Lucene search
K

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:45 a.m.•25 views

Security Bulletin: Security vulnerabilities discovered in IBM Security Directory Suite (CVE-2024-45650, CVE-2024-51540) have been addressed.

Summary Security vulnerabilities discovered in IBM Security Directory Suite have been addressed. Vulnerability Details CVEID:CVE-2024-45650 DESCRIPTION: IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation. CWE:CWE-754:...

9.1CVSS8AI score0.01038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:44 a.m.•12 views

Security Bulletin: A vulnerability in jQuery affects IBM Robotic Process automation and could result in cross-site scripting (CVE-2024-30875).

Summary A vulnerability in jQuery affects IBM Robotic Process automation and could result in cross-site scripting. jQuery is used by IBM Robotic Process Automation as part of the Carbon UI framework. This bulletin identifies the fixes required to address the vulnerability. Vulnerability Details...

7.1CVSS6.7AI score0.0079EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:44 a.m.•9 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Information Disclosure (CVE-2024-45089)

Summary IBM Sterling B2B Integrator has addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2024-45089 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an...

4.3CVSS4.2AI score0.00277EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:43 a.m.•12 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Cross-Site Scripting (CVE-2024-47116)

Summary IBM Sterling B2B Integrator has addressed the Cross-Site scripting vulnerability Vulnerability Details CVEID:CVE-2024-47116 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS5.3AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:43 a.m.•12 views

Security Bulletin: The Dashboard of IBM Sterling B2B Integrator is Vulnerable to Cross-Site Scripting (CVE-2024-47103, CVE-2024-49807, CVE-204-40696)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting security vulnerability Vulnerability Details CVEID:CVE-2024-47103 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

6.4CVSS5.1AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:42 a.m.•10 views

Security Bulletin: The Dashboard of the IBM Sterling B2B Integrator is Vulnerable to Cross-Site Request Forgery (CVE-2023-38739)

Summary IBM Sterling B2B Integrator has addressed the Cross-Site request forgery security vulnerability Vulnerability Details CVEID:CVE-2023-38739 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site request forgery which could allow an attacker to execute malicio...

8.8CVSS6.7AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:42 a.m.•44 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rack-2.0.7.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rack-2.0.7.gem Vulnerability Details CVEID:CVE-2022-44572 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the multipart parsing component...

10CVSS8.7AI score0.35376EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:42 a.m.•10 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands have unnecessary external access [CVE-2022-43916]

Summary Some of the IBM App Connect Enterprise Certified Container Pods in a deployed environment have unnecessary external network access. This bulletin provides patch information to address the network access. CVE-2022-43916 Vulnerability Details CVEID:CVE-2022-43916 DESCRIPTION: IBM App Connec...

9.1CVSS6.4AI score0.00265EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:41 a.m.•44 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-46695 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

7.8CVSS7.3AI score0.04063EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:40 a.m.•24 views

Security Bulletin: IBM Aspera Faspex 5 has addressed multiple vulnerabilities (CVE-2023-37412, CVE-2023-37398, CVE-2023-37413, CVE-2023-35907)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.11 Vulnerability Details CVEID:CVE-2023-37412 DESCRIPTION: IBM Aspera Faspex could allow a privileged user to make system changes without proper access controls. CWE:CWE-284:...

9.8CVSS5.5AI score0.00314EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:40 a.m.•18 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to Apache Subversion (CVE-2024-45720)

Summary Apache Subversion is shipped with IBM Tivoli Netcool Impact as part of its version control for files. Information about a security vulnerability affecting Apache Subversion has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-45720 DESCRIPTION: Apache Subversion...

8.2CVSS8.6AI score0.00604EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:39 a.m.•21 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in logback-core

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of logback-core Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allo...

5.9CVSS7.2AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:39 a.m.•20 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in logback-classic

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of logback-classic Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java...

5.9CVSS7.8AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:39 a.m.•17 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF Vulnerability Details CVEID:CVE-2024-6716 DESCRIPTION: libtiff is vulnerable to a denial of service, caused by an out-of-memory flaw in the TIFFReadEncodedStrip function. By persuading a victim to ope...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:38 a.m.•77 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open Source Software OSS components used by IBM Cognos Analytics. Additionally, Cognos Analytics is vulnerable to an XML External Entity Injection XXE. For more information about the vulnerability impact, refer to t...

9.8CVSS9.3AI score0.03283EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:38 a.m.•24 views

Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Bridge (CVE-2024-45672)

Summary A Security Vulnerability has been addressed in IBM Security Verify Bridge. Vulnerability Details CVEID:CVE-2024-45672 DESCRIPTION: IBM Security Verify Bridge could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a...

6CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:37 a.m.•12 views

Security Bulletin: A vulnerability in DotNetZip affects IBM Robotic Process Automation and could allow an attacker to execute arbitrary code (CVE-2024-48510).

Summary A vulnerability in DotNetZip affects IBM Robotic Process Automation and could allow an attacker to execute arbitrary code. DotNetZip was used by IBM Robotic Process Automation for compression. This library has been replaced. This bulletin identifies the fixes required to resolve the...

9.8CVSS9.9AI score0.02061EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:37 a.m.•12 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-site scripting (CVE-2024-51457).

Summary IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS4.9AI score0.00199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:37 a.m.•40 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.287 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in th...

9.2CVSS8.9AI score0.03278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:36 a.m.•17 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Renwoxing Enterprise Intelligent Management System SQL injection vulnerability (CVE-2024-43040)

Summary A potential SQL injection vulnerability CVE-2024-43040 has been identified related to Renwoxing Enterprise Intelligent Management System that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

9.1CVSS9.7AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:36 a.m.•36 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to java_shop arbitrary code execution vulnerabilitiy (CVE-2024-50652)

Summary A potential arbitrary code execution vulnerability CVE-2024-50652 has been identified related to javashop that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-50652 DESCRIPTION:...

6.3CVSS5.8AI score0.00282EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:35 a.m.•22 views

Security Bulletin: IBM watsonx.ai (for IBM Cloud Pak for Data) is vulnerable to cross-site scripting

Summary IBM watsonx.ai for IBM Cloud Pak for Data is vulnerable to cross-site scripting when using unauthored, 3rd party LLM prompts in the Web UI interface of the application. IBM watsonx.ai for IBM Cloud Pak for Data has addresed the applicable vulnerability. Vulnerability Details...

5.4CVSS5.3AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:34 a.m.•24 views

Security Bulletin: A vulnerability in IBM Robotic Process Autmation could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks (CVE-2024-51456).

Summary A vulnerability in IBM Robotic Process Autmation could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. This bulletin identifies the fixes or remediations available to resolve this vulnerability. Vulnerability Details...

5.9CVSS5.9AI score0.00274EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:34 a.m.•19 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Race Condition Format Flaw (CVE-2024-41779) and Race Condition Servlet (CVE-2024-41787)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2024-41779 Race Condition Format Flaw and CVE-2024-41787 Race Condition Servlet. Vulnerability Details CVEID:CVE-2024-41787 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker...

9.8CVSS9.7AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:34 a.m.•20 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy denial of service vulnerabilitiy(CVE-2024-32475).

Summary Potential Envoy denial of service vulnerabilitiyCVE-2024-32475 has been identified that affects IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-32475 DESCRIPTION: Envoy is vulnerable to a...

7.5CVSS7.6AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:33 a.m.•25 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elasticsearch denial of service vulnerabilitiy(CVE-2024-23449)

Summary A potential denial of service vulnerability CVE-2024-23449 has been identified related to Elasticsearch that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23449 DESCRIPTION:...

5.3CVSS5AI score0.00681EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:33 a.m.•14 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy denial of service vulnerabilitiy(CVE-2024-39305).

Summary Potential Envoy denial of service vulnerabilitiyCVE-2024-39305 has been identified that affects IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-39305 DESCRIPTION: Envoy is vulnerable to a...

9.1CVSS7.1AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:32 a.m.•35 views

Security Bulletin: Vulnerability in HAProxy (CVE-2023-45539) affects IBM Watson CP4D Data Stores

Summary A potential sensitive information disclosure vulnerability CVE-2023-45539 has been identified related to HAProxy that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45539...

8.2CVSS6.7AI score0.01526EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:32 a.m.•20 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Validate.js Regular Expression Denial of Service (ReDoS) vulnerabilitiy(CVE-2020-26310)

Summary A potential Regular Expression Denial of Service ReDoSvulnerability CVE-2020-26310 has been identified related to Validate.js that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

8.7CVSS6.3AI score0.00389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:31 a.m.•24 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy denial of service vulnerabilitiy( CVE-2024-45810).

Summary Potential Envoy denial of service vulnerabilitiy CVE-2024-45810 has been identified that affects IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45810 DESCRIPTION: Envoy is vulnerable to ...

7.5CVSS7AI score0.00637EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:31 a.m.•12 views

Security Bulletin: Vulnerability in Elasticsearch (CVE-2023-49921) affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-49921 has been identified related to Elasticsearch that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49921 DESCRIPTION: An issue was...

6.5CVSS5.7AI score0.00445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:31 a.m.•20 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2022-22491]

Summary IBM App Connect Enterprise Certified Container operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. CVE-2022-22491 Vulnerability Details...

5.5CVSS5.3AI score0.0016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:30 a.m.•21 views

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities ( CVE-2024-45640, CVE-2024-45100)

Summary IBM Security ReaQta is vulnerable to exposing sensitive information and denial of service.These vulnerabilities have been addressed in the latest update. Vulnerability Details CVEID:CVE-2024-45640 DESCRIPTION: IBM Security ReaQta returns sensitive information in an HTTP response that coul...

5.3CVSS5.8AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:30 a.m.•10 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted

Summary Software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a...

6.5CVSS6.8AI score0.00577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:29 a.m.•18 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerability which can allow remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser

Summary A vulnerability has been identified under which sensitive application information might be leaked to a remote attacker when a detailed technical error message is returned in the browser which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains...

4.3CVSS4.6AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:29 a.m.•20 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by plaintext password fields which can leak sensitive information

Summary A vulnerability has been identified under which some password fields were used as plaintext causing un-intentional info leakage, which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions...

4.6CVSS4.6AI score0.00185EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:28 a.m.•24 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35150 DESCRIPTION: IBM Maximo Application Suite - Monitor Component does not...

5.3CVSS5.2AI score0.00273EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:28 a.m.•21 views

Security Bulletin: IBM PowerHA SystemMirror for IBM i is vulnerable to multiple vulnerabilities in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896]

Summary The IBM PowerHA SystemMirror for IBM i Web Interface is vulnerable to obtaining cookie values CVE-2024-55897 and hijacking the clicking action of users CVE-2024-55896 as described in the vulnerability details section. The PowerHA Web Interface allows easy management of PowerHA operations...

5.4CVSS5.1AI score0.00219EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:27 a.m.•19 views

Security Bulletin: IBM WebSphere Automation is vulnerable to an unauthorized code or commands execution weakness (CVE-2024-54181)

Summary IBM WebSphere Automation is vulnerable to an unauthorized code or commands execution weakness. Vulnerability Details CVEID:CVE-2024-54181 DESCRIPTION: IBM WebSphere Automation could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Usi...

7.2CVSS7.5AI score0.00973EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:27 a.m.•27 views

Security Bulletin: AIX is vulnerable to denial of service (CVE-2024-47102, CVE-2024-52906)

Summary Vulnerabilities in the AIX TCP/IP and perfstat kernel extensions may lead to a denial of service CVE-2024-47102, CVE-2024-52906. Vulnerability Details CVEID:CVE-2024-47102 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel...

5.5CVSS5.7AI score0.00142EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:27 a.m.•25 views

Security Bulletin: IBM Security QRadar Log Management AQL Plugin contains multiple vulnerabilities (CVE-2024-45296, CVE-2024-8986, CVE-2024-21489)

Summary IBM Security QRadar Log Management AQL Plugin for Grafana contains multiple vulnerabilities. These vulnerabilities have been addressed in the update. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular...

9.1CVSS8.4AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:26 a.m.•16 views

Security Bulletin: A Security Vulnerability was discovered in IBM Security Directory Integrator (CVE-2024-28767)

Summary A Security Vulnerability was adressed in IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2024-28767 DESCRIPTION: IBM Security Directory Integrator could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted...

8.8CVSS7.1AI score0.0064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:26 a.m.•33 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager.

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 4.5.9. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt jwt-go could allow a remote attacker to obtain sensitive information, caused by improper error handling in ParseWithClaims. By sending a...

8.7CVSS7.1AI score0.01009EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:25 a.m.•19 views

Security Bulletin: IBM Security Guardium is affected by a SSRF vulnerability (CVE-2024-49336)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-49336 DESCRIPTION: IBM Security Guardium is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system,...

6.5CVSS5.9AI score0.00213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:25 a.m.•23 views

Security Bulletin: Vulnerability in JsonToBinaryStream() function ( CVE-2024-2410) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability CVE-2024-2410 has been identified related to JsonToBinaryStream function that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24...

9.8CVSS7.1AI score0.00332EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:24 a.m.•27 views

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to denial of service due to Node.js, isaacs node-tar, ShowdownJS

Summary IBM Fusion HCI and IBM Fusion's graphical user interface are vulnerable to a denial of service due to Node.js, isaacs node-tar, and ShowdownJS. CVE-2024-4068, CVE-2024-28863, CVE-2024-1899. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...

7.5CVSS6.8AI score0.01471EPSS
Exploits3Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:24 a.m.•31 views

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to exposure of sensitive information, SSRF and gaining elevated privileges

Summary IBM Fusion HCI and IBM Fusion user interfaces are affected by vulnerabilities in Node.js packages follow-redirects, axios, webpack, and Go package Beego. Vulnerabilities include remote authenticated exposure of sensitive information, server-side request forgery, and cross-site scripting...

8.8CVSS8.4AI score0.01414EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:23 a.m.•28 views

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to lack of egress restriction

Summary IBM Fusion and IBM Fusion HCI are vulnerable to allowing data to be sent to the external network due to the lack of egress restriction. CVE-2024-22315. Vulnerability Details CVEID:CVE-2024-22315 DESCRIPTION: IBM Storage Fusion is vulnerable to insecure network connection by allowing an...

6.5CVSS4.1AI score0.00218EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:23 a.m.•31 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to several issues (CVE-2024-38337, CVE-2024-25016)

Summary IBM Sterling Secure Proxy is affected by an improper input validation vulnerability that is exploitable by authenticated, privileged users. IBM Sterling Secure Proxy SSP also uses IBM MQ, which is vulnerable to improper input validation. Vulnerability Details CVEID:CVE-2024-38337...

9.1CVSS7.5AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/15 3:23 a.m.•29 views

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to cross site scripting XSS and server-side request forgery SSRF vulnerabilities. Please refer to the table in the Related Information section for...

8.2CVSS8.3AI score0.01414EPSS
Exploits1Affected Software2
Total number of security vulnerabilities35634