Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 7:44 p.m.2 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 8 to address the issues. Vulnerability...

7.8CVSS7.3AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 7:16 p.m.5 views

Security Bulletin: IBM Storage Scale versions 5.2.3.0 and 5.2.3.1 are affected by a security vulnerability that can allow unauthorized access to user files (CVE-2025-36104)

Summary IBM has identified a data access problem in IBM Storage Scale 5.2.3.0 and 5.2.3.1 regarding the SMB protocol and acccess control lists ACLs. The problem occurs with the use of inherited ACLs on directories or files that are created or modified through the SMB protocol. A fix for this...

6.5CVSS6.3AI score0.00249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 4:54 p.m.4 views

Security Bulletin: PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component which affects IBM watsonx.data

Summary PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. These can affect...

4.4CVSS6.9AI score0.00384EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 4:49 p.m.3 views

Security Bulletin: Using untrusted strings with .replace on Babel-compiled regex named capturing groups can lead to performance degradation, which affects IBM watsonx.data

Summary Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific...

6.2CVSS7AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 4:40 p.m.9 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with WebSphere Remote Server, is affected by an arbitrary code execution vulnerability (CVE-2025-36038)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS7.6AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 3:41 p.m.15 views

Security Bulletin: Apache Tomcat Path Equivalence Vulnerability Enables RCE and Information Disclosure in Versions, which affects IBM watsonx.data

Summary Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1...

10CVSS8.3AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 3:23 p.m.3 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

7.8CVSS7.6AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 11:5 a.m.9 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2025-36038)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

9.8CVSS6.7AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 10:27 a.m.14 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to cross-site scripting via searchWord parameter.

Summary IBM Jazz for Service Management is vulnerable to cross-site scripting, allowing malicious scripts to be executed via the searchWord parameter on the static help page CVE-2024-52892. Vulnerability Details CVEID:CVE-2024-52892 DESCRIPTION: IBM Jazz for Service Management is vulnerable to...

6.1CVSS6AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 8:54 a.m.6 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

7.8CVSS6.5AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 6:0 a.m.12 views

Security Bulletin: Vulnerabilities in libsoup library (CVE-2025-32050, CVE-2025-32052, CVE-2025-32053, CVE-2025-32906, CVE-2025-32911, CVE-2025-32913, CVE-2025-46420, CVE-2025-46421) affect Power HMC.

Summary The libsoup library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-32050 DESCRIPTION: A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer...

9CVSS8.2AI score0.00832EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 9:42 p.m.4 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component...

7.8CVSS7AI score0.00688EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 1:50 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

7.8CVSS7.2AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 11:33 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in httpclient5-5.4.2.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of httpclient5-5.4.2.jar Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification...

7.5CVSS6.6AI score0.00745EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 11:19 a.m.13 views

Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS

Summary Vulnerabilities exist in IBM Netezza Analytics - NPS are addressed in 11.2.29 Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large...

10CVSS8.8AI score0.99019EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 8:9 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to runtime-7.24.8.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz CVE-2025-27789

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to runtime-7.24.8.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz CVE-2025-27789. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compil...

6.2CVSS6.3AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 7:22 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in path-to-regexp-0.1.10.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of path-to-regexp-0.1.10.tgz Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

8.7CVSS6.8AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 7:9 a.m.3 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

7.8CVSS6.3AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 7:7 a.m.4 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

7.8CVSS6.5AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/11 12:47 a.m.10 views

Security Bulletin: Security vulnerabilities were found in IBM Verify Identity Access Digital Credentials (CVE-2025-48387, CVE-2025-5889)

Summary Security vulnerabilities were addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside...

8.7CVSS4.2AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 6:31 p.m.6 views

Security Bulletin: IBM OpenPages fixes vulnerability that exposes information about workflow configuration and internal details due to insufficient access control checks

Summary Vulnerability that exposes information about workflow configuration and internal details due to insufficient access control checks in IBM OpenPages has been addressed in the latest IBM OpenPages fix pack for 9.0 version. Vulnerability Details CVEID:CVE-2025-2670 DESCRIPTION: IBM OpenPages...

4.3CVSS5.9AI score0.00216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 6:26 p.m.8 views

Security Bulletin: IBM OpenPages express-4.21.1.tgz vulnerability fixes (CVE-2024-52798)

Summary Security vulnerabilities related to express-4.21.1.tgz have been resolved in the latest IBM OpenPages fix packs for both versions 9.0 and 8.3. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases,...

8.7CVSS7.4AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 6:25 p.m.8 views

Security Bulletin: IBM OpenPages API permission security fixes

Summary Security fixes for a set of APIs that allowed unprivileged users to access sensitive information have been included in the latest IBM OpenPages fix packs for both versions 9.0 and 8.3. Vulnerability Details CVEID:CVE-2025-1112 DESCRIPTION: IBM OpenPages with Watson could allow an...

4.3CVSS5.9AI score0.00194EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 6:4 p.m.8 views

Security Bulletin: IBM OpenPages encryption fixes and enhancements

Summary Multiple encryption fixes and enhancements with IBM OpenPages have been addressed in the latest IBM OpenPages fixpacks for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-49784 DESCRIPTION: IBM OpenPages could provide weaker than expected security in storage of encrypted...

6.5CVSS7AI score0.00265EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 5:53 p.m.9 views

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

8.7CVSS6.8AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 3:47 p.m.4 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2025-36038)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed ...

9.8CVSS7.7AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 3:41 p.m.5 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-36038)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

9.8CVSS7.5AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 3:24 p.m.5 views

Security Bulletin: Security Vulnerabilities in Java affect IBM Voice Gateway

Summary Security Vulnerabilities in Java affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact. CWE:CWE-284...

7.8CVSS7.2AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 9:5 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on t...

8.1CVSS6.6AI score0.03967EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 9:2 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in dompurify-2.5.8.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of dompurify-2.5.8.tgz Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CWE:CWE-79:...

6.1CVSS6.3AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 9:1 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in netty-common-4.1.115.Final.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of netty-common-4.1.115.Final.jar Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. ...

5.5CVSS6.8AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 8:59 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webmvc-5.3.27.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webmvc-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack. CWE:CWE-400: Uncontrolled Resource...

5.3CVSS6.7AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 8:58 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in nanoid-2.1.11.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of nanoid-2.1.11.tgz Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop with Unreachable Exit Condition...

4.3CVSS6.7AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 8:57 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in...

4.8CVSS6.5AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 8:55 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in kafka-clients-3.4.0.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of kafka-clients-3.4.0.jar Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...

6.5CVSS6.7AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 8:54 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in netty-common-4.1.100.Final.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of netty-common-4.1.100.Final.jar Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...

5.5CVSS6.7AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 8:52 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cookie-0.4.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cookie-0.4.1.tgz Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in a...

6.9CVSS6.6AI score0.00749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 12:1 a.m.7 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by arbitrary code execution (CVE-2025-36038)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by arbitrary code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions...

9.8CVSS7.8AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 11:59 p.m.5 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by arbitrary code execution (CVE-2025-36038)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by arbitrary code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...

9.8CVSS7.8AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 11:57 p.m.6 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by arbitrary code execution (CVE-2025-36038)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by arbitrary code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...

9.8CVSS7.7AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 11:21 p.m.20 views

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Unrestricted File Upload, Information Disclosure, Java Source Map and Verbose Messaging vulnerabilities. This Security...

10CVSS8.1AI score0.99945EPSS
Exploits59Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 5:38 p.m.18 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and improper input validation [CVE-2025-3262] [CVE-2025-3263] [CVE-2025-3264] [CVE-2025-3777]

Summary Python module transformers is used by IBM App Connect Enterprise Certified Container by the mapping assistance capability. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and improper input validatio...

7.5CVSS7.7AI score0.00431EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 5:5 p.m.14 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CWE:CWE-1286: Improper...

7.6CVSS8.3AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 4:31 p.m.10 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been remediated. Vulnerability Details CVEID:CVE-2025-33104 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to...

7.6CVSS6.9AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 4:3 p.m.4 views

Security Bulletin: Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering which affects IBM watsonx.data

Summary Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements. These can affect watsonx.data. Vulnerability...

5.4CVSS5.9AI score0.00293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 3:19 p.m.40 views

Security Bulletin: Oracle Outside In Technology (OIT) security vulnerabilities in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT CVE-2024-45492, CVE-2024-25269, CVE-2024-36052, CVE-2023-39743 security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2024-45492 DESCRIPTION: libexpat could allow a local...

9.8CVSS8.9AI score0.01393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 3:16 p.m.16 views

Security Bulletin: Apache Axis1 CVE-2023-51441 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration

Summary Apache Axis1 CVE-2023-51441 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input...

7.2CVSS6.8AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 10:38 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in commons-io-2.8.0.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of commons-io-2.8.0.jar Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consu...

4.3CVSS8.4AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 9:6 a.m.7 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

9.8CVSS6.6AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 7:26 a.m.7 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download RFD attack.The filename is derived from user-supplied input but sanitized by the application. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION:...

6.5CVSS6.5AI score0.00533EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35598