Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35006 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/14 9:27 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195.

Summary IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS6.2AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/14 8:34 a.m.19 views

Security Bulletin: Vulnerabilities in Apache Solr (lucene) affect IBM Operations Analytics - Log Analysis (CVE-2025-24814, CVE-2024-52012)

Summary There are vulnerabilities in privilege escalation and arbitrary filepath write-access that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2025-24814 DESCRIPTION: Core creation allows users to replace "trusted" configset files with...

5.5CVSS7.9AI score0.13709EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/14 8:13 a.m.21 views

Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2023-50386, CVE-2023-50298, CVE-2023-50292, CVE-2023-50291)

Summary There are vulnerabilities in backup/restore APIs, Solr streaming expressions, and Apache Solr schema designer that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Improper Control of Dynamically-Managed Code...

8.8CVSS7.5AI score0.86843EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/14 6:52 a.m.31 views

Security Bulletin: Vulnerability in PHP might affect IBM Storage Sentinel Anomaly Scan Engine.

Summary Vulnerabilities in PHP might affect IBM Storage Sentinel Anomaly Scan Engine. A remote attacker can execute arbitrary OS commands, obtain sensitive information, bypass security restrictions, and cause denial of service as described by the CVEs in the "Vulnerability Details" section...

9.4CVSS9.5AI score0.68573EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/14 6:13 a.m.11 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importi...

7.5CVSS7.7AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/13 8:17 p.m.16 views

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2022-23491]

Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2022-23491 Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that...

7.5CVSS6.5AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/11 11:13 p.m.18 views

Security Bulletin: IBM i is vulnerable to an out-of-bounds write in NTP services due to multiple vulnerabilities.

Summary IBM i is vulnerable to an out-of-bounds write due to a flaw in mstolfp.c in NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, and CVE-2023-26554 as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in t...

5.6CVSS6.7AI score0.00681EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/11 6:13 p.m.19 views

Security Bulletin: IBM Aspera Faspex 5 is vulnerable to cross-site scripting (CVE-2025-3423)

Summary IBM Aspera Faspex 5 is vulnerable to DOM-based cross-site scripting. Attackers could use this vulnerability to trick users into opening malicious URLs, allowing client-side scripts to process and execute at the user's browser. Vulnerability Details CVEID:CVE-2025-3423 DESCRIPTION: IBM...

5.4CVSS6.2AI score0.00214EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/11 5:58 p.m.37 views

Security Bulletin: IBM Aspera Desktop App has multiple vulnerabilities related to Open Source dependencies (CVE-2025-27789 and CVE-2025-24010 )

Summary IBM Aspera Desktop App is affected by inefficient regular expression complexity which can cause excessive CPU cycles and lack of validation on the Origin header which could cause an unauthorized access to any functionality accessible to the communication source. These vulnerabilities have...

6.5CVSS9.4AI score0.00092EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/11 4:51 p.m.18 views

Security Bulletin: IBM Sterling Connect:Direct Web Services 6.1 is affected by PostgreSQL vulnerability.

Summary IBM Connect:Direct Web Services uses PostgreSQL and is vulnerable to CVE-2025-1094. Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn...

8.1CVSS7.9AI score0.82364EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/11 2:35 p.m.13 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.1

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.1 Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding'...

8.8CVSS8AI score0.00953EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 5:24 p.m.73 views

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)

Summary UPDATED 4/10: The included README was updated for clarity. Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2024-56346, CVE-2024-56347. Vulnerability Details CVEID:CVE-2024-56346 DESCRIPTION: IBM AIX nimesis NIM master service could allow a remote...

10CVSS9.9AI score0.00459EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 5:22 p.m.16 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel...

6.2CVSS7AI score0.00883EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 5:18 p.m.13 views

Security Bulletin: IBM QRadar Wincollect agent is vulnerable to denial of service ( CVE-2024-51461)

Summary IBM QRadar Wincollect agent is vulnerable to denial of service. The vulnerability have been addressed in the latest update. Vulnerability Details CVEID:CVE-2024-51461 DESCRIPTION: IBM QRadar WinCollect Agent could allow a remote attacker to cause a denial of service by interrupting an HTT...

6.5CVSS6.9AI score0.00312EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 5:6 p.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

7.8CVSS8.1AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 2:32 p.m.13 views

Security Bulletin: IBM Sterling Control Center is affected by sensitive information within URLs may be logged (CVE-2023-43035)

Summary Sensitive information may be logged Session token is passing in the URL within URLs is affecting IBM Sterling Control Center v6.2.1.0, v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2023-43035 DESCRIPTION:...

4CVSS4AI score0.0007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 2:25 p.m.11 views

Security Bulletin: IBM Sterling Control Center is affected by improper input validation (CVE-2023-42007)

Summary Improper input validation is impacting IBM Sterling Control Center v6.4.0.0, v6.3.1.0 and v6.2.1.0. User supplied input is getting reflected as it is in the response without being validated at sever end. Customers must upgrade to latest patch below to address this vulnerability...

5.4CVSS5.4AI score0.00163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 2:14 p.m.21 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)

Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...

6.5CVSS5.8AI score0.01189EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 1:13 p.m.24 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (January 2025 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.24 and earlier, 8.0.8.35 and earlier, and IBM Semeru Version 21.0.5.0 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in January 2025. Vulnerability Details...

7.8CVSS5.8AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 10:14 a.m.17 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2024-40094.

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2024-40094. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is...

5.3CVSS6.9AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 10:11 a.m.23 views

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-9.0.3.dist-info, urllib3-1.24.2-py3.6.egg-info, setuptools-39.2.0.dist-info which is vulnerable to CVE-2019-20916, CVE-2023-43804, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...

8.8CVSS7.6AI score0.09875EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 10:9 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184.

Summary IBM Maximo Application Suite uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in...

7.5CVSS6.8AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 9:49 a.m.13 views

Security Bulletin: IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037.

Summary IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43037 DESCRIPTION: IBM Maximo Application Suite could allow an...

6.5CVSS6.3AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 9:2 a.m.30 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to an improper resolution of path equivalence due to Apache Tomcat (CVE-2025-24813)

Summary IBM Integration Bus for z/OS is vulnerable to an improper resolution of path equivalence due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...

10CVSS8.1AI score0.9413EPSS
Exploits44Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 7:49 a.m.30 views

Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB, Python, Samba, OpenSSL and cURL libcurl affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in libcurl, MongoDB, Python, Samba, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing...

8CVSS9.5AI score0.0123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 6:59 a.m.7 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle Oct 2024 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

6.7AI score
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/10 6:58 a.m.5 views

Security Bulletin: There is a vulnerability in pandas-2.2.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-9880)

Summary There is a vulnerability in pandas-2.2.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-9880 DESCRIPTION: Rejected reason: This CVE ID has been rejected or withdrawn by its CV...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/09 6:21 p.m.19 views

Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software

Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Axios Vulnerability: Addressed an issue that could potentially cause SSRF and credential leakage server and...

8.7CVSS6.8AI score0.01645EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/09 2:41 p.m.34 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.7.

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.7. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an...

9.8CVSS9.5AI score0.84587EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/09 1:14 p.m.10 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

5.8CVSS7.1AI score0.00485EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/09 10:8 a.m.12 views

Security Bulletin: There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27516)

Summary There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed...

8.8CVSS6.7AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/09 6:30 a.m.44 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest update to IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...

9.8CVSS9.1AI score0.00435EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/09 6:10 a.m.11 views

Security Bulletin: IBM Storage Protect Server is vulnerable to authorization bypass attack due to Golang Go (CVE-2024-45337)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is vulnerable to an authorization bypass attack due to a security issue in golang.org/x/crypto. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...

9.1CVSS9.4AI score0.3863EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/09 4:9 a.m.11 views

Security Bulletin: Race Condition in Waitress WSGI Server Can Lead to Resource Exhaustion (Fixed in >= 3.0.1)

Summary Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/08 2:29 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2024 Critical Pat...

5.3CVSS6.2AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/08 1:2 p.m.11 views

Security Bulletin: Due to use of WebSphere Liberty, IBM Cloud Pak Sys is vulnerable to a Denial of Service

Summary WebSphere Liberty is used by IBM Cloud Pak System as part of the WebSphere Liberty pattern type using GraphQL Java CVE-2024-40094. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly...

5.3CVSS7AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/08 10:17 a.m.17 views

Security Bulletin: A Netty vulnerability affects Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server ( CVE-2024-47535 )

Summary Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an...

5.5CVSS6.8AI score0.00467EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/08 10:14 a.m.21 views

Security Bulletin: A Netty vulnerability affects Rational Test Workbench / DevOps Test Workbench ( CVE-2024-47535 )

Summary Rational Test Workbench / Devops Test Workbench are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of...

5.5CVSS6.8AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/08 9:41 a.m.16 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server Liberty container shipped with containerized IBM Security Guardium Key Lifecycle Manager 5.0 (GKLM) (CVE-2024-10963)

Summary WebSphere Application Server Liberty container is shipped as a component of containerized IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server Liberty container has been published in a security bulletin...

7.4CVSS6.8AI score0.00567EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/08 7:36 a.m.15 views

Security Bulletin: There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions

Summary There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-23434 DESCRIPTION: Node.js object-path module could allow a remote attack...

9.8CVSS8.2AI score0.0065EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/07 7:17 p.m.49 views

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-22.3.1.dist-info, zipp-3.18.1.dist-info, jinja2-3.1.4.dist-info, jinja2-3.1.4.dist-info, pip-20.2.4.dist-info, cryptography-44.0.0.dist-info, urllib3-1.26.18.dist-info, ansiblecore-2.15.11.dist-info, ansiblecore-2.15.11.dist-info,...

6.5CVSS7AI score0.05933EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/07 7:13 p.m.26 views

Security Bulletin: IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820.

Summary IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weak...

5.3CVSS7.2AI score0.01473EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/07 7:5 p.m.14 views

Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to CVE-2024-37891.

Summary IBM Maximo Application Suite uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to CVE-2024-37891. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated...

6.5CVSS7.4AI score0.00222EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/07 3:22 p.m.23 views

Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.

Summary IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...

6.1CVSS5.8AI score0.00108EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/07 1:44 p.m.15 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]

Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...

8.7CVSS6.2AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/07 10:21 a.m.26 views

Security Bulletin: IBM Maximo Application Suite uses "golang.org/x/net/html, crypto/internal/nistec, net/http, crypto/x509" which is vulnerable to "CVE-2024-45338, CVE-2025-22866, CVE-2024-45336, CVE-2024-45341"

Summary IBM Maximo Application Suite uses "golang.org/x/net/html, crypto/internal/nistec, net/http, crypto/x509" which is vulnerable to "CVE-2024-45338, CVE-2025-22866, CVE-2024-45336, CVE-2024-45341". This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

6.1CVSS7AI score0.00142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/07 8:9 a.m.20 views

Security Bulletin: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly affects watsonx.data

Summary The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly. Hense could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase a...

4.8CVSS6.2AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/04 9:25 p.m.8 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Incorrect Authorization in Vault (CVE-2023-24999)

Summary Vault is used by IBM Storage Fusion Data Foundation to handle user authentication. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-24999. Vulnerability Details CVEID:CVE-2023-24999 DESCRIPTION: HashiCorp Vault and Vau...

8.1CVSS6.8AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/04 9:24 p.m.7 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Cross-site Scripting in Vault (CVE-2023-2121)

Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, multicluster, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-2121. Vulnerability...

5.4CVSS6.1AI score0.00574EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/04 9:24 p.m.14 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to an Observable Timing Discrepancy in Vault (CVE-2023-25000)

Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-25000. Vulnerability Details...

5CVSS5.9AI score0.00046EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35006