Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35005 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/28 1:30 p.m.14 views

Security Bulletin: Multiple vulnerabilities have been found in IBM CICS TX Advanced.

Summary IBM CICS TX Advanced has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

7.8CVSS6.6AI score0.01639EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/28 10:59 a.m.25 views

Security Bulletin: Denial of Service in Logback used by Apache Zookeeper affect IBM Operations Analytics - Log Analysis (CVE-2023-6481)

Summary There is a potential denial of service in Logback that is used by Apache Zookeeper. This is caused by serialization vulnerability in Logback. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in...

7.5CVSS7.3AI score0.00224EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/28 10:56 a.m.9 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an out-of-bounds write due to FreeType (CVE-2025-27363)

Summary IBM App Connect Enterprise is vulnerable to an out-of-bounds write due to FreeType. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font...

8.1CVSS8.3AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/28 10:33 a.m.24 views

Security Bulletin: Security vulnerabilities affect multiple packages shipped with IBM CICS TX Advanced.

Summary IBM CICS TX Advanced is impacted by security vulnerabilities found in packages GLib2.0, libxml2, glibc , krb5 Kerberos, libtasn1-6, Expat, OpenSSL, GnuTLS and curl. These are shipped as part of the product. Vulnerability Details CVEID:CVE-2024-12133 DESCRIPTION: A flaw in libtasn1 causes...

9.8CVSS9.3AI score0.22162EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/28 10:19 a.m.15 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2024-47535).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2024-47535. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION:...

5.5CVSS5.2AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/28 9:21 a.m.29 views

Security Bulletin: Denial of Service in Apache Commons Compress used by Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2024-25710, CVE-2024-26308)

Summary There is a potential denial of service in Apache Commons Compress that is used by Apache Solr and IBM Operations Analytics - Log Analysis. This is caused by loop with unreachable exit condition and allocation of resources without limits. Vulnerability Details CVEID:CVE-2024-25710...

8.1CVSS6.9AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/28 9:20 a.m.16 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-27907)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

4.1CVSS6.3AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/26 8:0 p.m.22 views

Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2020-14343]

Summary The PyYAML package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2020-14343. Vulnerability Details CVEID:CVE-2020-14343 DESCRIPTION: YAML PyYAML could allow a remote attacker to execute arbitrary code on the system,...

10CVSS7.5AI score0.13704EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/26 7:34 p.m.13 views

Security Bulletin: Vulnerability in Babel affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2021-42771]

Summary The Babel package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2021-42771. Vulnerability Details CVEID:CVE-2021-42771 DESCRIPTION: Python-Babel Babel could allow a local authenticated attacker to traverse directories ...

7.8CVSS7AI score0.00169EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/26 2:56 p.m.24 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0...

5.4CVSS8.9AI score0.9413EPSS
Exploits52Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 8:26 p.m.22 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to Server-Side Request Forgery (SSRF) + Information Disclosure (CVE-2025-2987)

Summary IBM Maximo Asset Management is vulnerable to Server-Side Request Forgery SSRF + Information Disclosure. Vulnerability Details CVEID:CVE-2025-2987 DESCRIPTION: IBM Maximo Asset Management is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

5.4CVSS6.2AI score0.001EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 8:25 p.m.22 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2025-2986)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting which could allow a privileged user to embed arbitrary JavaScript code in the Web UI CVE-2025-2986. Vulnerability Details CVEID:CVE-2025-2986 DESCRIPTION: IBM Maximo Asset Management is vulnerable to stored cross-site...

5.5CVSS5.6AI score0.00174EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 6:23 p.m.44 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows...

5.3CVSS6.1AI score0.00303EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 4:0 p.m.24 views

Security Bulletin: Vulnerabilities in Apache Solr (lucene) and Apache ZooKeeper affect IBM Operations Analytics - Log Analysis (CVE-2024-23454, CVE-2024-30171, CVE-2024-23944)

Summary There are vulnerabilities in Bouncy Castle, Apache Hadoop that potentially expose sensitive information that affect Apache Solr and Apache ZooKeeper used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-23454 DESCRIPTION: Apache Hadoop could allow a local...

6.2CVSS6.1AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 2:14 p.m.11 views

Security Bulletin: Vulnerability in Flask affects IBM Cloud Pak for Data System 1.0 (CPDS 1.0)[CVE-2023-30861]

Summary The Flask package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-30861. Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by...

7.5CVSS6.1AI score0.00221EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 1:28 p.m.24 views

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-47561,CVE-2023-39410)

Summary There are deserialization of untrusted data and input validation vulnerabilities in Logstash that affect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to...

9.2CVSS8.4AI score0.00674EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 12:51 p.m.8 views

Security Bulletin: Vulnerability in Puma used by Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-45614)

Summary There is a potential HTTP request smuggling in Puma that affect Logstash used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-45614 DESCRIPTION: Puma is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP X-Forwarded-For header. By...

5.4CVSS5.4AI score0.00803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 12:18 p.m.23 views

Security Bulletin: Multiple vulnerabilities have been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary Multiple vulnerabilities in Apache Solr affect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2024-45216 DESCRIPTION: Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper authentication validatio...

9.8CVSS9AI score0.9408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 11:29 a.m.6 views

Security Bulletin: Due to use of TinyMCE 6.8.2 IBM My webMethods Server is vulnerable to cross-site scripting.

Summary TinyMCE is used by IBM My webMethods Server. CVE-2024-38357, CVE-2024-38356 Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the noscript elements. A remote attacker could exploit...

6.1CVSS6.2AI score0.01148EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 10:54 a.m.11 views

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-36478].

Summary The jetty-http package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-36478. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow...

7.5CVSS7.1AI score0.01866EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 10:53 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

7.5CVSS10AI score0.944EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 10:49 a.m.48 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods B2B

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods B2B 11.1 Vulnerability Details CVEID:CVE-2015-6644 DESCRIPTION: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted...

7.5CVSS10AI score0.03238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 10:44 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods API Management 11.1 Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket...

8.8CVSS10AI score0.06189EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 9:44 a.m.62 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Integration

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1 Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to...

9.1CVSS9.2AI score0.08833EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 6:58 a.m.15 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (WebSphere Application Server traditional is vulnerable to SSRF)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

6.8AI score
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/25 6:55 a.m.21 views

Security Bulletin: There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-12797)

Summary There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server...

6.3CVSS6.5AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/24 6:48 p.m.16 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2025-27907 DESCRIPTION: IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests...

4.1CVSS6.8AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/24 4:42 p.m.25 views

Security Bulletin: Incorrect permission of environment variable (CVE-2025-1950) affects Power HMC

Summary Vulnerability is due to incorrect permission of environment variable results in privilege escalation on Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1950 DESCRIPTION: IBM Hardware Management Console - Power Systems could...

9.3CVSS9.4AI score0.00054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/24 4:40 p.m.23 views

Security Bulletin: Vulnerability in HMC affects further privilege escalation (CVE-2025-1951) on Power HMC.

Summary Vulnerability in HMC affects further privilege escalation on Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1951 DESCRIPTION: IBM Hardware Management Console - Power Systems could allow a local user to execute commands as ...

8.4CVSS9.2AI score0.00044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/23 7:56 p.m.33 views

Security Bulletin: Multiple vulnerabilities in Eclipse affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in Eclipse used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a...

7.5CVSS8.3AI score0.944EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/23 6:48 p.m.16 views

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-25046)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-25046 DESCRIPTION: IBM InfoSphere DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an...

3.7CVSS6.3AI score0.00195EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/23 6:26 p.m.16 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insufficient session expiration (CVE-2024-22351)

Summary An insufficient session expiration vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22351 DESCRIPTION: IBM InfoSphere Information Server does not invalidate session after logout which could allow an authenticated user to impersonate anothe...

6.3CVSS6.6AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/23 12:40 p.m.11 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-27907)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a server-side request forgery vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

4.1CVSS6.4AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/23 8:43 a.m.25 views

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System could disclose sensitive information about the system that could aid in further attacks against the system. CWE:CWE-209:...

5.3CVSS5.6AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/23 6:16 a.m.15 views

Security Bulletin: A vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2024-56128)

Summary There is a Kafka vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation...

5.3CVSS6.7AI score0.00528EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/22 8:28 p.m.11 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2025-27907

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.1CVSS6.5AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/22 3:21 p.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System

Summary Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to...

8.8CVSS8.3AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/22 10:28 a.m.38 views

Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2025-24813) affects Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicio...

10CVSS8.1AI score0.9413EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/22 3:34 a.m.27 views

Security Bulletin: Vulnerability in Apache Kafka's SCRAM implementation affects watsonx.data

Summary Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary:...

5.3CVSS6.8AI score0.00528EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/22 3:33 a.m.28 views

Security Bulletin: Vulnerabilities in Spring Web affect watsonx.data

Summary Spring Web is vulnerable to open re-direct attacks, to phishing attacks, to denial of service attack, to elevation of privilege attacks to reflected file download attacks, to security restrictions bypass attacks, to arbitrary code execution attacks, and to security restrictions bypass...

5.3CVSS7.4AI score0.00076EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/21 6:55 a.m.20 views

Security Bulletin: Vulnerability in libsoup library (CVE-2024-52531) affects Power HMC.

Summary The libsoup library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52531 DESCRIPTION: GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in...

8.4CVSS7AI score0.0015EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/18 3:6 p.m.7 views

Security Bulletin: IBM i is vulnerable to a host header injection attack due to improper neutralization of HTTP header content by IBM Navigator for i [CVE-2025-2950].

Summary IBM i is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the...

5.4CVSS6.7AI score0.0011EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 5:30 p.m.18 views

Security Bulletin: IBM i is vulnerable to a database access denial of service caused by a database capabilities bypass restriction check [CVE-2024-52895].

Summary IBM i is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...

6.5CVSS6.5AI score0.00035EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 4:59 p.m.6 views

Security Bulletin: IBM i is vulnerable to a privilege escalation due to incorrect profile swapping in an OS command [CVE-2025-2947].

Summary IBM i contains a privilege escalation vulnerability due to incorrect swapping in an OS command as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details...

9.8CVSS7.2AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 4:7 p.m.13 views

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to improper authorizations (CVE-2024-49808)

Summary IBM Sterling Connect:Direct Web Services could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. Vulnerability Details CVEID:CVE-2024-49808 DESCRIPTION: IBM Sterling Connect:Direct Web...

6.5CVSS6.7AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 4:0 p.m.14 views

Security Bulletin: IBM Sterling Connect:Direct Web Services does not invalidate session after a browser closure (CVE-2024-45651)

Summary IBM Sterling Connect:Direct Web Services does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. Vulnerability Details CVEID:CVE-2024-45651 DESCRIPTION: IBM Sterling Connect:Direct Web Services does not...

6.5CVSS6.4AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 1:32 p.m.18 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value...

7.5CVSS9.7AI score0.00669EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 10:18 a.m.33 views

Security Bulletin: IBM Maximo Application Suite - IoT uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2025-25193.

Summary IBM Maximo Application Suite - IoT uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2025-25193. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven networ...

5.5CVSS6.8AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 10:14 a.m.20 views

Security Bulletin: IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.

Summary IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...

6.3CVSS6.8AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/17 6:18 a.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attacker to bypass security restrictions, caused by improper input validation by the cookie name, path, and domain. By...

7.5CVSS7.1AI score0.01189EPSS
Exploits2Affected Software1
Total number of security vulnerabilities35005