Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2025/03/06 2:12 p.m.•14 views

Security Bulletin: IBM Concert Software Standard Edition is vulnerable to login brute force attack

Summary IBM Concert Software Standard Edition is the non-OpenShift Container Platform OCP lightweight product form factor deployed to virtual machine. IBM Concert Software Standard Edition 1.0.5 is vulnerable to login brute force attack due to inadequate account lockout settings and weak password...

7.5CVSS7.4AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/06 2:9 p.m.•11 views

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service in Fasterxml jackson-databind [CVE-2023-35116]

Summary IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service in Fasterxml jackson-databind CVE-2023-35116. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml...

4.7CVSS6.8AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/06 2:5 p.m.•14 views

Security Bulletin: Vulnerabilities in commons-compress-1.21.jar affects IBM SPSS Collaboration and Deployment Services (CVE-2024-25710, CVE-2024-26308)

Summary There are vulnerabilities in commons-compress-1.21.jar used by IBM SPSS Collaboration and Deployment Services CVE-2024-25710, CVE-2024-26308. These vulnerabilitiies have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION:...

8.1CVSS6.7AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/06 1:38 p.m.•26 views

Security Bulletin: Security vulnerabilities may affect IBM SDK, Java Technology Edition shipped with IBM TXSeries for Multiplatforms.

Summary Security vulnerabilities may affect IBM SDK, Java Technology Edition shipped with IBM TXSeries for Multiplatforms. Updates to IBM TXSeries for Multiplatforms have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java ...

5.3CVSS6.1AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/06 1:33 p.m.•18 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-52798, CVE-2024-47764)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings int...

8.7CVSS7AI score0.00293EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/06 1:32 p.m.•12 views

Security Bulletin: Vulnerability with NTP 4.2.8p15 affect IBM Cloud Object Storage Systems (March 2025)

Summary Vulnerability with NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554 . This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2023-26552 DESCRIPTION: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when...

5.6CVSS6.6AI score0.00681EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/05 5:20 p.m.•9 views

Security Bulletin: Oracle Outside In Technology (OIT) Security Vulnerabilities - July 2024

Summary Oracle Outside In Technology OIT Security Vulnerabilities CVE-2023-45853 and CVE-2023-52425 - Resolved in July 2024 Oracle OIT v8.5.7 BP3 p36705510 Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer...

9.8CVSS7.5AI score0.01552EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/05 4:40 p.m.•7 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-47535)

Summary There is potentially a denial of service in Netty used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous...

5.5CVSS6.6AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/05 4:17 p.m.•13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to backtracking (CVE-2024-52798)

Summary There is a vulnerability in path-to-regexp used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a...

8.7CVSS6.5AI score0.00293EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/05 2:15 p.m.•21 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

5.3CVSS5.8AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/05 1:58 p.m.•8 views

Security Bulletin: Due to use of Apache Commons IO, IBM MobileFirst Foundation is vulnerable to Uncontrolled Resource Consumption (CVE-2024-47554)

Summary Apache Commons IO is used by IBM MobileFirst Foundation as part of file handling operations. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively...

4.3CVSS6.7AI score0.00127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/05 1:49 p.m.•16 views

Security Bulletin: Snowflake JDBC driver affects watsonx.data

Summary Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect...

5.9CVSS6.8AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 8:44 p.m.•5 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 5:5 p.m.•28 views

Security Bulletin: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the GUI affect IBM Storage Virtualize products and could allow authentication bypass and arbitrary code execution. The CLI is unaffected. CVE-2025-0159 CVE-2025-0160. Vulnerability Details CVEID:CVE-2025-0160 DESCRIPTION: IBM FlashSystems could allow a remote attacker...

9.8CVSS8.6AI score0.00196EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 2:45 p.m.•14 views

Security Bulletin: Vulnerability in logback affects IBM Storage Insights

Summary logback is vulnerable to forging requests, arbitrary code execution, These vulnerabilities affect IBM Storage Insights. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 ...

5.9CVSS7.2AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 2:26 p.m.•20 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2024-4741, CVE-2024-2511, CVE-2024-5535, CVE-2024-4603, CVE-2024-6119 Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute...

9.1CVSS8.2AI score0.14258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 2:25 p.m.•12 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2023-52426 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-52426 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an XML entity expansion flaw if XMLDT...

5.5CVSS6.3AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 2:25 p.m.•17 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2024-7264, CVE-2024-9681 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an...

6.5CVSS6.8AI score0.00882EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 11:48 a.m.•10 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...

9.8CVSS7.9AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 9:58 a.m.•32 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.5.0 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.3.2 or...

5.3CVSS4.3AI score0.00303EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 9:55 a.m.•28 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for February 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF001 and IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management...

7.5CVSS8.7AI score0.01473EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 9:52 a.m.•22 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard.

Summary There are multiple vulnerabilities in the Java SE version that is shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot...

5.3CVSS4.6AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 9:51 a.m.•18 views

Security Bulletin: Security vulnerabilities in Java SE shipped with  IBM CICS TX Advanced.

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult...

5.3CVSS4.6AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 9:4 a.m.•18 views

Security Bulletin: Vulnerability in Flask affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2023-30861]

Summary The Flask package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by...

7.5CVSS6.1AI score0.00215EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/04 5:22 a.m.•16 views

Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.

Summary go-git is used by IBM Instana Observability CVE-2025-21613, CVE-2025-21614 Vulnerability Details CVEID:CVE-2025-21613 DESCRIPTION: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to...

9.8CVSS8.5AI score0.03834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 8:28 p.m.•16 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated Vulnerability Details CVEID:CVE-2024-45086 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML external...

5.5CVSS6.3AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 5:30 p.m.•16 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-40094

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow Process Federation Server and User Management Service. IBM WebSphere Application Server Liberty is also the foundation of many images in IBM Business Automation Workflow on Containers. I...

5.3CVSS6.7AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 5:21 p.m.•20 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary IBM Event Processing was affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop...

9.8CVSS4.8AI score0.78509EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 5:20 p.m.•8 views

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2024-7254

Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty, too. A security vulnerability has been reported for...

8.7CVSS6.7AI score0.00134EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 4:46 p.m.•14 views

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service...

8.7CVSS7.6AI score0.00953EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 4:41 p.m.•18 views

Security Bulletin: There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service (CVE-2021-23926)

Summary There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service CVE-2021-23926 Vulnerability Details CVEID:CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML...

9.1CVSS6.7AI score0.00444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 2:36 p.m.•56 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-9169 DESCRIPTION: GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buff...

10CVSS9.7AI score0.38894EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 1:35 p.m.•9 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message (CVE-2024-39725)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message CVE-2024-39725. Vulnerability Details CVEID:CVE-2024-39725 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacke...

5.3CVSS5.3AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 1:31 p.m.•7 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...

7.5CVSS6.7AI score0.00126EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 1:29 p.m.•15 views

Security Bulletin: Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services (CVE-2023-20863)

Summary Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services CVE-2023-20863 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially...

6.5CVSS6.1AI score0.01066EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 1:24 p.m.•8 views

Security Bulletin: Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services [CVE-2022-46337]

Summary Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services CVE-2022-46337 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in...

9.8CVSS6.4AI score0.00047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 1:24 p.m.•9 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server affect IBM Cloud Pak System [CVE-2024-26026]

Summary Vulnerability in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...

9.8CVSS6.7AI score0.89497EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 11:20 a.m.•12 views

Security Bulletin: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass affects watsonx.data

Summary Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate...

9.1CVSS6.7AI score0.3863EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 11:19 a.m.•21 views

Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data

Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from...

9.8CVSS7.2AI score0.1286EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 10:4 a.m.•15 views

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow Advanced - CVE-2024-54179

Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-54179 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript co...

5.4CVSS6.2AI score0.00076EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/03 9:44 a.m.•23 views

Security Bulletin: Multiple Vulnerabilities in IBM Events Operator

Summary Multiple vulnerabilities were addressed in IBM Events Operator version 5.1.0 Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By...

7.5CVSS7.5AI score0.91736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/02 12:47 p.m.•16 views

Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-25577, CVE-2023-23934]

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-25577, CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by ...

7.5CVSS6.9AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/02 2:2 a.m.•25 views

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a debug protection vulnerability has been addressed. Please refer to the table in the...

9.1CVSS7.4AI score0.02898EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/03/02 1:55 a.m.•14 views

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a vulnerability related to Source Code Obfuscation has been addressed. Please refer to...

9.1CVSS7.2AI score0.02898EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/28 3:44 p.m.•10 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Xml Entity Injection (CVE-2024-39726)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Xml Entity Injection CVE-2024-39726. Vulnerability Details CVEID:CVE-2024-39726 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection...

8.2CVSS7AI score0.00086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/28 3:15 p.m.•26 views

Security Bulletin: ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager (FNCM) Content Search Services (CSS)

Summary ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By...

7.5CVSS7.8AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/28 10:6 a.m.•12 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By...

7.5CVSS7.2AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/28 10:3 a.m.•21 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

7.4CVSS6.3AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/28 9:11 a.m.•24 views

Security Bulletin: Multiple security vulnerabilities in Cloud Pak foundational services are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001

Summary IBM Cloud Pak for Business Automation 24.0.1-IF001 updates the version of IBM Cloud Pak foundational services to address multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper...

8.8CVSS8.4AI score0.14258EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/28 7:34 a.m.•15 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to golang.org/x/net/html, libxml2 and openssl

Summary golang.org/x/net/html, libxml2, openssl, IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service by crafting an input to the Parse functions, and providing weaker than expected security which might allow an attacker to access potentially...

8.8CVSS8.2AI score0.00883EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059