Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 11:21 p.m.20 views

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Unrestricted File Upload, Information Disclosure, Java Source Map and Verbose Messaging vulnerabilities. This Security...

10CVSS8.1AI score0.99945EPSS
Exploits59Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 5:38 p.m.18 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and improper input validation [CVE-2025-3262] [CVE-2025-3263] [CVE-2025-3264] [CVE-2025-3777]

Summary Python module transformers is used by IBM App Connect Enterprise Certified Container by the mapping assistance capability. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and improper input validatio...

7.5CVSS7.7AI score0.00431EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 5:5 p.m.14 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CWE:CWE-1286: Improper...

7.6CVSS8.3AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 4:31 p.m.10 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been remediated. Vulnerability Details CVEID:CVE-2025-33104 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to...

7.6CVSS6.9AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 4:3 p.m.4 views

Security Bulletin: Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering which affects IBM watsonx.data

Summary Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements. These can affect watsonx.data. Vulnerability...

5.4CVSS5.9AI score0.00293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 3:19 p.m.40 views

Security Bulletin: Oracle Outside In Technology (OIT) security vulnerabilities in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT CVE-2024-45492, CVE-2024-25269, CVE-2024-36052, CVE-2023-39743 security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2024-45492 DESCRIPTION: libexpat could allow a local...

9.8CVSS8.9AI score0.01393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 3:16 p.m.16 views

Security Bulletin: Apache Axis1 CVE-2023-51441 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration

Summary Apache Axis1 CVE-2023-51441 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input...

7.2CVSS6.8AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 10:38 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in commons-io-2.8.0.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of commons-io-2.8.0.jar Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consu...

4.3CVSS8.4AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 9:6 a.m.7 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

9.8CVSS6.6AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 7:26 a.m.7 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download RFD attack.The filename is derived from user-supplied input but sanitized by the application. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION:...

6.5CVSS6.5AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 7:25 a.m.23 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those...

7.5CVSS7.5AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 6:23 a.m.5 views

Security Bulletin: IBM OpenPages fixes multiple vulnerabilities

Summary Multiple vulnerabilities with IBM OpenPages have been addressed in the latest IBM OpenPages fixpack for 9.0 Vulnerability Details CVEID:CVE-2022-24891 DESCRIPTION: ESAPI is vulnerable to cross-site scripting, caused by incorrect regular expression for onsiteURL in the antisamy-esapi.xml...

8.6CVSS8AI score0.01632EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 5:14 a.m.5 views

Security Bulletin: IBM Sterling External Authentication Server is vuulnerable due to path-to-regexp (CVE-2024-45296).

Summary IBM Sterling External Authentication Server uses the npm path-to-regexp, which is vulnerable to CVE-2024-45296. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular...

7.5CVSS6.9AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 5:11 a.m.3 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to Apache Commons IO.

Summary Security Bulletin:IBM Sterling External Authentication Server is vulnerable to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may...

4.3CVSS6.4AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/09 4:16 a.m.13 views

Security Bulletin: Security vulnerabilities have been addressed in IBM Verify Identity Access OIDC Provider (CVE-2024-45337, CVE-2025-22869)

Summary Multiple security vulnerabilities have been addressed in IBM Verify Identity Access OIDC Provider. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be...

9.1CVSS8.4AI score0.03092EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 8:15 p.m.6 views

Security Bulletin: IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a denial of service by sending an invalid HTTP request to the log reading service due to CVE-2024-56468.

Summary An invalid HTTP request to the log reading service could lead to a denial of service for IBM InfoSphere Data Replication VSAM for z/OS Remote Source. Vulnerability Details CVEID:CVE-2024-56468 DESCRIPTION: IBM InfoSphere Data Replication VSAM for z/OS Remote Source could allow a remote us...

7.5CVSS6.5AI score0.00347EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 5:32 p.m.14 views

Security Bulletin: A denial-of-service attack, heap use after free, network server exploit, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to denial-of-service attack, heap use after free, network server exploit, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-32873 DESCRIPTION: An issue was discovered in Django 4.2 before 4.2.2...

10CVSS9.5AI score0.82112EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:1 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in oniguruma 6.9.6-1.el9.6

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of oniguruma 6.9.6-1.el9.6 Vulnerability Details CVEID:CVE-2019-16163 DESCRIPTION: Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. CWE:CWE-674: Uncontrolled Recursion CVSS Sourc...

7.5CVSS6.5AI score0.02752EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:1 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql 13.16-1.el9_4

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql 13.16-1.el94 Vulnerability Details CVEID:CVE-2023-39418 DESCRIPTION: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined...

4.3CVSS6.6AI score0.00956EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:0 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in zlib 1.2.7

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of zlib 1.2.7 Vulnerability Details CVEID:CVE-2016-9842 DESCRIPTION: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of...

8.8CVSS6.9AI score0.05161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:0 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in transformers 4.36.2

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of transformers 4.36.2 Vulnerability Details CVEID:CVE-2024-3568 DESCRIPTION: The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the...

9.6CVSS8.5AI score0.02067EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:0 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in apr 1.7.0-12.el9_3

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of apr 1.7.0-12.el93 Vulnerability Details CVEID:CVE-2022-28331 DESCRIPTION: On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in aprsocketsendv. This is a result of intege...

9.8CVSS7.1AI score0.01575EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:0 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in github.com/golang-jwt/jwt/v4 v4.4.2

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of github.com/golang-jwt/jwt/v4 v4.4.2 Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to...

3.1CVSS6.5AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:59 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cross-spawn-4.0.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cross-spawn-4.0.2.tgz Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due t...

8.7CVSS6.8AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:49 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details IBM X-Force ID: 386108 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the format method. By sending a specially...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:49 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...

7.5CVSS6.8AI score0.54862EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:49 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-web-5.8.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-web-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstance...

9.1CVSS6.6AI score0.01726EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:49 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-5.3.24.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale...

5.3CVSS6.5AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:48 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in elliptic-6.5.4.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of elliptic-6.5.4.tgz Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least...

4.8CVSS6.6AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:48 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-0.19.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-0.19.0.tgz Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can...

9.8CVSS7.8AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:43 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...

7.5CVSS6.7AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:30 a.m.3 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent

Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVEs: CVE-2023-21830, CVE-2023-33850, CVE-2025-4447. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability ...

7.8CVSS7.6AI score0.01058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:27 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted...

9.8CVSS8AI score0.32257EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:25 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.5.1.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.5.1.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default...

10CVSS7.8AI score0.0481EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:21 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted...

9.8CVSS8.1AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:37 p.m.6 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Stored Cross-Site Scripting (CVE-2025-3630)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the stored cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2025-3630 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting. This vulnerability allows...

6.4CVSS5.9AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:34 p.m.7 views

Security Bulletin: IBM Sterling File Gateway is Vulnerable to Information Disclosure (CVE-2025-2827)

Summary IBM Sterling File Gateway has addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-2827 DESCRIPTION: IBM Sterling File Gateway could disclose sensitive installation directory information to an authenticated user that could be used in further attacks...

4.3CVSS6.1AI score0.00216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:31 p.m.6 views

Security Bulletin: The Dashboard UI of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Cross-Site Scripting (CVE-2025-2793)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the Cross-Site Scripting vulnerability Vulnerability Details CVEID:CVE-2025-2793 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS6.1AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:28 p.m.6 views

Security Bulletin: Security Vulnerability in Authorization Rules in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-38827)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially...

4.8CVSS6.7AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 8:7 p.m.7 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to uncontrolled recursion in Golang (CVE-2022-30630)

Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30630. Vulnerability Details CVEID:CVE-2022-30630 DESCRIPTION: Golang G...

7.5CVSS6.9AI score0.01618EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 8:6 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2024-48910)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-48910 Vulnerability Details CVEID:CVE-2024-48910 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML,...

9.8CVSS5.8AI score0.01176EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 8:4 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Integer Overflow in KeepAlived (CVE-2024-41184)

Summary KeepAlived is used by IBM Storage Ceph in Cephadm and other assorted components. CVE-2024-41184 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-41184 DESCRIPTION: In the vrrpipsetshandler handler...

9.8CVSS6.9AI score0.00616EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 8:3 p.m.10 views

Security Bulletin: IBM Storage Ceph contains vulnerabilities found in Golang (CVE-2024-24785 CVE-2024-24784 CVE-2024-24783 CVE-2024-24788 CVE-2024-24789 CVE-2024-24790 CVE-2024-6104 CVE-2024-24791 CVE-2024-34155 CVE-2024-34156)

Summary Golang is used by IBM Storage Ceph in Grafana and the Dashboard. CVE-2024-24785 CVE-2024-24784 CVE-2024-24783 CVE-2024-24788 CVE-2024-24789 CVE-2024-24790 CVE-2024-6104 CVE-2024-24791 CVE-2024-34155 CVE-2024-34156 This bulletin identifies the steps to take to address the vulnerability in...

9.8CVSS7.1AI score0.01952EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 8:2 p.m.10 views

Security Bulletin: IBM Storage Ceph is vulnerable to HTTP Request/Response Smuggling and Unauthorized Exposure of Information in HAProxy (CVE-2023-40225, CVE-2023-0836, CVE-2023-25725, CVE-2023-45539)

Summary HAProxy is used by IBM Storage Ceph for Load Balancing. This bulletin identifies the steps to take to address the vulnerability in HAProxy. CVE-2023-40225, CVE-2023-0836, CVE-2023-25725, CVE-2023-45539. Vulnerability Details CVEID:CVE-2023-40225 DESCRIPTION: HAProxy through 2.0.32, 2.1.x...

9.1CVSS7AI score0.05493EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 8:1 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in Certifi (CVE-2022-23491)

Summary Certifi is used by IBM Storage Ceph for certificates and authentication . CVE-2022-23491 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: Certifi is a curated collection of Root Certificate...

7.5CVSS6.8AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 7:59 p.m.4 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-Site Scripting in Grafana (CVE-2024-47875)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-47875 Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML,...

10CVSS5.9AI score0.01093EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 7:58 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to Reachable Assertion in the RHEL UBI (CVE-2024-33601)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33601. Vulnerability Details CVEID:CVE-2024-33601 DESCRIPTION: nscd: netgroup cache may terminate daemon on memory allocatio...

7.3CVSS6.8AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 7:57 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Code Injection in Grafana (CVE-2024-53382)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-53382 Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS...

5.4CVSS6AI score0.00293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:39 p.m.8 views

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-22233...

5.3CVSS7AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:12 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in serve-static-1.15.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of serve-static-1.15.0.tgz Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code...

5CVSS6.7AI score0.00595EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608