Lucene search
K

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 5:28 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an arbitrary code execution in Jinja [CVE-2024-56326]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Jinja, due to an oversight in how the Jinja sandboxed environment detects calls to str.format, which allows an attacker that controls the content of a template to execute arbitrary Python code...

7.8CVSS7.9AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 5:26 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an information disclosure in PostgreSQL [CVE-2024-4317]

Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in PostgreSQL, caused by a missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs CVE-2024-4317. PostgreSQL is used by our Speech Service utilities. This vulnerabilitiy has been...

4.3CVSS6.6AI score0.00722EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 5:19 p.m.11 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-27907)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

4.1CVSS6.7AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 5:5 p.m.11 views

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...

9.8CVSS7.1AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 4:56 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security bypass in Golang Go [CVE-2024-45337]

Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in Golang Go, caused by applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback CVE-2024-45337. Golang Go is used by our Speech Service utilities...

9.1CVSS7AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 4:38 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat [CVE-2025-24813]

Summary IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat, due to a Path Equivalence issue with 'file.Name' Internal Dot CVE-2025-24813. Apache Tomcat is used in our Speech microservices. This...

10CVSS8.2AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 4:35 p.m.16 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat [CVE-2025-24813]

Summary IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat, due to a Path Equivalence issue with 'file.Name' Internal Dot CVE-2025-24813. Apache Tomcat is used in our Speech microservices. This...

10CVSS8.2AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 4:23 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in FreeType [CVE-2025-27363]

Summary IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in C, due to an out of bounds write that assigns incorrect values causing under-allocation to a heap buffer. CVE-2025-27363. Free Type is used in our Base OS images. This vulnerabilitiy has been addressed. Plea...

8.1CVSS8AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 3:16 p.m.19 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libxml2, Go JOSE and FreeType

Summary libxml2, Go JOSE, FreeType and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to memory exhaustion and a Denial of Service by sending numerous malformed tokens, and arbitrary code execution by writing up to 6 signed long integers out of bounds. This...

9.8CVSS8.3AI score0.26049EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 2:1 p.m.6 views

Security Bulletin: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing, affects watsonx.data

Summary An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...

5.3CVSS7AI score0.00856EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 1:59 p.m.20 views

Security Bulletin:VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected securitycaused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could...

5.3CVSS7.5AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 1:58 p.m.10 views

Security Bulletin:The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting, affects watsonx.data

Summary The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This could affe...

6.4CVSS6AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 10:29 a.m.14 views

Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload( CVE-2024-45088)

Summary IBM Maximo Asset Management is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.4CVSS6.1AI score0.00227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 9:37 p.m.56 views

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

Summary IBM® Db2® is vulnerable to sensitive information disclosure when using ADMINCMD with IMPORT or EXPORT. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When...

6.8CVSS6.1AI score0.00567EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 8:44 p.m.33 views

Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)

Summary IBM® Db2® could disclose sensitive information when using ADMINCMD with LOAD or BACKUP. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When using...

7.5CVSS7.2AI score0.01457EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 6:35 p.m.41 views

Security Bulletin: IBM Cognos Analytics is vulnerable to Malicious File Upload and EL Injection vulnerabilities (CVE-2024-40695, CVE-2024-51466)

Summary IBM Cognos Analytics is considered vulnerable to a Malicious File Upload which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2024-40695 and an Expression Language EL Injection which could allow a remote attacker to explo...

9CVSS8.5AI score0.00586EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 2:3 p.m.9 views

Security Bulletin: IBM Cognos Analytics has addressed a vulnerability in FreeType (CVE-2025-27363)

Summary IBM Cognos Analytics is considered affected by an arbitrary code execution in FreeType CVE-2025-27363. Freetype is used by IBM Cognos Analytics to render fonts. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newe...

8.1CVSS8.4AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 1:12 p.m.17 views

Security Bulletin: IBM WebSphere Automation is vulnerable to an arbitrary code execution (CVE-2025-27363).

Summary IBM WebSphere Automation is vulnerable to an arbitrary code execution. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structure...

8.1CVSS8.3AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 12:4 p.m.13 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary The security issue described in CVE-2025-27907 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

4.1CVSS6.5AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 10:37 a.m.22 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.1.0 Vulnerability Details CVEID:CVE-2024-55909 DESCRIPTION: IBM Concert Software could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource...

8.8CVSS8.2AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 10:53 p.m.50 views

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

9.8CVSS9.8AI score0.45205EPSS
Exploits8Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 10:48 p.m.50 views

Security Bulletin: IBM Spectrum Symphony with Node.js various security issues

Summary IBM Spectrum Symphony with Node.js various security issues Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICUDATA...

7.7CVSS7.3AI score0.02209EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 10:42 p.m.45 views

Security Bulletin: InfoSphere Data Replication is affected by multiple postgresql vulnerbilities

Summary InfoSphere Data Replication uses postgresql. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-26520 DESCRIPTION: pgjdbc could allow a remote attacker to execute arbitrary code on the system, caused by the external control of the...

9.8CVSS8.3AI score0.04094EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 7:38 p.m.27 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.293 Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly...

9.8CVSS8.5AI score0.14614EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 4:11 p.m.8 views

Security Bulletin: IBM Cognos Transformer has addressed a vulnerability in FreeType (CVE-2025-27363)

Summary IBM Cognos Transformer is considered affected by an arbitrary code execution in FreeType CVE-2025-27363. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attemptin...

8.1CVSS8.4AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 4:6 p.m.14 views

Security Bulletin: IBM Cognos PowerPlay has addressed a vulnerability in FreeType (CVE-2025-27363)

Summary IBM Cognos PowerPlay is considered affected by an arbitrary code execution in FreeType CVE-2025-27363. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting ...

8.1CVSS8.4AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:27 p.m.24 views

Security Bulletin: Security vulnerabilities affect libxml2 and gcc packages shipped with IBM CICS TX Advanced.

Summary IBM CICS TX Advanced is impacted by security vulnerabilities found in packages libxml2 and gcc. IBM CICS TX Advanced has been updated in order to address these vulnerabilities. Vulnerability Details CVEID:CVE-2022-49043 DESCRIPTION: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11....

8.1CVSS8.4AI score0.8383EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 1:54 p.m.17 views

Security Bulletin: Multiple vulnerabilities have been found in IBM CICS TX Standard.

Summary IBM CICS TX Standard has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2022-49043 DESCRIPTION: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CWE:CWE-416: Use After Free CVSS Source: [email protected] CVSS Base scor...

8.1CVSS5.9AI score0.8383EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 1:37 p.m.15 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to OpenSSL (CVE-2022-0778)

Summary OpenSSL is used by DataStage on Cloud Pak for Data as part of secure network communication. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-craft...

7.5CVSS9.4AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 1:35 p.m.12 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Avro (CVE-2024-47561)

Summary Apache Avro is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java SDK...

9.2CVSS7.3AI score0.03278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 12:41 p.m.16 views

Security Bulletin: There is an Out-of-Bounds write vulnerability in MIT's Kerberos 5 that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-24528).

Summary There is an Out-of-Bounds write vulnerability in MIT's Kerberos 5 that is shipped with IBM TXSeries for Multiplatforms CVE-2025-24528. MIT's Kerberos 5 is a network authentication protocol that is used by IBM TXSeries for Multiplatforms. An update to IBM TXSeries for Multiplatforms has be...

7.1CVSS6.4AI score0.00606EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 10:12 a.m.11 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to server-side request forgery (CVE-2025-27907)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to server-side request forgery. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|---...

4.1CVSS6.6AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:40 a.m.71 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2-ifix1 Vulnerability Details CVEID:CVE-2025-1974 DESCRIPTION: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve...

9.8CVSS9.8AI score0.99098EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:39 a.m.93 views

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5 Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This...

10CVSS10AI score0.06975EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:38 a.m.35 views

Security Bulletin: IBM Security Guardium is affected by multiple kernel vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update Vulnerability Details CVEID:CVE-2024-26669 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a chain template offload flaw in net/sched. By sending a...

7.8CVSS9.3AI score0.02224EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:38 a.m.21 views

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Javascript Injection. (CVE-2021-29669)

Summary Summary guidance: IBM Engineering Lifecycle Management - IBM Jazz is vulnerable to Javascript Injection. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-29669 DESCRIPTION: IBM Jazz Foundation is vulnerable to...

5.4CVSS5.5AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:37 a.m.23 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-9676)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the cri-o component which a remote authenticated attacker could exploit to cause a denial of service condition. CVE-2024-9676 Vulnerability Details CVEID: CVE-2024-9676 Description: Podman, Buildah and CRI-O a...

6.5CVSS7AI score0.01345EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:37 a.m.24 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-5154)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the cri-o component which could allow an attacker to send a specially crafted URL request containing "dot dot" sequences /../ to read and write arbitrary files on the system. Vulnerability Details CVEID:...

8.1CVSS8.1AI score0.01237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:35 a.m.86 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details CVEID:CVE-2023-49569 DESCRIPTION: go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the ChrootOS...

9.8CVSS10AI score0.05223EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:34 a.m.65 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for April 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF032 and 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is...

9.8CVSS7.3AI score0.99999EPSS
Exploits26Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:34 a.m.106 views

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu...

7.8CVSS9.9AI score0.0616EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:33 a.m.74 views

Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.

Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details CVEID:CVE-2022-2923 DESCRIPTION: Vim is vulnerable t...

7.8CVSS10AI score0.05533EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:33 a.m.24 views

Security Bulletin: Several vulnerabilities affect Watson Machine Learning Accelerator on Cloud Pak for Data 5.0.0

Summary Several vulnerabilities in Watson Machine Learning Accelerator on Cloud Pak for Data 5.0.0 have been fixed in Watson Machine Learning Accelerator on Cloud Pak for Data 5.0 latest refresh. Vulnerability Details CVEID:CVE-2024-3568 DESCRIPTION: Hugging Face Transformers could allow a remote...

9.6CVSS8.9AI score0.03397EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:32 a.m.39 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2023-1260)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that may allow an authenticated user evade security context constraints SCCs admission restrictions, thereby gaining control of a privileged pod CVE-2023-1260. Vulnerability Details CVEID:...

8CVSS8.1AI score0.01569EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:31 a.m.60 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js

Summary Vulnerabilities in Node.js such as remote attacker bypass security restrictions may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-30581 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of proto in...

8.8CVSS8AI score0.01817EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:30 a.m.31 views

Security Bulletin: IBM Safer Payments vulnerable to Denial Of Service Attacks (CVE-2020-4729)

Summary IBM Safer Payments can be crashed by sending specially crafted API calls. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2020-4729 DESCRIPTION: IBM Counter Fraud Management for Safer Payments could allow an authenticated attacker under special circumstances to send...

5.3CVSS5.4AI score0.00648EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:27 a.m.19 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-25690)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.5AI score0.00363EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:27 a.m.43 views

Security Bulletin: IBM Spectrum Protect Plus vulnerability discloses sensitive information due to unencrypted data in transit (CVE-2020-4497)

Summary IBM Spectrum Protect Plus does not encrypt data transfer between vSnap servers and application agents. This could allow an attacker to view senstive information in transit. Vulnerability Details CVEID:CVE-2020-4497 DESCRIPTION: IBM Spectrum Protect Plus discloses sensitive information due...

6.8CVSS5.5AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:26 a.m.97 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

10CVSS10AI score0.42993EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:26 a.m.38 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to information disclosure (CVE-2022-22442)

Summary An information disclosure vulnerability due to improper access controls was addressed in InfoSphere Information Server. Vulnerability Details CVEID:CVE-2022-22442 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to access information restricted to users wit...

6.5CVSS6.2AI score0.00486EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35634