...

7.5CVSS6AI score0.14595EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2024-38808)

Summary A vulnerability in VMware Tanzu Spring Framework that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

4.3CVSS6.7AI score0.00536EPSS

Exploits0Affected Software1

NVD•added 2024/12/04 9:15 p.m.•41 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00369EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by