Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 10:33 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend)

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz Publicly disclosed vulnerability found by Mend. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: The Elliptic...

9.1CVSS8.9AI score0.00617EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 9:19 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to the April 2025 CPU

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

6.8AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 8:20 a.m.12 views

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2024-38081

Summary IBM Engineering Systems Design Rhapsody was affected by Microsoft .NET privilege escalation. Risk was signaficantly low. We have upgraded our Build Environment to resolve this vulnerability. Vulnerability Details CVEID:CVE-2024-38081 DESCRIPTION:.NET, .NET Framework, and Visual Studio...

7.3CVSS6.2AI score0.01292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 8:19 a.m.8 views

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-6763

Summary jetty-http-12.0.9.jar, jetty-server-12.0.9.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JARs to org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight,...

5.3CVSS6.1AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 8:18 a.m.6 views

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-47554

Summary commons-io-2.11.0.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JAR to 2.14.0. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class m...

4.3CVSS6.3AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 5:40 a.m.13 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to exposing sensitive information due to Flask ( CVE-2023-30861 )

Summary Flask is used by IBM Cloud Pak for Data. CVE-2023-30861. Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted request, an attacker could...

7.5CVSS6.1AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 5:37 a.m.9 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to HTTP Request Smuggling due to Gunicorn ( CVE-2024-1135 )

Summary Gunicorn is used by IBM Cloud Pak for Data. CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a specially crafted HTTPS transfer-encoding...

7.5CVSS5.7AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 3:12 a.m.10 views

Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities

Summary IBM Data Product Hub has dependencies on IBM Semeru and Node.js Axios & Babel runtime modules, which are vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing...

8.7CVSS6.9AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 12:44 a.m.17 views

Security Bulletin: Security vulnerabilities discovered in IBM Application Gateway (CVE-2023-5455, CVE-2024-37370, CVE-2024-45655)

Summary Security vulnerabilities discovered in the IBM Application Gateway have been addressed. Vulnerability Details CVEID:CVE-2023-5455 DESCRIPTION: FreeIPA is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to...

7.5CVSS7AI score0.00748EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/02 1:50 p.m.9 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2025-27907)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed ...

4.1CVSS6.5AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/01 11:35 p.m.27 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a...

9.8CVSS9.4AI score0.19653EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/01 11:30 p.m.47 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol...

9.8CVSS8.4AI score0.9378EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/01 12:19 a.m.18 views

Security Bulletin: IBM InfoSphere DataStage is vulnerable due to cleartext storage of sensitive information (CVE-2025-1499)

Summary A vulnerability due to cleartext storage of sensitive information in IBM InfoSphere DataStage was addressed. Vulnerability Details CVEID:CVE-2025-1499 DESCRIPTION: IBM InfoSphere DataStage stores credential information for database authentication in a cleartext parameter file that could b...

6.5CVSS6.6AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/31 2:7 p.m.25 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion HCI and IBM Fusion HCI for watsonx

Summary Multiple vulnerabilities affecting IBM Fusion HCI and IBM Fusion HCI for watsonx could have resulted in reduced security. These issues have since been resolved. CVE-2023-5115, CVE-2023-5764, CVE-2024-9902, CVE-2024-8775, CVE-2024-11079, CVE-2024-9506, CVE-2024-43799, CVE-2024-6119,...

9.8CVSS9.6AI score0.66594EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/31 2:6 p.m.28 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion

Summary Multiple vulnerabilities affecting IBM Fusion could have resulted in reduced security. These issues have since been resolved. CVE-2024-6783, CVE-2024-9880, CVE-2024-51744, CVE-2024-47764, CVE-2024-9506, CVE-2024-45338, CVE-2025-25193, CVE-2024-21538, CVE-2025-27152, CVE-2024-47535,...

9.8CVSS8.5AI score0.66594EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 8:31 p.m.23 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There is a vulnerability in a Open Source Software OSS component consumed by IBM Planning Analytics Workspace. Additionally, IBM Planning Analytics Workspace is vulnerable to Cross-site scripting, Path Traversal, Session Fixation vulnerabilities. This Security Bulletin relates only to the...

8.8CVSS8.7AI score0.02303EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 5:0 p.m.11 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Inefficient Regular Expression Complexity due to Babel ( CVE-2025-27789 )

Summary IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to Inefficient Regular Expression Complexity due to Babel. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...

6.2CVSS6.8AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 3:20 p.m.9 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-33104)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

7.6CVSS6.1AI score0.00199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 3:4 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to Remote Code Execution in Transformers [CVE-2024-11392, CVE-2024-11393, CVE-2024-11394]

Summary IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to Remote Code Execution in Transformers, due to a lack of proper validation of user-supplied dataCVE-2024-11392, CVE-2024-11393, CVE-2024-11394. This vulnerabilitiy has been addressed. Please read the details for remediation below...

8.8CVSS7.6AI score0.06898EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:26 p.m.8 views

Security Bulletin: IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193.

Summary IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network...

5.5CVSS6.8AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:25 p.m.11 views

Security Bulletin: IBM Maximo Application Suite uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.

Summary IBM Maximo Application Suite uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using...

6.3CVSS6.8AI score0.02357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:17 p.m.21 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024.

Summary IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024. . This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS6.7AI score0.01414EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:15 p.m.12 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses commons-codec-1.11.jar, okio-jvm-3.0.0.jar, jetty-http-10.0.24.jar and jetty-server-10.0.24.jar which is vulnerable to CVE-2020-8908, CVE-2023-2976, CVE-2024-6763, CVE-2023-3635

Summary IBM Maximo Application Suite - IoT Component uses commons-codec-1.11.jar, okio-jvm-3.0.0.jar, jetty-http-10.0.24.jar and jetty-server-10.0.24.jar which is vulnerable to CVE-2020-8908, CVE-2023-2976, CVE-2024-6763, CVE-2023-3635. This bulletin contains information regarding the vulnerabili...

7.5CVSS6.9AI score0.01077EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:7 p.m.4 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-27789)

Summary IBM Security SOAR uses an older version of the babel runtime javascript module that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.6.0 Vulnerability Details CVEID:CVE-2025-27789...

6.2CVSS6.9AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:2 p.m.12 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2024-53382]

Summary IBM Security SOAR uses an older version of prismjs that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack 51.0.6.0 . Vulnerability Details CVEID:CVE-2024-53382...

5.4CVSS6.2AI score0.00293EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 12:38 p.m.10 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the parquet-avro module of Apache Parquet (CVE-2025-30065)

Summary A vulnerability in the parquet-avro module of Apache Parquet that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors ...

10CVSS7.2AI score0.38701EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 8:28 a.m.9 views

Security Bulletin: IBM Maximo Application Suite Predict Component : Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component Component uses Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4727...

1.8CVSS6.5AI score0.00153EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 5:46 a.m.10 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server is affected by a cross-site scripting vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer to the security...

7.6CVSS6.3AI score0.00199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 4:7 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to unauthenticated access due to the Grafana package (CVE-2021-39226)

Summary Grafana is used by Astronomer with IBM as part of data visualization. Vulnerability Details CVEID:CVE-2021-39226 DESCRIPTION: Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest...

9.8CVSS6.5AI score0.99888EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 3:54 p.m.24 views

Security Bulletin: Multiple vulnerabilities in eclipse jetty may affect IBM Business Automation Workflow Case Configuration tool

Summary IBM Business Automation Workflow Case configuration tool packages vulnerable versions of the eclipse jetty open source library. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a fl...

9.8CVSS6.9AI score0.7848EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 3:46 p.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 22 4.2.0.22 Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...

7.5CVSS8.6AI score0.01941EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 11:55 a.m.16 views

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure due to Apache Commons Net FTP client behavior (CVE-2021-37533)

Summary Apache Commons Net could allow an attacker to cause information exposure due to improper input validation in the FTP client component. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default....

6.5CVSS6.2AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 8:5 a.m.18 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by multiple critical security vulnerabilities

Summary Multiple critical vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 1.0.296 CVE-2025-32911, CVE-2025-24264 Vulnerability Details CVEID:CVE-2025-32911 DESCRIPTION: A use-after-free type vulnerability was found in libsoup, in the...

9.8CVSS6.6AI score0.00858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:35 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to http-proxy-middleware-2.0.7.tgz CVE-2025-32997

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to http-proxy-middleware-2.0.7.tgz CVE-2025-32997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-32997 DESCRIPTION: In http-proxy-middleware before 2.0.9 and 3....

5.3CVSS6.5AI score0.00414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:34 a.m.18 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Liberty which is vulnerable to a denial of service due to Netty CVE-2024-47535

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Liberty which is vulnerable to a denial of service due to Netty CVE-2024-47535. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION:...

5.5CVSS5.4AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:30 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service...

7.5CVSS6.5AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:27 a.m.14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-3416 DESCRIPTION: A flaw was found in OpenSSL's handling of the properties...

3.7CVSS6.4AI score0.00452EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:24 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl CVE-2025-27516

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl CVE-2025-27516. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an...

8.8CVSS7.2AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:23 a.m.18 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2025-1194

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2025-1194. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of Service...

6.5CVSS6.3AI score0.00384EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:22 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.64.crate CVE-2025-24898

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.64.crate CVE-2025-24898. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-24898 DESCRIPTION: rust-openssl is a set of OpenSSL bindings for the Rust...

6.3CVSS6.9AI score0.0065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:21 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...

9.8CVSS6.6AI score0.00356EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:20 a.m.17 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to to a denial of service due to Netty in IBM WebSphere Application Server Liberty CVE-2025-25193

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to to a denial of service due to Netty in IBM WebSphere Application Server Liberty CVE-2025-25193. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-25193...

5.5CVSS5.6AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 5:47 p.m.12 views

Security Bulletin: IBM Watson Discovery Cartridge is affected by vulnerability in tomcat-embed-core-10.1.33.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-10.1.33.jar Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to...

10CVSS10AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 5:33 p.m.5 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2025-25193, CVE-2024-47535, CVE-2025-23184)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-25193, CVE-2024-47535, CVE-2025-23184. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...

7.5CVSS9.1AI score0.01941EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 3:38 p.m.12 views

Security Bulletin: IBM Tivoli Monitoring is affected by an insufficient validation of input data

Summary IBM Tivoli Monitoring has addressed a vulnerability with validation of input data. CVE-2025-3357 Vulnerability Details CVEID:CVE-2025-3357 DESCRIPTION: IBM Tivoli Monitoring could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamical...

9.8CVSS7.7AI score0.00824EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 3:19 p.m.11 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons BCEL

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons BCEL. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions,...

9.8CVSS6.9AI score0.02836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 3:4 p.m.15 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to security restriction bypass due to the Apache Maven package (CVE-2021-26291)

Summary Apache Maven is used by DataStage on Cloud Pak for Data as part of build management. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http non-SSL repository references by default. By...

9.1CVSS6.4AI score0.08691EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 2:48 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to lightgbm-4.5.0-py3-none-manylinux_2_28_x86_64.whl CVE-2024-43598

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to lightgbm-4.5.0-py3-none-manylinux228x8664.whl CVE-2024-43598. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43598 DESCRIPTION: Microsoft LightGBM could allow...

8.1CVSS7.5AI score0.01384EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 2:39 p.m.44 views

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5.3 Vulnerability Details CVEID:CVE-2024-12254 DESCRIPTION: Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain th...

8.7CVSS10AI score0.26049EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/28 2:21 p.m.16 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2025

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.1 IF001 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in...

9.8CVSS10AI score0.04505EPSS
Exploits3Affected Software1
Total number of security vulnerabilities35608