Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35013 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 6:0 p.m.16 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.10 LTS and 12.10.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

8.7CVSS7.5AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:31 p.m.11 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.5CVSS6.9AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:28 p.m.19 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.5CVSS6.9AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:26 p.m.18 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

5.5CVSS6.9AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:55 p.m.13 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of...

7.5CVSS6.8AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 1:16 p.m.19 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2024-21235, CVE-2024-21210, CVE-2024-21217, CVE-2024-21208, CVE-2024-10917, CVE-2024-9143. This has been addressed in the remediation section. Vulnerability Details Refer to...

5.3CVSS6.9AI score0.00883EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 7:22 a.m.12 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to arbitrary code execution

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. This bulletin contains information regarding the vulnerability and i...

8.8CVSS7.6AI score0.00573EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 7:20 a.m.15 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component may be vulnerable to PyTorch arbitrary code execution of Python code through the use of torch. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48063...

9.8CVSS8AI score0.25104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 7:19 a.m.27 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file. This bulletin contains information regarding the...

9.8CVSS6.8AI score0.84587EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:12 a.m.35 views

Security Bulletin: IBM Sterling Control Center is vulnerable to directory traversal (CVE-2023-35020)

Summary IBM Sterling Control Center is vulnerable to unauthorized directory traversal. Vulnerability Details CVEID:CVE-2023-35020 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request...

5.4CVSS5.3AI score0.00049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:12 a.m.52 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary LibTIFF is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Core and Watson NLP CVE-2022-48281, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, . ncurses is used by IBM Robotic Process Automation for Cloud Pak as part of base container...

7.8CVSS8.7AI score0.08301EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:11 a.m.34 views

Security Bulletin: CVE-2023-50164 affects Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION:...

9.8CVSS9.7AI score0.93657EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:11 a.m.58 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-10977 DESCRIPTION: PostgreSQL could provide weaker than expected security,...

9.5CVSS9.7AI score0.93188EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:10 a.m.47 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation...

9.8CVSS10AI score0.3863EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:10 a.m.74 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...

9.8CVSS9.9AI score0.87555EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:9 a.m.44 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2023-34054 DESCRIPTION: VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending specially...

9.1CVSS9.2AI score0.01608EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:8 a.m.33 views

Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Golang Go and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as described by the CVEs ...

9.8CVSS9.7AI score0.00354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:8 a.m.111 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

9.8CVSS9.8AI score0.944EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:7 a.m.85 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Open URL Redirection and Link Manipulation vulnerabilities. For more information abou...

8.6CVSS10AI score0.01962EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:6 a.m.81 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.3.0 Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerable to a denial of service, caused by a flaw in the Unmarshal function. By sending a specially-crafted input, a remote attacker could...

8.8CVSS9.8AI score0.01524EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:6 a.m.53 views

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...

9.1CVSS6.1AI score0.001EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:5 a.m.50 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2018-17336 DESCRIPTION: UDisks could allow a local attacker to obtain sensitive information, caused by a format string vulnerability in udiskslog in udiskslogging.c. By using a...

8.6CVSS9.4AI score0.04289EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:4 a.m.60 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.84982EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:4 a.m.64 views

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...

9.8CVSS9.5AI score0.10953EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:3 a.m.51 views

Security Bulletin: IBM Security Guardium is affected by multiple OS level vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple...

7.8CVSS8.9AI score0.43614EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:3 a.m.13 views

Security Bulletin: Vulnerability in Samba affect Specrtum Scale shipped with Cloud pak System

Summary Vulnerability in Samba affect Specrtum Scale shipped with Cloud pak System CVE-2023-4091 Vulnerability Details CVEID:CVE-2023-4091 DESCRIPTION: Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using the aclxattr Samba VFS module with...

6.5CVSS6.9AI score0.00438EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:3 a.m.80 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...

9.8CVSS10AI score0.35125EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:2 a.m.90 views

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest IBM Security Verify Governance release. Vulnerability Details CVEID:CVE-2023-33840 DESCRIPTION: IBM Security Verify Governance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

9.8CVSS9.7AI score0.3862EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:1 a.m.65 views

Security Bulletin: IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service

Summary IBM Spectrum Symphony with ISC BIND is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-3488 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error related to the processing of repeated responses to the same query, where both responses contain...

7.5CVSS7.8AI score0.15211EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:0 a.m.24 views

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Directory Suite (CVE-2022-32753, CVE-2022-32751, CVE-2022-33165)

Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

7.5CVSS6.1AI score0.00077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 4:0 a.m.56 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...

7.5CVSS7.4AI score0.34098EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:58 a.m.104 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2022-36227 DESCRIPTION: libarchive s vulnerable to a denial of service, caused by a NULL pointer dereference flaw due to not check for an error after calling calloc function...

9.8CVSS9.8AI score0.03615EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:58 a.m.71 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2002-0080 DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...

7.5CVSS9.4AI score0.944EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:57 a.m.47 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing multiple actions separated by a...

9.8CVSS9.7AI score0.00354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:57 a.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

10CVSS9.2AI score0.5922EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:56 a.m.45 views

Security Bulletin: Security vulnerability has been identified in IBM License Metric Tool v9.

Summary IBM License Metric Tool could allow a remote attacker to get read access to '/WEB-INF' folder on the ILMT server. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43044 DESCRIPTION: IBM License Metric Tool could allow ...

7.5CVSS6.3AI score0.00087EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:56 a.m.56 views

Security Bulletin: Unauthenticated Path Traversal security vulnerability CVE-2023-38366 in IBM Content Navigator in FileNet Content Manager

Summary Unauthenticated Path Traversal security vulnerability CVE-2023-38366 in Administration Console for Content Platform Engine ACCE/IBM Content Navigator ICN in FileNet Content Manager FNCM Vulnerability Details CVEID:CVE-2023-38366 DESCRIPTION: IBM Content Navigator could allow a remote...

5.3CVSS5.3AI score0.00071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:55 a.m.48 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

9.8CVSS10AI score0.70144EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:55 a.m.43 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS10AI score0.42304EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:54 a.m.47 views

Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)

Summary Several vulnerabilities have been addressed in IBM Security Directory Server, IBM Security Directory Suite, and IBM Security Verify Directory products. Vulnerability Details CVEID:CVE-2022-33164 DESCRIPTION: IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse...

9.1CVSS7.7AI score0.00072EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:54 a.m.57 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.2 Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially...

9.8CVSS9.8AI score0.64352EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:54 a.m.62 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

9.8CVSS9.2AI score0.60417EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:53 a.m.30 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS9.3AI score0.04395EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:52 a.m.62 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Java, Go, Python, OpenSSL and Node.js Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused b...

9.8CVSS9.8AI score0.03639EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:51 a.m.78 views

Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.

Summary Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities, listed in multiple CVEs CVE-2023-34981, CVE-2022-1471, CVE-2022-4065, CVE-2021-23450, CVE-2021-23450, CVE-2022-40151, CVE-2022-41966, CVE-2023-41080, CVE-2022-48285, CBE-2020-11971, CVE-2023-28709,...

9.8CVSS9.9AI score0.93849EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:51 a.m.45 views

Security Bulletin: IBM Security Verify Governance - Identity Manager Virtual Appliance has multiple vulnerabilities (CVE-2023-35019, CVE-2023-35016)

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance, Identity Manager - Virtual Appliance component. Vulnerability Details CVEID:CVE-2023-35019 DESCRIPTION: IBM Security Verify Governance, Identity Manager could allow a remote authenticated attacker to...

8.8CVSS7.5AI score0.00155EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:50 a.m.99 views

Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...

9.8CVSS9.6AI score0.0504EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:49 a.m.67 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC

Summary Multiple vulnerabilities in Progress DataDirect Connect for ODBC used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34363 DESCRIPTION: Progress DataDirect Connect for ODBC could allow a remote attacker to obtain sensitive information, caused by...

9.8CVSS9.8AI score0.00285EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:49 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.1 Vulnerability Details CVEID:CVE-2024-27043 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal...

8.8CVSS10AI score0.08423EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/03/26 3:48 a.m.95 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in t...

8.7CVSS9.7AI score0.04189EPSS
Exploits11Affected Software1
Total number of security vulnerabilities35013