Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34986 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 6:38 p.m.28 views

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM® Java™ Version 8 and IBM® Semeru Runtime

Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM® Semeru Runtime used by IBM Planning Analytics and IBM Planning Analytics Workspace. Please refer to the Related Information section below for vulnerability impact. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION:...

5.3CVSS7.9AI score0.00883EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 6:25 p.m.22 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...

9.8CVSS8.7AI score0.89929EPSS
Exploits7Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 5:57 p.m.19 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypass signature validation in XML data [CVE-2025-29774] [CVE-2025-29775]

Summary Node.js module xml-crypto is used by IBM App Connect Enterprise Certified Container for handling XML data. IBM App Connect Enterprise Certified Container operands are vulnerable to signature validation bypass. This bulletin provides patch information to address the reported vulnerability ...

9.3CVSS7AI score0.00472EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 5:56 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution [CVE-2025-1302]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability ...

9.8CVSS8.4AI score0.89929EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 4:38 p.m.8 views

Security Bulletin: IBM TX Advanced is affected by an Out-of-bounds Write vulnerability and by a Use of Inherently Dangerous Function vulnerability due to the way that the product uses certain C library functions.

Summary IBM TX Advanced is affected by an Out-of-bounds Write vulnerability and by a Use of Inherently Dangerous Function vulnerability due to the way that the product uses certain C library functions. IBM TX Advanced has changed the C library functions that it uses in order to address these...

7.8CVSS7.8AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 4:33 p.m.11 views

Security Bulletin: IBM TX Standard is affected by an Out-of-bounds Write vulnerability and by a Use of Inherently Dangerous Function vulnerability due to the way that the product uses certain C library functions.

Summary IBM TX Standard is affected by an Out-of-bounds Write vulnerability and by a Use of Inherently Dangerous Function vulnerability due to the way that the product uses certain C library functions. IBM TX Standard has changed the C library functions that it uses in order to address these...

7.8CVSS7.8AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 4:30 p.m.8 views

Security Bulletin: IBM TXSeries for Multiplatforms is affected by an Out-of-bounds Write vulnerability and by a Use of Inherently Dangerous Function vulnerability due to the way that the product uses certain C library functions.

Summary IBM TXSeries for Multiplatforms is affected by an Out-of-bounds Write vulnerability and by a Use of Inherently Dangerous Function vulnerability due to the way that the product uses certain C library functions. IBM TXSeries for Multiplatforms has changed the C library functions that it use...

7.8CVSS7.8AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 4:8 p.m.13 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-25193, CVE-2025-23184, CVE-2024-47535. This has been addressed in the remediation section. Vulnerability Details Refer to the security bulletins listed i...

7.5CVSS7AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 3:33 p.m.13 views

Security Bulletin: IBM Maximo Application Suite uses Python-3.11 which is vulnerable to CVE-2024-4032.

Summary IBM Maximo Application Suite uses Python-3.11 which is vulnerable to CVE-2024-4032. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4032 DESCRIPTION: An unspecified error with ipaddress considers some not globally...

7.5CVSS6.5AI score0.01127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 3:31 p.m.11 views

Security Bulletin: IBM Maximo Application Suite -Iot Component uses netty-handler-4.1.114.Final.jar which is vulnerable to CVE-2025-24970.

Summary IBM Maximo Application Suite -Iot Component uses netty-handler-4.1.114.Final.jar which is vulnerable to CVE-2025-24970. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous,...

7.5CVSS6.9AI score0.00953EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 3:24 p.m.20 views

Security Bulletin: IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970.

Summary IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network...

7.5CVSS6.9AI score0.00953EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 3:19 p.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to idna-0.1.5.crate, idna-0.5.0.crate CVE-2024-12224

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to idna-0.1.5.crate, idna-0.5.0.crate CVE-2024-12224. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12224 DESCRIPTION: idna 0.5.0 and earlier accepts Punycode...

8.8CVSS7.2AI score0.00151EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 3:8 p.m.13 views

Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-35195].

Summary The requests package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-35195. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...

5.6CVSS6.4AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 2:46 p.m.11 views

Security Bulletin: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91, affects watsonx.data

Summary Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which...

7.5CVSS7.1AI score0.00953EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 2:44 p.m.12 views

Security Bulletin: The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios, affects watsonx.data

Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...

8.7CVSS6.7AI score0.00212EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 2:42 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.9.1 Vulnerability Details undefined Affected Products and Versions Affected Products| Versions ---|--- IBM Cloud Pak for AIOps| 4.1.0 - 4.9.0 Remediation/Fixes IBM strongly suggests that you address the...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 2:39 p.m.14 views

Security Bulletin: VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system and this could affect watsonx.data...

5.3CVSS6.6AI score0.01473EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 2:28 p.m.22 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to NULL Pointer Dereference and Out-of-bounds Write due to IBM Java ( CVE-2025-1470 & CVE-2025-1471)

Summary IBM Integration Bus for z/OS runtime is vulnerable to NULL Pointer Dereference and Out-of-bounds Write due to IBM Java. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities...

7.8CVSS6.6AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 1:37 p.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with...

5.3CVSS5.6AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 11:0 a.m.16 views

Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-34064].

Summary The Jinja2 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-34064. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys...

5.4CVSS6.8AI score0.0123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 9:45 a.m.16 views

Security Bulletin: Disable IP forwarding

Summary Security Bulletin: Disable IP forwarding Vulnerability Details CVEID:CVE-1999-0511 DESCRIPTION: IP forwarding is enabled on a machine which is not a router or firewall. CVSS Source: NVD CVSS Base score: 7.5 CVSS Vector:AV:N/AC:L/Au:N/C:P/I:P/A:P Affected Products and Versions Affected...

9.1CVSS6.7AI score0.07721EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 9:16 a.m.14 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper has vulnerabilities on z/OS (CVE-2025-1470, CVE-2025-1471)

Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Engineering Lifecycle Optimization -...

7.8CVSS6.3AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/08 6:23 a.m.4 views

Security Bulletin: A denial of service vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

5.5CVSS5.8AI score0.00467EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 8:48 p.m.22 views

Security Bulletin: IBM Operational Decision Manager for April 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-8184...

10CVSS10AI score0.55384EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 8:9 p.m.17 views

Security Bulletin: Vulnerability in idna affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-3651].

Summary The idna package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-3651. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted...

7.5CVSS7.3AI score0.00748EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 7:45 p.m.4 views

Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-22195].

Summary The Jinja2 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-22195. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow...

6.1CVSS6.6AI score0.00151EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 2:33 p.m.14 views

Security Bulletin: IBM Cloud Kubernetes Service on Ubuntu20 is affected by a FreeType Remote Code Execution security vulnerability (CVE-2025-27363)

Summary IBM Cloud Kubernetes Service is affected by a FreeType Remote Code Execution security vulnerability CVE-2025-27363 which is included in Ubuntu20 distributions, but not applicable to Ubuntu24 distributions. Vulnerability Details CVE-2025-27363 Description: An out of bounds write exists in...

8.1CVSS8.7AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 2:32 p.m.23 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a FreeType Remote Code Execution security vulnerability (CVE-2025-27363)

Summary Red Hat OpenShift on IBM Cloud is affected by a FreeType Remote Code Execution security vulnerability CVE-2025-27363 which is included in Red Hat Enterprise Linux versions 8 and 9 distributions. Vulnerability Details CVE-2025-27363 Description: An out of bounds write exists in FreeType...

8.1CVSS8.7AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 8:40 a.m.10 views

Security Bulletin: IBM Sterling Partner Engagement Manager has several issues with secrets management (CVE-2025-33093)

Summary IBM Sterling Partner Engagement Manager's JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. This issue has been addressed in the latest Helm Chart. Vulnerability Details CVEID:CVE-2025-33093 DESCRIPTION: IBM Sterling Partner Engagement Manager's JWT secr...

7.5CVSS7.5AI score0.00224EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 6:57 a.m.10 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management. Vulnerability Details Refer to the security...

4.1CVSS6.4AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 6:19 a.m.17 views

Security Bulletin: Vulnerability in Log4j affects IBM Cloud Pak for Data Systems 1.0 (CPDS 1.0) [CVE-2023-26464]

Summary Redhat provided Log4j is used by IBM Cloud Pak for Data System 1.0 . IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-26464 Vulnerability Details CVEID:CVE-2023-26464 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components wit...

7.5CVSS7.1AI score0.00125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/07 6:0 a.m.14 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

5.5CVSS5.7AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 10:46 p.m.18 views

Security Bulletin: IBM i is vulnerable to an authentication and authorization attack due to incorrect validation processing in IBM i Netserver [CVE-2025-3218].

Summary IBM i is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes...

5.4CVSS7.1AI score0.00101EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 7:15 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Mongoose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Mongoose Vulnerability Details CVEID:CVE-2025-23061 DESCRIPTION: Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an...

9.8CVSS7AI score0.71855EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 7:11 p.m.17 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',hr...

9.8CVSS7.9AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 7:9 p.m.36 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Please refer to the Related Information section below for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IB...

9.8CVSS9.2AI score0.09875EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 5:23 p.m.19 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2024-6119) due to the use of OpenSSL

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL CVE-2024-6119. OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000...

7.5CVSS7.1AI score0.14258EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 2:18 p.m.16 views

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-49043)

Summary UPDATED May 5 2025 New iFixes provided for AIX 7.2 TL5 SP7, 7.3 TL1 SP2 and SP3, 7.3 TL2 SP1, and VIOS 3.1.4.31. The new iFixes include a packaging change to clarify that the iFixes are cumulative and address relevant, previously issued AIX/VIOS libxml2 security bulletins. There is no...

8.1CVSS7.8AI score0.00222EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 1:49 p.m.11 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS

Summary This issue may result in a memory leak. Vulnerability Details CVEID:CVE-2024-26935 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to unremoved procfs host directory regression. A local authenticated attacker could exploit this vulnerability to...

5.5CVSS6.5AI score0.00007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 10:17 a.m.19 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...

6.1CVSS6.4AI score0.00108EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 9:58 a.m.8 views

Security Bulletin: Vulnerability in zipp affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-5569].

Summary The zipp package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-5569. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path...

6.2CVSS6.6AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 9:50 a.m.19 views

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-37920]

Summary The certifi package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-37920 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an...

9.8CVSS6.7AI score0.00119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 9:46 a.m.25 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to a vulnerability found in Node.js

Summary There is a vulnerability in Node.js used by IBM Cloud Transformation Advisor CVE-2024-57699. Vulnerability Details CVEID:CVE-2024-57699 DESCRIPTION: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number...

7.5CVSS6.9AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 9:39 a.m.23 views

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to a vulnerability found in Node.js

Summary There is a vulnerability in Node.js used by IBM Application Modernization Accelerator CVE-2024-57699. Vulnerability Details CVEID:CVE-2024-57699 DESCRIPTION: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a lar...

7.5CVSS6.9AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 8:30 a.m.23 views

Security Bulletin: IBM Cloud Pak for Business Automation images repackage a vulnerable version of freetype - CVE-2025-27363

Summary Some of the container images in IBM Cloud Pak for Business Automation include a vulnerable version of freetype. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when...

8.1CVSS7.7AI score0.70344EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 8:1 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-12797

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux228x8664.whl CVE-2024-12797. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...

6.3CVSS7AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/06 6:26 a.m.21 views

Security Bulletin: Location Service for ESRI Component uses multiple vulnerable libraries and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to multiple CVEs

Summary Location Service for ESRI Component uses jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl, cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to CVE-2024-56326, CVE-2024-56201,...

8.8CVSS7.6AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/05 9:14 p.m.20 views

Security Bulletin: FreeType Remote Code Execution Vulnerability affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary FreeType Remote Code Execution Vulnerability affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer...

8.1CVSS8.1AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/05 7:29 p.m.30 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in the netty library. (CVE-2024-47535, CVE-2025-25193)

Summary IBM® Db2® is vulnerable to a denial of service due to unsafe environment file loading. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

5.5CVSS6.6AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/05 7:20 p.m.6 views

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-39689].

Summary The certifi package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-39689. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the...

7.5CVSS6.7AI score0.26297EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34986