Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:54 a.m.12 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to activemq-web (CVE-2012-6092, CVE-2015-6524, CVE-2016-0734, CVE-2011-4905, CVE-2012-6551, CVE-2013-1879, CVE-2013-1880)

Summary Cross-site scripting XSS, brute force attack, denial of service vulnerabilities in activemq-web may affect IBM Spectrum Control. CVE-2012-6092, CVE-2015-6524, CVE-2016-0734, CVE-2011-4905, CVE-2012-6551, CVE-2013-1879, CVE-2013-1880 Vulnerability Details CVEID:CVE-2012-6092 DESCRIPTION:...

6.1CVSS7.7AI score0.08984EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:53 a.m.4 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to Multer middleware of node.js (CVE-2025-47935)

Summary Multer is vulnerable to a denial of service attack. This vulnerability affects IBM Spectrum Control. CVE-2025-47935. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resourc...

7.5CVSS7.5AI score0.00683EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:51 a.m.21 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to protobuf-java (CVE-2024-7254)

Summary protobuf-java is vulnerable to a StackOverflow attack. This vulnerability affects IBM Spectrum Control. CVE-2024-7254. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of...

8.7CVSS7AI score0.02772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:49 a.m.9 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to activemq-core (CVE-2014-3600, CVE-2013-1879, CVE-2015-6524, CVE-2011-4905)

Summary XML external entity XXE, cross-site scripting XSS, brute force attack, denial of service vulnerabilities in activemq-core may affect IBM Spectrum Control. CVE-2014-3600, CVE-2013-1879, CVE-2015-6524, CVE-2011-4905. Vulnerability Details CVEID:CVE-2014-3600 DESCRIPTION: XML external entity...

9.8CVSS7.9AI score0.09851EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:47 a.m.6 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to path-to-regexp (CVE-2024-52798)

Summary path-to-regexp is vulnerable to a backtracking attack. This vulnerability affects IBM Spectrum Control. CVE-2024-52798. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

8.7CVSS6.8AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:45 a.m.4 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-27152)

Summary axios is vulnerable to SSRF and credential leakage attacks. These vulnerabilities affect IBM Spectrum Control. CVE-2025-27152. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute...

8.7CVSS6.3AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 9:42 a.m.9 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to Camel-core (CVE-2020-11971)

Summary Rebind Flaw vulnerability in Camel-core may affect IBM Spectrum Control. CVE-2020-11971. Vulnerability Details CVEID:CVE-2020-11971 DESCRIPTION: Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrad...

7.5CVSS8.1AI score0.14331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:12 a.m.6 views

Security Bulletin: Vulnerability in pip package affects IBM Db2 Data Management Console(CVE-2019-20916)

Summary pip dependency package is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in...

7.5CVSS6.6AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:5 a.m.3 views

Security Bulletin: Werkzeug Multipart Parser Denial of Service via Malformed File Upload

Summary Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on...

8CVSS7.4AI score0.01072EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 6:26 a.m.6 views

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-security-core-6.4.3.jar (CVE-2025-41232)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to a Protection Mechanism Failure in Spring Security v6.4.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate...

9.1CVSS7.1AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 5:34 a.m.8 views

Security Bulletin: Werkzeug < 3.0.6 - Multipart Form Data Parsing Resource Exhaustion Vulnerability

Summary Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 5:29 a.m.11 views

Security Bulletin: RabbitMQ HTTP API Vulnerability Allows Authenticated DoS via Large Message Payloads

Summary RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the...

4.9CVSS5.1AI score0.01077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 5:27 a.m.8 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by arbitrary code execution

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by arbitrary code execution CVE-2025-36038 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

9.8CVSS7AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 6:51 p.m.8 views

Security Bulletin: Jinja Template Sandbox Escape via Indirect str.format Execution Prior to 3.1.5

Summary Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control...

8.8CVSS7.4AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 6:27 p.m.6 views

Security Bulletin: Mongoose Improper Handling of Nested $where in populate() Match Allows Search Injection

Summary Mongoose improper handling of nested $where in populate match allows search injection due to incomplete fix for CVE-2024-53900. Vulnerability Details CVEID:CVE-2025-23061 DESCRIPTION: Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search...

9.8CVSS7.9AI score0.07025EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 4:36 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to loss of confidentiality [CVE-2025-6545] [CVE-2025-6547]

Summary Node.js module pbkdf2 is used by IBM App Connect Enterprise Certified Container when accessing BAR files stored in COS S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access BAR files stored in COS S3 storage are vulnerable to loss of confidentiality. Th...

9.1CVSS6.5AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 4:7 p.m.21 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Remote Code Execution RCE and improper preservation of permissions due to jsonpath-plus & snowflake-sdk. Vulnerabilit...

9.8CVSS8.4AI score0.10701EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 3:42 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection (CVE-2025-0966)

Summary A SQL injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-0966 DESCRIPTION: IBM InfoSphere Information Server vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the...

7.6CVSS7.2AI score0.00269EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 3:42 p.m.7 views

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-36034)

Summary A disclosure of sensitive information vulnerability in InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-36034 DESCRIPTION: IBM InfoSphere DataStage Flow Designer discloses sensitive user information in API requests in clear text that could be...

5.9CVSS6.4AI score0.00141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 3:35 p.m.7 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-36038)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about an arbitrary code execution vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

9.8CVSS7.5AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 3:32 p.m.10 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...

8.7CVSS10AI score0.00697EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 3:3 p.m.10 views

Security Bulletin: AIX is vulnerable to denial of service and possible code execution due to Perl (CVE-2024-8176, CVE-2024-56406)

Summary Vulnerability in AIX's Perl could allow an attacker to cause a denial of service and possibly execute code CVE-2024-8176, CVE-2024-56406. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability exists in t...

8.4CVSS9.9AI score0.01569EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 1:43 p.m.3 views

Security Bulletin: IBM QRadar Hub for IBM QRadar SIEM is vulnerable to using a component with known vulnerabilities (CVE-2025-27152)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Hub for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP clien...

8.7CVSS7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 1:41 p.m.7 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2025-27152, CVE-2025-27789)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a...

8.7CVSS6.8AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 8:31 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms

Summary Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in April 2025. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabili...

7.8CVSS7AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 7:43 a.m.3 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities in IBM Java SDK ( CVE-2025-21587,CVE-2025-30698 & CVE-2025-4447)

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS . Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allo...

7.8CVSS7AI score0.00688EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 5:48 a.m.7 views

Security Bulletin: There is a vulnerability in prism-1.28.0.jsused by IBM Maximo Asset Management application ( CVE-2024-53382)

Summary There is a vulnerability in prism-1.28.0.js used by IBM Maximo Asset Management application CVE-2024-53382 Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not...

5.4CVSS5.8AI score0.00293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 5:46 a.m.5 views

Security Bulletin: There is a vulnerability in flask-3.1.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-47278)

Summary There is a vulnerability in flask-3.1.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-47278 DESCRIPTION: Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback...

1.8CVSS6.7AI score0.00153EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 5:44 a.m.6 views

Security Bulletin: There is a vulnerability in poi-ooxml-5.3.0.jarused by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-31672)

Summary There is a vulnerability in poi-ooxml-5.3.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like...

5.3CVSS6.5AI score0.01237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:4 p.m.24 views

Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management have been delivered in 2.3 FP11 Vulnerability Details CVEID:CVE-2024-54467 DESCRIPTION: A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 1...

8.4CVSS10AI score0.14492EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 6:33 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-31486 DESCRIPTION: Vite is a frontend tooling...

5.3CVSS6.7AI score0.38685EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:42 p.m.42 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719,...

9.8CVSS9.7AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:32 p.m.3 views

Security Bulletin: Fusion Data Foundation is vulnerable to CVE-2022-25883 in emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz

Summary emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz is used by Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2022-25883 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION...

7.5CVSS7.5AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:32 p.m.6 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to nodejs in the management console (CVE-2021-3807)

Summary Node.js is used by IBM Storage Fusion Data Foundation in the management console and is vulnerable to a denial of service. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2021-3807. Vulnerability Details CVEID:CVE-2021-3807...

7.8CVSS8.5AI score0.03304EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:31 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server. CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE...

5.3CVSS5.7AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:30 p.m.4 views

Security Bulletin: IBM Storage Fusion Data Foundation is affected DOS caused by specially crafted regex or prototype pollution flaw (CVE-2022-37599, CVE-2022-37603, CVE-2022-37601)

Summary IBM Storage Fusion Data Foundation is used by IBM Storage Fusion Data Foundation. The application server takes input and crafted regex can cause the exploit to Denial of service. CVE-2022-37599, CVE-2022-37603, CVE-2022-37601. Vulnerability Details CVEID:CVE-2022-37599 DESCRIPTION:...

9.8CVSS7.9AI score0.02601EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:29 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Server (CVE-2025-1470, CVE-2025-1471).

Summary IBM Storage Protect Server is affected by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8. These vulnerabilities could potentially affect OpenJ9 internal ASCII to EBCDIC string wrapper on z/OS. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse...

7.8CVSS7.9AI score0.00171EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:28 p.m.7 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2025-27144 in different components

Summary Go is used by IBM Storage Fusion Data Foundation in csi-dirver, odf-cli-container, ocs-operator-container, msc-operator-container, odf-multicluster-operator-container, rook-ceph-operator and ocs-metrics-exporter-container as part of CVE-2025-27144. This bulletin identifies the steps to ta...

8.7CVSS6.5AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:28 p.m.3 views

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerabilities due to golang-JWT (CVE-2024-51744)

Summary Golang JWT is used by the IBM Storage Protect Server OSSM and Object Agent component. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of th...

3.1CVSS6.4AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:27 p.m.6 views

Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Protect Operations Center (CVE-2025-23184).

Summary IBM Storage Protect Operations Center is affected by denial of service due to Apache CXF used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...

7.5CVSS5.6AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:26 p.m.3 views

Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Protect Operations Center (CVE-2024-47535).

Summary IBM Storage Protect Operations Center is affected by denial of service due to Netty used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of...

5.5CVSS6.3AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:25 p.m.12 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2025-22150 in undici-6.20.1

Summary undici-6.20.1 is used by IBM Storage Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2025-22150 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1...

6.8CVSS6.2AI score0.00736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:25 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center (CVE-2025-1470, CVE-2025-1471).

Summary IBM Storage Protect Operations Center is affected by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8. These vulnerabilities could potentially affect OpenJ9 internal ASCII to EBCDIC string wrapper on z/OS. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: ...

7.8CVSS7.9AI score0.00171EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:24 p.m.5 views

Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Protect Operations Center (CVE-2025-25193).

Summary IBM Storage Protect Operations Center is affected by denial of service due to Netty used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions...

5.5CVSS6.5AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:23 p.m.5 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to a denial of service via Node.js braces module (CVE-2024-4068)

Summary Node.js braces module is used by IBM Storage Fusion Data Foundation as part of CVE-2024-4068 which may lead denial of services. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2024-4068...

7.5CVSS6.6AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:22 p.m.6 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2024-4067 in micromatch-4.0.4

Summary micromatch-4.0.4 is used by IBM Storage Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2024-4067 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

5.3CVSS6.4AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:22 p.m.8 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2022-46175

Summary JSON5 is used by IBM Storage Fusion Data Foundation in the management-console and could allow a remote authenticated attacker to execute arbitrary code on the systemas part of CVE-2022-46175. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Dat...

8.8CVSS7.7AI score0.09304EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:20 p.m.7 views

Security Bulletin: IBM Storage Fusion Data Foundation may be affected by a vulnerability in SSH servers for FTP (CVE-2025-22869)

Summary A vulnerability in SSH server with capability of file transfer protocols can be exploited to denial of service DOS. The vulnerability may affect product IBM Storage Fusion Data Foundation. CVE-2025-22869. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement...

7.5CVSS7AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:15 p.m.5 views

Security Bulletin: IBM Storage Fusion is affected by exposure of information through cross-site scripting or data queries (CVE-2023-45288, CVE-2023-3978)

Summary IBM Storage Fusion Data Foundation uses HTTP to communicate. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-45288, CVE-2023-3978. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/...

7.5CVSS7.6AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:12 p.m.3 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CWE in management-console (CVE-2021-44906)

Summary IBM Storage Fusion Data Foundation is affected in management-console. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2021-44906. Vulnerability Details CVEID:CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow ...

9.8CVSS8.2AI score0.04581EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608