Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:12 p.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in send-0.18.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of send-0.18.0.tgz Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes...

5CVSS6.5AI score0.00511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:11 p.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in body-parser-1.20.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of body-parser-1.20.0.tgz Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious...

7.5CVSS6.6AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:11 p.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.18.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.18.1.tgz Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may...

5CVSS6.6AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:11 p.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in path-to-regexp-0.1.7.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

7.5CVSS6.6AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:11 p.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should...

5.3CVSS6.8AI score0.00852EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:11 p.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spri...

4.3CVSS6.7AI score0.00536EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:10 p.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. CWE:CWE-918: Server-Sid...

7.5CVSS6.7AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:59 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in ws-3.3.3.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of ws-3.3.3.tgz Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be...

7.5CVSS6.6AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:58 p.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in micromatch-4.0.5.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of micromatch-4.0.5.tgz Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.brac...

5.3CVSS6.7AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:58 p.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in braces-3.0.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of braces-3.0.2.tgz Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In...

7.5CVSS6.6AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:58 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in tar-6.2.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of tar-6.2.0.tgz Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An...

6.5CVSS6.7AI score0.00929EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:58 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on t...

8.1CVSS6.6AI score0.01191EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:57 p.m.2 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in netty-codec-http-4.1.100.Final.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of netty-codec-http-4.1.100.Final.jar Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...

5.3CVSS6.9AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:57 p.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.17.3.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.17.3.tgz Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affecte...

6.1CVSS6.4AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:51 p.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-22257 DESCRIPTION: In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8...

8.2CVSS6.6AI score0.00948EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:50 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-boot-2.7.12.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-boot-2.7.12.jar Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that...

6.5CVSS6.7AI score0.01219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:50 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possibl...

6.5CVSS6.6AI score0.01122EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:47 p.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in okio-2.8.0.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of okio-2.8.0.jar Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client...

7.5CVSS6.7AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:7 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Allocation of Resources Without Limits or Throttling in Grafana (CVE-2023-47108)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-47108 Vulnerability Details CVEID:CVE-2023-47108 DESCRIPTION: OpenTelemetry-Go Contrib is a collection of third-party packages for...

7.5CVSS6.6AI score0.01592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:3 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2024-33599)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33599. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: nscd: Stack-based buffer overflow in netgroup cache If the Na...

8.1CVSS7.2AI score0.0131EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:0 p.m.20 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and hig...

9.8CVSS8.8AI score0.66933EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 4:6 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allow DNS poisoning CVE-2023-0833

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java...

7.5CVSS6.7AI score0.0077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 3:11 p.m.6 views

Security Bulletin: Vulnerability in Linux bind affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the Linux bind component affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-11187. Vulnerability Details CVEID:CVE-2024-11187 DESCRIPTION: It is possible to construct a zone such that some queries to it will generate responses containing...

7.5CVSS7.2AI score0.14614EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 3:8 p.m.5 views

Security Bulletin: Vulnerability in login affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the login system affects IBM Storage Virtualize products and could cause denial of service. CVE-2025-1351. Vulnerability Details CVEID:CVE-2025-1351 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products could allow a...

7CVSS7.5AI score0.00086EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 2:23 p.m.9 views

Security Bulletin: Multiple vulnerabilities found in IBM TXSeries for Multiplatforms.

Summary IBM TXSeries for Multiplatforms has been updated in order to address multiple vulnerabilities CVE-2024-12243, CVE-2024-12133, CVE-2024-8176. Vulnerability Details CVEID:CVE-2024-12243 DESCRIPTION: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an...

7.5CVSS7.5AI score0.01569EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 1:40 p.m.9 views

Security Bulletin: IBM QRadar SIEM protocol is affected by Denial of Service and Security Restriction Bypass

Summary Apache Commons Compress and Apache HttpClient are affected by Denial of Service and Security Restriction Bypass. Attackers could potentially disrupt services or bypass security controls to access sensitive information. These issues have been addressed with an update. Vulnerability Details...

8.1CVSS7AI score0.13292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 12:22 p.m.3 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM TXSeries for Multiplatforms (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM TXSeries for Multiplatforms CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM TXSeries for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587...

7.8CVSS7.4AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 12:11 p.m.5 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack ( CVE-2025-36014 )

Summary IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack. Vulnerability Details CVEID:CVE-2025-36014 DESCRIPTION: IBM App Connect Enterprise Integration Bus is vulnerable to code injection by a privileged user with access to the IIB install directory. CWE:CWE-94: Improp...

8.2CVSS7.6AI score0.00217EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:59 a.m.4 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

7.8CVSS7.3AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:32 a.m.5 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Advanced (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

7.8CVSS6.6AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:1 a.m.4 views

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...

7.5CVSS6.3AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 9:56 a.m.2 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in json-20230227.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of json-20230227.jar Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to...

7.5CVSS5.5AI score0.01449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 9:56 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU...

8.7CVSS8AI score0.01966EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 7:15 a.m.6 views

Security Bulletin: IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565

Summary IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2025-4565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python...

8.2CVSS5.8AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:42 a.m.6 views

Security Bulletin: Vulnerabilities in IBM Semeru SDK (CVE-2025-21587, CVE-2025-30698, CVE-2025-2900) affect Power HMC.

Summary The IBM Semeru SDK is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

7.5CVSS6.6AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:41 a.m.8 views

Security Bulletin: Vulnerability in expat library (CVE-2024-8176) affects Power HMC.

Summary The expat library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...

7.5CVSS7.5AI score0.01569EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:41 a.m.17 views

Security Bulletin: Vulnerabilities in libxml2 library (CVE-2024-56171, CVE-2025-24928) affect Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and...

9.8CVSS8AI score0.0113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 5:40 a.m.5 views

Security Bulletin: Vulnerability in freetype library (CVE-2025-27363) affects Power HMC.

Summary The freetype library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when...

8.1CVSS7.4AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/04 8:48 p.m.4 views

Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2025-48734)

Summary Vulnerability in Apache Commons BeanUtils used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-48734. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

8.8CVSS8.8AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/04 8:59 a.m.11 views

Security Bulletin: Security vulnerabilities related to tomcat-embed-core library in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities related to tomcat-embed-core library were addressed in IBM Business Automation Manager Open Editions 9.2.1. Vulnerability Details CVEID:CVE-2025-49125 DESCRIPTION: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using...

7.5CVSS7.7AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/04 6:11 a.m.4 views

Security Bulletin: Multiple Security Vulnerabilities were found in IBM Java Runtime as shipped with IBM Security Verify Access and IBM Verify Identity Access

Summary Multiple Security Vulnerabilities found in IBM Java Runtime as shipped with IBM Security Verify Access and IBM Verify Identity Access have been addressed. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component...

7.8CVSS6.4AI score0.01157EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 7:26 p.m.10 views

Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal in oath-toolkit (CVE-2024-47191)

Summary oath-toolkit is used by IBM Storage Ceph for metrics and authentication. CVE-2024-47191 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-47191 DESCRIPTION: pamoath.so in oath-toolkit 2.6.7 through 2.6.11 befo...

7.1CVSS6.9AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 5:39 p.m.6 views

Security Bulletin: IBM DataPower Gateway affected by issues in Java Runtime

Summary IBM DataPower Gateway does not itself use Java, but certain bundled integrations do e.g. JDBC, IMS Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiali...

7.5CVSS7.4AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 3:12 p.m.4 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (April 2025 CPU)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.25 and earlier, 8.0.8.40 and earlier used by IBM® Db2. These issues were disclosed as part of the IBM Java SDK updates in April 2025. Vulnerability Details CVEID:CVE-2025-4447 DESCRIPTION: In Eclipse OpenJ9 versions ...

7.8CVSS7.1AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 1:13 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a denial of service CVE-2024-30172

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the...

7.5CVSS6.9AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 10:30 a.m.17 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...

7.8CVSS8AI score0.62368EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 10:12 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.1 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression...

6.2CVSS8.7AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 10:10 a.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An...

7.5CVSS8.4AI score0.02186EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 9:34 a.m.6 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2023-39325, CVE-2022-21698)

Summary github.com/prometheus/clientgolang, golang.org/x/net are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapid...

7.5CVSS7.5AI score0.05994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 9:32 a.m.12 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2022-23648, CVE-2022-32149)

Summary The listed dependency packages are being used by IBM Db2 Data Management Console github.com/containerd/containerd, golang.org/x/text. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: In net/http in Go befo...

9.1CVSS7.2AI score0.27392EPSS
Exploits6Affected Software2
Total number of security vulnerabilities35608