Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 9:26 a.m.13 views

Security Bulletin: Vulnerability in github.com/jackc/pgx/v4 affects IBM Db2 Data Management Console(CVE-2024-27289)

Summary github.com/jackc/pgx/v4 dependency package is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27289 DESCRIPTION: pgx is a PostgreSQL driver and toolkit for Go. Prior to version...

8.1CVSS7.6AI score0.00854EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 9:23 a.m.8 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Semeru Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

7.8CVSS7.4AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 8:57 a.m.3 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology Edition, Version 8. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high...

7.8CVSS7.2AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 5:14 a.m.4 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

7.8CVSS7.2AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 5:21 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition

Summary IBM Sterling Connect:Direct File Agent uses IBM Runtime Environment Java Technology Edition, Version 7 and 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related ...

7.8CVSS6.2AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 5:14 p.m.8 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Semeru Runtime

Summary IBM Sterling Connect:Direct File Agent uses IBM Semeru Runtime version 17. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could...

7.8CVSS6.5AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 3:26 p.m.10 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to improper access control due to Apache Commons BeanUtils (CVE-2025-23184)

Summary Apache Commons BeanUtils is shipped with IBM Tivoli Business Service Manager as part of its backend process to handle Java Beans. Information about a security vulnerability affecting Apache Commons BeanUtils has been published in a security bulletin. Vulnerability Details...

8.8CVSS6.8AI score0.01941EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 3:25 p.m.3 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION:...

5.3CVSS5.5AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 2:50 p.m.5 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to denial of service attack due to Apache CXF (CVE-2025-23184)

Summary Apache CXF is shipped with IBM Tivoli Business Service Manager as part of the web services framework. Information about a security vulnerability affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...

7.5CVSS5.3AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 12:19 p.m.35 views

Security Bulletin: Vulnerability in linux (Kernel) affects IBM Integrated Analytics System.

Summary Redhat provided linux Kernel is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVEs CVE-2024-38575, CVE-2024-36940, CVE-2024-36017, CVE-2024-39472, CVE-2024-36905, CVE-2024-27010, CVE-2024-42244, CVE-2024-38598, CVE-2024-39502,...

9.1CVSS8.2AI score0.02701EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 7:2 a.m.6 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2025-36038)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

9.8CVSS7.6AI score0.08023EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/02 7:0 a.m.12 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004 (June 2025)

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004. Vulnerability Details CVEID:CVE-2025-29907 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to...

8.7CVSS8.2AI score0.13204EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 10:16 p.m.11 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION:...

9.8CVSS10AI score0.10701EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 9:19 p.m.6 views

Security Bulletin: IBM Fusion Data Catalog Service is vulnerable to elevated container linux kernel privileges (CVE-2022-0185)

Summary IBM Fusion's Data Catalog Service containers previously required certain elevated linux kernel privileges. CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context...

8.4CVSS6.6AI score0.25151EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 9:19 p.m.11 views

Security Bulletin: IBM Fusion is vulnerable to Path Traversal due to python's setuptools (CVE-2025-47273)

Summary Python's setuptools is used by IBM Fusion as part of the Data Catalog Service and is vulnerable to path traversal. CVE-2025-47273. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...

8.8CVSS7.9AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 8:42 p.m.40 views

Security Bulletin:IBM MQ is vulnerable to a buffer overflow issue (CVE-2024-25048)

Summary An issue was identified with IBM MQ when a client sends a malformed xarecover request. This can result in a memory overwrite or buffer overflow within the queue manager. Vulnerability Details CVEID:CVE-2024-25048 DESCRIPTION: IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based...

7.5CVSS7.8AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 6:48 p.m.8 views

Security Bulletin: IBM Storage Ceph is vulnerable to Injection in Golang (CVE-2023-29405)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-29405 This bulletin identifies the steps to take to address the vulnerability in Golang Vulnerability Details CVEID:CVE-2023-29405 DESCRIPTION: The go command may execute arbitrary code at build time when using cgo. This may occur wh...

9.8CVSS7.5AI score0.01728EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 6:46 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Code Injection in Golang (CVE-2023-29404)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-29404 This bulletin identifies the steps to take to address the vulnerability in Golang. Vulnerability Details CVEID:CVE-2023-29404 DESCRIPTION: The go command may execute arbitrary code at build time when using cgo. This may occur...

9.8CVSS7.6AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 6:12 p.m.21 views

Security Bulletin: IBM Storage Ceph is vulnerable to Open Redirects in WebOb (CVE-2024-42353)

Summary WebOb is used by IBM Storage Ceph in Dashboard and RGW. CVE-2024-42353 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-42353 DESCRIPTION: WebOb provides objects for HTTP requests and responses. When WebOb...

6.1CVSS6.6AI score0.00497EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 6:8 p.m.11 views

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption and Improper Input Validation in Werkzeug (CVE-2023-46136, CVE-2023-25577, CVE-2023-23934)

Summary Werkzeug is used by IBM Storage Ceph in the Dashboard. CVE-2023-46136, CVE-2023-25577, CVE-2023-23934 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Werkzeug is a comprehensive WSGI web...

8CVSS9AI score0.0142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 6:1 p.m.10 views

Security Bulletin: Apache ZooKeeper Admin Server IPAuthenticationProvider Vulnerability: Authentication Bypass via Spoofed X-Forwarded-For Header

Summary When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider,...

9.1CVSS9.3AI score0.00924EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 5:59 p.m.51 views

Security Bulletin: Waitress WSGI Server Vulnerability: HTTP Pipelining Request Handling with Disabled Lookahead

Summary Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and...

9.1CVSS7AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 10:22 a.m.8 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a Cross-site scripting (XSS) attack (CVE-2024-11831).

Summary IBM Event Endpoint Management is vulnerable to a Cross-site scripting XSS attack due to a flaw in npm-serialize-javascript. It is used for safely serialize complex JavaScript objects for storage or transmission. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in...

5.4CVSS6.1AI score0.01006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 10:2 a.m.10 views

Security Bulletin: Cryptography expose cryptographic primitives and recipes

Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of...

7.5CVSS6.2AI score0.01118EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 7:48 a.m.6 views

Security Bulletin: Prevoius version has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c, affect watsonx.data

Summary libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema...

9.8CVSS7.6AI score0.0113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 6:52 a.m.11 views

Security Bulletin: parse.ParseUnverified vulnerability affects watsonx.data

Summary golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request who...

7.5CVSS6.8AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 11:10 p.m.17 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.2.1. Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choos...

8.7CVSS8.2AI score0.01674EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 8:8 p.m.6 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Tampering (CVE-2025-36056)

Summary The IBM TS7700 virtualization solution has a vulnerability CVE-2025-36056 that makes it susceptible to tampering, as an attacker could exploit a Cross-Site Scripting flaw in its management interface. This security gap could enable unauthorized access to sensitive information through socia...

5.4CVSS6.2AI score0.00167EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 8:7 p.m.5 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2025-23184) due to the use of WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service associated with the use of WebSphere Application Server Liberty CVE-2025-23184, which is used in its Management Interface. Under certain rare conditions, CachedOutputStream instances may not close properly. If these...

7.5CVSS7AI score0.01941EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 8:5 p.m.8 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Cross-Site Scripting in the Management Interface

Summary IBM Virtualization Engine TS7700 is susceptible to information disclosure and privilege escalation CVE-2025-2141. An attacker can perform Cross-Site Scripting XSS attacks on the IBM TS7700 Management Interface, allowing them to redirect users to malicious websites phishing, create malicio...

6.1CVSS6.4AI score0.00183EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 7:20 p.m.8 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.2.3.0 and 6.1.9.7.

Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.2.3.0 and 6.1.9.7. Vulnerability Details CVEID:CVE-2024-35809 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: PCI/PM:...

5.5CVSS7.4AI score0.00229EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 3:48 p.m.6 views

Security Bulletin: An unsafe reading of environment file could potentially cause a denial of service in Netty, affecting watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. These could affect watsonx.data. Vulnerability...

5.5CVSS6.7AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 3:47 p.m.4 views

Security Bulletin: GNU Wget through 1.21.1 could affect watsonx.data

Summary GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2021-31879 DESCRIPTION: GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different...

6.1CVSS6.9AI score0.01104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 1:36 p.m.8 views

Security Bulletin: Vulnerabilities in libssh affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the libssh component affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2023-1667 CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-1667 DESCRIPTION: A NULL pointer dereference was found In libssh during re-keying...

6.5CVSS7.2AI score0.01314EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 1:34 p.m.9 views

Security Bulletin: Vulnerabilities in multiple components affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-handler, python-dns, bind, kernel, openssl, net-snmp and libgcrypt components affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2024-35857 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808...

8.8CVSS8.6AI score0.66594EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 1:27 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.13 LTS and 12.13.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.8CVSS7.5AI score0.01193EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 11:47 a.m.4 views

Security Bulletin: Broadcomm VMware ESXi Vulnerabilities affect IBM Cloud Pak System

Summary Broadcomm VMware ESXi Vulnerabilities affect IBM Cloud Pak SystemCVE-2025-22224, CVE-2025-22225,CVE-2025-22226 Vulnerability Details CVEID:CVE-2025-22224 DESCRIPTION: VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write...

9.3CVSS7.8AI score0.01676EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 10:35 a.m.6 views

Security Bulletin:Unclear documentation of the error behavior in `ParseWithClaims` affects watsonx.data

Summary golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

3.1CVSS5.9AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 10:33 a.m.9 views

Security Bulletin: libxml2 before 2.12.10 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c, affects watsonx.data

Summary libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema...

9.8CVSS7.6AI score0.0113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 10:31 a.m.7 views

Security Bulletin: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit, affect watsonx.data

Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...

8.7CVSS7.2AI score0.02772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 10:25 a.m.9 views

Security Bulletin: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions., affect watsonx.data

Summary An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-24201 DESCRIPTION: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This...

10CVSS7.7AI score0.0424EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:58 a.m.8 views

Security Bulletin: Due to the use of WebSphere Application Server traditional , the IBM Tivoli System Automation Application Manager is vulnerable to an arbitrary code execution vulnerability (CVE-2025-36038)

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2025-36038 Vulnerability Details CVEID:CVE-2025-36038 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker ...

9.8CVSS7.3AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:41 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: The use of...

9.8CVSS7.5AI score0.0187EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:39 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.5AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:36 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before...

4.3CVSS6AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:32 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.5AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:30 a.m.3 views

Security Bulletin: Upgraded higher version of cometD in Maximo IT 9.1

Summary Upgraded heigher version of cometD in Maximo IT 9.1 Vulnerability Details CVEID:CVE-2022-24721 DESCRIPTION: CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so...

8.1CVSS7.7AI score0.01101EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:29 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-7.5.9.tgz which is vulnerable to CVE-2024-37890

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-7.5.9.tgz which is vulnerable to CVE-2024-37890. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: ws is an open source WebSocke...

7.5CVSS6.8AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:26 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...

8.7CVSS7.3AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:22 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serve...

5CVSS6.6AI score0.00595EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608