Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:6 p.m.8 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to minimatch in management-console (CVE-2022-3517)

Summary minimatch package is used by IBM Storage Fusion Data Foundation in management-console. The product may be vulnerable to DOS by calling the braceExpand function with specific arguments. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data...

7.5CVSS7.5AI score0.01674EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 3:42 p.m.10 views

Security Bulletin: IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038)

Summary IBM WebSphere Application Server is affected by arbitrary code execution. Vulnerability Details CVEID:CVE-2025-36038 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

9.8CVSS8AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 1:52 p.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.10.0 Vulnerability Details CVEID:CVE-2025-46727 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and...

9.8CVSS10AI score0.03178EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 1:22 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565 vulnerability

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-46565 DESCRIPTION: Vite is a frontend tooling framework for javascrip...

6CVSS6.6AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 1:8 p.m.10 views

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Jolokia Remote Code Execution

Summary IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Jolokia Remote Code Execution CVE-2022-41678 Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ...

8.8CVSS7.9AI score0.8581EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 1:7 p.m.6 views

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability

Summary IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability CVE-2025-27533 Vulnerability Details CVEID:CVE-2025-27533 DESCRIPTION: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During...

7.5CVSS7.1AI score0.08594EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 12:52 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses commons-io: 2.7 which is vulnerable to CVE-2024-47554

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses commons-io: 2.7 which is vulnerable to CVE-2024-47554. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource...

4.3CVSS7.5AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 12:25 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-32395 DESCRIPTION: Vite is a frontend tooling...

6CVSS6.6AI score0.01736EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 11:32 a.m.11 views

Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.1.0.0 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-46544 DESCRIPTION: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to...

9.8CVSS7.8AI score0.06287EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 10:0 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling...

6.5CVSS6.5AI score0.00283EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 9:43 a.m.9 views

Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516.

Summary IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6...

8.8CVSS7.3AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 9:37 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763

Summary IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763...

8.8CVSS7.3AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 9:36 a.m.14 views

Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789.

Summary IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

6.2CVSS6.7AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:1 a.m.6 views

Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2022-40897, CVE-2024-6345"

Summary IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2022-40897, CVE-2024-6345". This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a...

8.8CVSS9.3AI score0.02617EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:0 a.m.7 views

Security Bulletin: IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture.

Summary IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is ...

8.8CVSS6.5AI score0.00465EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:0 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS8.8AI score0.02617EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:0 a.m.3 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

8.7CVSS6.2AI score0.00759EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 7:58 a.m.3 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

8.7CVSS6.2AI score0.00759EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 7:57 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS8.8AI score0.02617EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 7:57 a.m.5 views

Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2024-3651, CVE-2023-32681, CVE-2024-35195, CVE-2024-37891"

Summary IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2024-3651, CVE-2023-32681, CVE-2024-35195, CVE-2024-37891". This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna...

7.5CVSS6.9AI score0.02782EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 7:55 a.m.7 views

Security Bulletin: IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.

Summary IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC72...

6.3CVSS6.7AI score0.02357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 6:24 a.m.5 views

Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 202...

7.8CVSS6.5AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 10:37 p.m.5 views

Security Bulletin: IBM i is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i [CVE-2025-36004].

Summary IBM i is affected by a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i as described in the vulnerability details section. This bulletin identifies the steps to take to...

8.8CVSS7.2AI score0.00487EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 9:57 p.m.2 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2025) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2025. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

7.8CVSS7.4AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 4:52 p.m.13 views

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)

Summary IBM Sterling Connect:Direct Web Services uses spring-context-6.2.3.jar, which has vulnerability CVE-2025-22233. This has been addressed in fixpacks that are available on Fix Central. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...

5.3CVSS7.8AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 11:56 a.m.26 views

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Log4j 1.2 SocketServer Remote Code Execution and Deserialization of Untrusted Data

Summary IBM Jazz for Service Management is vulnerable due to Log4j 1.2 SocketServer Remote Code Execution and Deserialization of Untrusted Data CVE-2022-23305, CVE-2019-17571, CVE-2020-9493, CVE-2015-5254, CVE-2016-3088, CVE-2023-46604. Vulnerability Details CVEID:CVE-2022-23305 DESCRIPTION: By...

10CVSS10AI score0.99654EPSS
Exploits57Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 11:53 a.m.20 views

Security Bulletin: IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel

Summary IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel CVE-2021-33813, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464, CVE-2019-0222, CVE-2022-41678, CVE-2018-11775, CVE-2020-11971, CVE-2019-0188, CVE-2017-5643. Vulnerabilit...

9CVSS10AI score0.8581EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 11:24 a.m.27 views

Security Bulletin: IBM App Connect Enterprise has multiple vulnerabilities due to IBM Semeru Runtime (CVE-2025-21587, CVE-2025-30698 & CVE-2025-2900)

Summary There are multiple vulnerabilities in IBM App Connect Enterprise due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

7.5CVSS7.4AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 10:52 a.m.5 views

Security Bulletin: IBM watsonx Code Assistant IDE Extensions affected by prismjs Cross-Site Scripting vulnerability

Summary prismjs library is used by IBM watsonx Code Assistant IDE Extensions. CVE-2024-53382. This bulletin outlines the necessary steps to address and remediate the vulnerability. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DOM Clobbering with...

5.4CVSS9.2AI score0.00293EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 10:50 a.m.7 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a Denial of Service due to Node.js module Multer ( CVE-2025-47935 & CVE-2025-47944 )

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor is vulnerable to a Denial of Service due to Node.js module Multer. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are...

7.5CVSS7.2AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 6:30 a.m.23 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.28 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-38286 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from...

8.6CVSS6.6AI score0.05966EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 5:11 p.m.32 views

Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1

Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...

8.6CVSS8.7AI score0.05276EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:45 p.m.20 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: json-schema is vulnerable to Improperly Controlled Modification of Object...

9.8CVSS10AI score0.99931EPSS
Exploits48Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:27 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)

Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...

8.7CVSS6.1AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:25 p.m.9 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to file descriptor exhaustion due to the Jetty package (CVE-2024-22201).

Summary Jetty is used by DataStage on Cloud Pak for Data as part of web server processing. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. ...

7.5CVSS7.5AI score0.01433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:24 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to directory traversal due to the pip package (CVE-2019-20916)

Summary Pip is used by DataStage on Cloud Pak for Data as part of package management. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have...

7.5CVSS7.5AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 1:12 p.m.14 views

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.4 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-46544 DESCRIPTION: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk...

9.8CVSS7.8AI score0.06287EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 11:53 a.m.5 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2025-21587, CVE-2025-30698, CVE-2025-4447, CVE-2025-47935, CVE-2025-47944, CVE-2025-27789, CVE-2025-46653, CVE-2025-48997, CVE-2025-48050. Vulnerability Details CVEID:CVE-2025-2158...

8.7CVSS7.7AI score0.0073EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 11:51 a.m.13 views

Security Bulletin: Due to use of mina-core IBM My webMethods Server is vulnerable to Insecure Java Deserilization

Summary IBM My webMethods Server includes mina-core as part of its OSGi platform, which is affected by a known vulnerability CVE-2024-52046. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-52046 DESCRIPTION: The...

10CVSS9.3AI score0.23932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 11:28 a.m.3 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

7.8CVSS7.1AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 10:28 a.m.9 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. .The vulnerability has been addressed. Refer to details for additional information...

9.8CVSS9.2AI score0.43663EPSS
Exploits13Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 10:25 a.m.7 views

Security Bulletin: Vulnerability in Eclipse OMR affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Eclipse OMR has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information...

7.8CVSS6.5AI score0.00171EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/22 1:35 p.m.7 views

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-34064]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys...

5.4CVSS5.9AI score0.00979EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/22 1:14 p.m.4 views

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-22195]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-22195 Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow...

6.1CVSS6.1AI score0.00892EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/22 12:20 p.m.5 views

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 ]

Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

7.8CVSS7.6AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/21 1:39 p.m.13 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.2

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.2 Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a...

8.8CVSS8.1AI score0.01495EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/21 8:35 a.m.9 views

Security Bulletin: Vulnerabilities in Jinja , cryptography & OpenSSL can affect IBM Storage Protect Plus File Systems Agent Backup and Restore

Summary IBM Storage Protect Plus File Systems Agent Backup and Restore can be affected by vulnerabilities in Jinja & cryptography which includes execution of untrusted templates, man-in-middle attacks & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These...

8.8CVSS7.9AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/20 11:11 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in netty-handler (CVE-2025-24970)

Summary A vulnerability in Netty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version...

7.5CVSS6.6AI score0.01966EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/20 11:4 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service (CVE-2025-3221)

Summary A denial of service vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-3221 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request...

7.5CVSS6.7AI score0.00376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/20 10:53 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper ownership management (CVE-2025-3629)

Summary A vulnerability due to improper ownership management in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-3629 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to delete another user's comments due to improper ownership...

4.3CVSS6.2AI score0.00183EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608