Lucene search
K

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:22 a.m.42 views

Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System

Summary There are multiple vulnerabilities in the Linux kernel, used by IBM Storage Scale System, which could allow a denial of service. Fixes for these vulnerabilities are available. Vulnerability Details CVEID:CVE-2024-40998 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused...

7.8CVSS7.6AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:22 a.m.40 views

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update Vulnerability Details CVEID:CVE-2024-26837 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition between generation of the list of MDB events to replay with the creation of new grou...

7.8CVSS8.6AI score0.00278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:21 a.m.24 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-27399, CVE-2024-36972]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-27399, CVE-2024-36972 Vulnerability Details CVEID:CVE-2024-27399 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL...

7.5CVSS7.2AI score0.0067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:21 a.m.27 views

Security Bulletin: IBM Storage Protect Server is susceptible to denial of service due to CoreDNS (CVE-2023-28452).

Summary The IBM Storage Protect Server is susceptible to denial of service caused by improper input validation linked to CoreDNS. Vulnerability Details CVEID:CVE-2023-28452 DESCRIPTION: CoreDNS is vulnerable to a denial of service, caused by improper input validation . By sending a specially...

7.5CVSS7.4AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:20 a.m.33 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0 Vulnerability Details CVEID:CVE-2024-52317 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by an incorrect...

9.8CVSS9.9AI score0.09304EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:20 a.m.32 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability...

9.8CVSS9.2AI score0.05533EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:19 a.m.28 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to a denial of service

Summary IBM i Modernization Engine for Lifecycle Integration keycloak component is vulnerable to a denial of service CVE-2023-6841 as described in the Vulnerability Details section. These components are used in IBM i Modernization Engine for Lifecycle Integration for infrastructure support in the...

7.5CVSS7.5AI score0.00736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:19 a.m.39 views

Security Bulletin: Multiple vulnerabilities in XCC affect Cloud Pak System

Summary Multiple vulnerabilities in XCC affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-8281 DESCRIPTION: Lenovo XClarity Controller could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an input validation weakness. An attacker could...

7.2CVSS7.9AI score0.01099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:19 a.m.20 views

Security Bulletin: Improper access restrictions in IBM Jazz for Service Management exposes sensitive information (CVE-2024-47106)

Summary IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information due to improper access restrictions in an unprotected directory CVE-2024-47106. Vulnerability Details CVEID:CVE-2024-47106 DESCRIPTION: IBM Jazz for Service Management could allow a remote attack...

7.5CVSS5.1AI score0.00389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:18 a.m.27 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto (CVE-2024-8376)

Summary IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto. Vulnerability Details CVEID:CVE-2024-8376 DESCRIPTION: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault o...

7.5CVSS7.4AI score0.00748EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:18 a.m.94 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...

9.8CVSS10AI score0.41611EPSS
Exploits7Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:17 a.m.43 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 286 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CWE:CWE-345:...

9.8CVSS9.3AI score0.54862EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:15 a.m.57 views

Security Bulletin: IBM Cognos Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direc...

9.8CVSS10AI score0.21952EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:15 a.m.25 views

Security Bulletin: Vulnerability in Waitress affects IBM Process Mining (CVE-2024-49768)

Summary There is a vulnerability in Waitress that could allow a remote attacker to bypass a protection mechanism and cause a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.1CVSS6.9AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:14 a.m.34 views

Security Bulletin: IBM InfoSphere DataStage Flow Designer is affected by a path traversal vulnerability (CVE-2024-52363)

Summary A path traversal vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-52363 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted...

7.5CVSS6.6AI score0.0059EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:14 a.m.46 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a...

9.8CVSS9.8AI score0.42326EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:13 a.m.31 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability...

9.8CVSS9.1AI score0.02303EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:13 a.m.28 views

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9.

Summary There are vulnerabilities in the Ruby On Rails component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-47887 DESCRIPTION: railsis vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in HTTP Token authentication in Action...

8.7CVSS6.3AI score0.01103EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:12 a.m.36 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local authenticated attacker could exploit these vulnerabilities to cause a denial of service condition as described by the CVEs in the "Vulnerability Details" section...

7.8CVSS7.8AI score0.00292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:11 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.1 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted packages have...

10CVSS10AI score0.01421EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:11 a.m.29 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directo...

10CVSS9.3AI score0.27858EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:10 a.m.32 views

Security Bulletin: IBM Maximo Asset Management application is vulnerable to allow a remote attacker to traverse directories on the system. (CVE-2024-45652)

Summary IBM Maximo MXAPIASSET API could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. Vulnerability Details CVEID:CVE-2024-45652 DESCRIPTION: IBM Maxi...

7.5CVSS6.5AI score0.00763EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:10 a.m.12 views

Security Bulletin: IBM Technical Support Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as denial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2022-48773 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, cause...

7.1CVSS9AI score0.01287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:9 a.m.14 views

Security Bulletin: Vulnerabilities in linux-firmware (CVE-2023-20584, CVE-2023-31315, CVE-2023-31356) affect Power HMC.

Summary The linux-firmware library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-20584 DESCRIPTION: IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an...

7.5CVSS7AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:6 a.m.75 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary...

9.8CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:5 a.m.95 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary IBM Cognos Analytics is affected by vulnerabilities in IBM WebSphere Application Server Liberty and Open-Source Software OSS. Issues related to these components have been addressed by upgrading or removing the vulnerable libraries. Additionally, a cross-site scripting XSS vulnerability ha...

9.8CVSS10AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:4 a.m.35 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated...

9.1CVSS10AI score0.03288EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:3 a.m.87 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...

8.8CVSS10AI score0.35447EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:2 a.m.40 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-46984 DESCRIPTION: Linux Kernel could allow a local attacker to obtain...

7.8CVSS8.9AI score0.00413EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:2 a.m.18 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a runc security vulnerability (CVE-2024-45310)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the runc component which could allow a remote attacker to bypass security restrictions CVE-2024-45310 Vulnerability Details CVEID: CVE-2024-45310 Description: Open Container Initiative runc could allow a remot...

3.6CVSS6.4AI score0.00317EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:58 a.m.60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory le...

9.8CVSS9.5AI score0.36081EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:58 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cert-manager

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cert-manager. Vulnerability Details CVEID:CVE-2024-36537 DESCRIPTION: cert-manager could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an insecure permissions flaw. By obtaining...

7.2CVSS7.2AI score0.00446EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:57 a.m.76 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.27 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with modrewrite in server/vhost context. By sending a specially crafte...

9.8CVSS9.8AI score0.6795EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:57 a.m.98 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...

9.8CVSS9AI score0.9986EPSS
Exploits6Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:56 a.m.57 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities (CVE-2024-38477, CVE-2021-38963, CVE-2024-38475, CVE-2024-38474)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sendi...

9.8CVSS9.6AI score0.99957EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:56 a.m.71 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, two Malicious File Upload vulnerabilities have been addressed. Please...

9.8CVSS9.7AI score0.99957EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:56 a.m.93 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF036 and 24.0.0-IF002. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

9.8CVSS10AI score0.99957EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:55 a.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration

Summary An authenticated developer user can utilize webMethods Integration Server to create a user through the scheduler service and then elevate that user to an administrator using runAsUser. This action provides elevated privileges for the developer user. webMethods Integration Server could...

9.9CVSS8.1AI score0.00547EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:55 a.m.27 views

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, due to weak password requirements, IBM Controller is susceptible to compromised user accounts. Please refer to the table in the Related...

8.7CVSS9.5AI score0.01191EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:54 a.m.50 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-22020 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system. By embedding...

8CVSS10AI score0.11586EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:54 a.m.83 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 279. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivate, IsLoopback, etc did not work as expected for...

9.8CVSS8.8AI score0.91969EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:53 a.m.87 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-24806 DESCRIPTION: libuv is vulnerable to server-side request forgery, caused...

8.6CVSS9.5AI score0.02003EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:50 a.m.46 views

Security Bulletin: Denial of service, directory traversal, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, directory traversal, and others. The vulnerabilities have been addressed. CVE-2024-49767, CVE-2024-49766, CVE-2024-39614, CVE-2024-38875, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-47119,...

9.1CVSS8.9AI score0.28637EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:50 a.m.71 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive...

7.8CVSS9.8AI score0.19753EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:49 a.m.61 views

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9

Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...

9.8CVSS10AI score0.43346EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:49 a.m.52 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 005 Vulnerability Details CVEID:CVE-2024-39734 DESCRIPTION: IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers...

9.8CVSS7AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.77 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.34 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.0 Vulnerability Details CVEID:CVE-2023-52492 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the channel unregistration function. By sending a...

8.7CVSS10AI score0.01287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:47 a.m.41 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.9CVSS10AI score0.8833EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:47 a.m.35 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-52581 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory leak when more than 255 elements expired. By...

8.1CVSS8AI score0.99506EPSS
Exploits68Affected Software1
Total number of security vulnerabilities35634