Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:18 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for...

5CVSS6.8AI score0.00511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:16 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

8.7CVSS7.2AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:12 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is...

7.5CVSS7.2AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:8 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

5.3CVSS6.8AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 11:12 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 007 Vulnerability Details CVEID:CVE-2025-36027 DESCRIPTION: IBM Datacap could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remot...

5.5CVSS6.2AI score0.47738EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 1:53 p.m.3 views

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2025-21587 & CVE-2025-4447)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...

7.8CVSS7AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 8:19 a.m.7 views

Security Bulletin: Fixes availabile for CVE-2025-1991 H1-2581021: 'An Integer Underflow During Informix Server Protocol Packet Processing Allows Attackers to Carry out a Denial-of-Service Attack'

Summary Fixes available for CVE-2025-1991 H1-2581021: 'An Integer Underflow During Informix Server Protocol Packet Processing Allows Attackers to Carry out a Denial-of-Service Attack' Vulnerability Details CVEID:CVE-2025-1991 DESCRIPTION: IBM Informix Dynamic Server could allow a remote attacker ...

7.5CVSS6.8AI score0.00376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 2:35 a.m.8 views

Security Bulletin: This Power System update is being released to address CVE-2025-2884

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. Vulnerability Details CVEID:CVE-2025-2884 DESCRIPTION: TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validatio...

6.6CVSS9.1AI score0.00199EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 1:21 a.m.8 views

Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Transformer. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact. CVSS Source: IBM X-For...

5.9CVSS5.6AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 1:19 a.m.12 views

Security Bulletin: IBM Cognos Analytics is affected by security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Analytics. There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to a Stored Cross-Site Scripting XSS vulnerability...

9.8CVSS9.9AI score0.54026EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 12:8 a.m.5 views

Security Bulletin: Due to use of Corosync, IBM MQ is vulnerable to a stack-based buffer overflow

Summary Corosync is used by IBM MQ as part of the RDQM component CVE-2025-30472 Vulnerability Details CVEID:CVE-2025-30472 DESCRIPTION: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in...

9.8CVSS8.2AI score0.00433EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 12:7 a.m.6 views

Security Bulletin: The SNI is incorrect when more than one channel connects through an IBM MQ IPT client route

Summary IBM MQ has addressed an authentication bypass vulnerability in IBM MQ IPT CVE-2025-33181 Vulnerability Details CVEID:CVE-2025-33181 DESCRIPTION: CWE:CWE-295: Improper Certificate Validation CVSS Source: IBM CVSS Base score: 5.9 CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N...

8.8CVSS6.8AI score0.00351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 12:6 a.m.8 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause hi...

7.8CVSS6.7AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 12:5 a.m.6 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2025-21587, CVE-2025-30698, CVE-2025-2900)

Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

7.5CVSS7AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 12:5 a.m.7 views

Security Bulletin: IBM MQ Client can send data resulting in SIGSEGV and amqrmppa process ending

Summary IBM MQ has addressed a denial of service vulnerability CVE-2025-3631 Vulnerability Details CVEID:CVE-2025-3631 DESCRIPTION: An IBM MQ Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. CWE:CWE-416: Use After Free CVSS Source: IBM...

7.5CVSS6.7AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/28 12:4 a.m.6 views

Security Bulletin: IBM MQ Appliance affected by a denial of service vulnerability (CVE-2025-3631)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-3631 DESCRIPTION: An IBM MQ Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. CWE:CWE-416: Use After Free CVSS Source: IBM CVSS...

7.5CVSS7AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 10:47 p.m.6 views

Security Bulletin: This Power System update is being released to address CVE-2023-1206

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-1206, by upgrading PowerVM and thus addressing the exposure t...

5.7CVSS6.1AI score0.00553EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 10:43 p.m.8 views

Security Bulletin: This Power System update is being released to address CVE-2024-35857

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-35857, by upgrading PowerVM and thus addressing the exposure ...

5.3CVSS6.6AI score0.00888EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 10:37 p.m.8 views

Security Bulletin: This Power System update is being released to address CVE-2025-0395

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...

6.2CVSS7.7AI score0.00349EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:16 p.m.8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

10CVSS7.1AI score0.38701EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 8:52 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary There are vulnerabilities in Open Source Software OSS components consumed by IBM Planning Analytics. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Workspace and not any nested dependencies within the product. Vulnerability...

8.8CVSS9.6AI score0.01495EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 8:1 p.m.15 views

Security Bulletin: IBM Storage Ceph is vulnerable to NULL Pointer Dereference in the RHEL UBI (CVE-2024-33600)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-33600 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-33600 DESCRIPTION: nscd: Null pointer crashes after notfound response If the Name...

5.9CVSS6.5AI score0.01216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 8:1 p.m.41 views

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in the RHEL UBI (CVE-2024-25062, CVE-2023-39615, CVE-2023-45322)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-25062, CVE-2023-39615, CVE-2023-45322. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: GNOME libxml2 is vulnerable t...

7.5CVSS7.5AI score0.01364EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:58 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in the RHEL UBI (CVE-2024-25062)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-25062 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x...

7.5CVSS8.3AI score0.01364EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:55 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insecure Inherited Permissions in the RHEL UBI (CVE-2024-22365)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-22365 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: linux-pam aka Linux PAM before 1.6.0 allows attackers to cause...

5.5CVSS6.6AI score0.00455EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:54 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Race Condition in the RHEL UBI (CVE-2023-3758)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-3758 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-3758 DESCRIPTION: A race condition flaw was found in sssd where the GPO policy is...

7.1CVSS6.7AI score0.01033EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:53 p.m.4 views

Security Bulletin: IBM Storage Ceph is vulnerable to Channel Accessible by Non-Endpoint in the RHEL UBI (CVE-2023-7008)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-7008 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-7008 DESCRIPTION: systemd is vulnerable to a man-in-the-middle attack, caused by a...

5.9CVSS8.2AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:53 p.m.4 views

Security Bulletin: IBM Storage Ceph is vulnerable to Integer Overflow or Wraparound in the RHEL UBI (CVE-2021-43618)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2021-43618 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2021-43618 DESCRIPTION: GNU Multiple Precision Arithmetic Library GMP is vulnerable to...

7.5CVSS8.9AI score0.03425EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:52 p.m.9 views

Security Bulletin: IBM Storage Ceph is vulnerable to zip-bombs leading to denial of service in the RHEL UBI (CVE-2024-0450)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-0450 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-0450 DESCRIPTION: An issue was found in the CPython zipfile module affecting...

6.2CVSS9AI score0.00333EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:51 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Jinja2 (CVE-2024-22195)

Summary Jinja2 is used by IBM Storage Ceph and by the RHEL UBI in multiple components. CVE-2024-22195 This bulletin identifies the steps to take to address the vulnerability in Jinja2. Affected components include nvme, grafana, keepalived, haproxy, promtail. snmp, ansible, fence-agents, rust...

6.1CVSS8.3AI score0.00892EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:45 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the RHEL UBI (CVE-2024-28834)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-28834 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-28834 DESCRIPTION: GnuTLS could allow a remote authenticated attacker to obtain...

5.3CVSS7.7AI score0.00718EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:44 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Injection in the RHEL UBI (CVE-2023-6004)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-6004 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticated attacker to execute...

4.8CVSS8.5AI score0.00449EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:43 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2022-4415)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2022-4415 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker to obtain...

5.5CVSS5.8AI score0.00867EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:42 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Unchecked Return Value in the RHEL UBI (CVE-2023-6918)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-6918 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-6918 DESCRIPTION: A flaw was found in the libssh implements abstract layer for...

5.3CVSS8.2AI score0.01421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:41 p.m.12 views

Security Bulletin: IBM Storage Ceph is vulnerable to Command Injection in the RHEL UBI (CVE-2020-15778)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2020-15778 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary...

7.8CVSS9AI score0.12996EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:40 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to improper handling of JavaScript whitespace in golang in the RHEL UBI (CVE-2023-24540)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-24540 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Not all valid JavaScript whitespace characters are considered ...

9.8CVSS8.8AI score0.01548EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:39 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to cross site scripting and denial of service via regular expressions in Grafana

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard, requiring the use of angular to function. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2022-25869, CVE-2023-26118, CVE-2022-25844, CVE-2023-26116, CVE-2024-21490, CVE-2023-26117...

7.5CVSS7.5AI score0.05276EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:38 p.m.2 views

Security Bulletin: IBM Storage Ceph is vulnerable to Code Injection in Golang (CVE-2023-29402)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-29402 This bulletin identifies the steps to take to address the vulnerability in Golang. Vulnerability Details CVEID:CVE-2023-29402 DESCRIPTION: The go command may generate unexpected code at build time when using cgo. This may resul...

9.8CVSS7.2AI score0.01708EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 6:38 p.m.18 views

Security Bulletin: Vulnerability found in Personal Communications through deployment of arbitrary MSI package.

Summary There is a vulnerability in found in Personal Communications through deployment of arbitrary MSI package. Personal Communications has addressed the applicable CVE-2025-1095. Vulnerability Details CVEID:CVE-2025-1095 DESCRIPTION: IBM Personal Communications includes a Windows service that ...

8.8CVSS6.6AI score0.00128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 3:12 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and path traversal [CVE-2025-47935] [CVE-2025-47944] [CVE-2025-48997] [CVE-2025-48387]

Summary Node.js is used by IBM App Connect Enterprise Certified Container when developing flows and running those flows. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service and path traversal. This...

8.7CVSS7.4AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 12:13 p.m.6 views

Security Bulletin: RabbitMQ HTTP API Authorization Bypass Allows Unauthorized Queue Deletion

Summary RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host...

6.5CVSS6.6AI score0.00367EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 12:11 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist w...

5CVSS6.5AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 12:9 p.m.12 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31125

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31125. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-31125 DESCRIPTION: Vite is a frontend tooling...

7.5CVSS6.5AI score0.58765EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 12:7 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses braces-3.0.2.tgz which is vulnerable to CVE-2024-4068

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses braces-3.0.2.tgz which is vulnerable to CVE-2024-4068. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces,...

7.5CVSS6.4AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 12:6 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serialize-javascript-4.0.0.tgz which is vulnerable to CVE-2024-47554

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serialize-javascript-4.0.0.tgz which is vulnerable to CVE-2024-47554. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was...

5.4CVSS6AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 11:59 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.6AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 11:58 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-30208

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-30208. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-30208 DESCRIPTION: Vite, a provider of fronte...

7.5CVSS9.4AI score0.76736EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 11:36 a.m.5 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO ( CVE-2024-47554 )

Summary IBM App Connect for Healthcare is vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class m...

4.3CVSS6.7AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 11:33 a.m.6 views

Security Bulletin: Zipp Path Module Denial of Service via Malformed ZIP File

Summary zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is...

6.2CVSS6.6AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 11:2 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP...

6.9CVSS6.5AI score0.00749EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608