Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:9 a.m.14 views

Security Bulletin: Vulnerabilities in linux-firmware (CVE-2023-20584, CVE-2023-31315, CVE-2023-31356) affect Power HMC.

Summary The linux-firmware library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-20584 DESCRIPTION: IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an...

7.5CVSS7AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:6 a.m.75 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary...

9.8CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:5 a.m.95 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary IBM Cognos Analytics is affected by vulnerabilities in IBM WebSphere Application Server Liberty and Open-Source Software OSS. Issues related to these components have been addressed by upgrading or removing the vulnerable libraries. Additionally, a cross-site scripting XSS vulnerability ha...

9.8CVSS10AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:4 a.m.35 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated...

9.1CVSS10AI score0.03288EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:3 a.m.87 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...

8.8CVSS10AI score0.35447EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:2 a.m.40 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-46984 DESCRIPTION: Linux Kernel could allow a local attacker to obtain...

7.8CVSS8.9AI score0.00413EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:2 a.m.18 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a runc security vulnerability (CVE-2024-45310)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the runc component which could allow a remote attacker to bypass security restrictions CVE-2024-45310 Vulnerability Details CVEID: CVE-2024-45310 Description: Open Container Initiative runc could allow a remot...

3.6CVSS6.4AI score0.00317EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:58 a.m.60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory le...

9.8CVSS9.5AI score0.36081EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:58 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cert-manager

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cert-manager. Vulnerability Details CVEID:CVE-2024-36537 DESCRIPTION: cert-manager could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an insecure permissions flaw. By obtaining...

7.2CVSS7.2AI score0.00446EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:57 a.m.76 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.27 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with modrewrite in server/vhost context. By sending a specially crafte...

9.8CVSS9.8AI score0.6795EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:57 a.m.98 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...

9.8CVSS9AI score0.9986EPSS
Exploits6Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:56 a.m.57 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities (CVE-2024-38477, CVE-2021-38963, CVE-2024-38475, CVE-2024-38474)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sendi...

9.8CVSS9.6AI score0.99957EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:56 a.m.71 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, two Malicious File Upload vulnerabilities have been addressed. Please...

9.8CVSS9.7AI score0.99957EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:56 a.m.93 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF036 and 24.0.0-IF002. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

9.8CVSS10AI score0.99957EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:55 a.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration

Summary An authenticated developer user can utilize webMethods Integration Server to create a user through the scheduler service and then elevate that user to an administrator using runAsUser. This action provides elevated privileges for the developer user. webMethods Integration Server could...

9.9CVSS8.1AI score0.00547EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:55 a.m.27 views

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, due to weak password requirements, IBM Controller is susceptible to compromised user accounts. Please refer to the table in the Related...

8.7CVSS9.5AI score0.01191EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:54 a.m.50 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-22020 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system. By embedding...

8CVSS10AI score0.11586EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:54 a.m.84 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 279. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivate, IsLoopback, etc did not work as expected for...

9.8CVSS8.8AI score0.91969EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:53 a.m.87 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-24806 DESCRIPTION: libuv is vulnerable to server-side request forgery, caused...

8.6CVSS9.5AI score0.02003EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:50 a.m.47 views

Security Bulletin: Denial of service, directory traversal, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, directory traversal, and others. The vulnerabilities have been addressed. CVE-2024-49767, CVE-2024-49766, CVE-2024-39614, CVE-2024-38875, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-47119,...

9.1CVSS8.9AI score0.28637EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:50 a.m.71 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive...

7.8CVSS9.8AI score0.19753EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:49 a.m.61 views

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9

Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...

9.8CVSS10AI score0.43346EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:49 a.m.52 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 005 Vulnerability Details CVEID:CVE-2024-39734 DESCRIPTION: IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers...

9.8CVSS7AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.77 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.34 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.0 Vulnerability Details CVEID:CVE-2023-52492 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the channel unregistration function. By sending a...

8.7CVSS10AI score0.01287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:47 a.m.41 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.9CVSS10AI score0.8833EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:47 a.m.35 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-52581 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory leak when more than 255 elements expired. By...

8.1CVSS8AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:46 a.m.84 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

8.2CVSS10AI score0.87211EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:43 a.m.44 views

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities

Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the system. These vulnerabilities have been addressed in the latest update. Vulnerability Details CVEID:CVE-2023-28154...

10CVSS10AI score0.10059EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:42 a.m.30 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2019-25162 DESCRIPTION: Linux Kernel s vulnerable to a denial of service, cause...

7.8CVSS9.4AI score0.00969EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:42 a.m.34 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-48554 DESCRIPTION: File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the filecopystr function in...

7.8CVSS9.5AI score0.06208EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:42 a.m.48 views

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

7.5CVSS7.6AI score0.03028EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:41 a.m.69 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

9.8CVSS9.8AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:40 a.m.47 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-22017 DESCRIPTION: Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid to drop all privileges due to...

10CVSS8.4AI score0.01309EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:39 a.m.34 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included

Summary There are multiple vulnerabilities that can affect IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-36889 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to ensure...

7.8CVSS9.4AI score0.00406EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:38 a.m.18 views

Security Bulletin: This Power System update is being released to address CVE-2023-52340

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-52340, by upgrading PowerVM and thus addressing the exposure ...

7.5CVSS7AI score0.0094EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:38 a.m.33 views

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Verify Access Appliance

Summary Security Bulletin: Multiple Security Vulnerabilities were addressed in IBM Security Verify Access Appliance and IBM Verify Identity Access Vulnerability Details CVEID:CVE-2018-25091 DESCRIPTION: urllib3 could allow a remote attacker to obtain sensitive information, caused by not removing...

7.5CVSS9.7AI score0.06975EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:38 a.m.42 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-21501 DESCRIPTION: Node.js sanitize-html module could allow a remote attacker to obtain...

9.8CVSS10AI score0.05276EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:37 a.m.82 views

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...

9.8CVSS9.9AI score0.4292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:37 a.m.68 views

Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...

9.8CVSS9.9AI score0.96121EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:36 a.m.29 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to...

5.4CVSS9.1AI score0.43663EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:36 a.m.30 views

Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to denial of service, buffer overflow and allow a local authenticated attacker to gain elevated privileges

Summary glibc, gnutls, gnupg are used by Execution Engine for Apache Hadoop in all the components. CVE-2023-0687, CVE-2023-4911, CVE-2021-3998, CVE-2023-5156, CVE-2023-4527, CVE-2023-4813, CVE-2022-3515, CVE-2024-28835, CVE-2024-28834 Vulnerability Details CVEID:CVE-2023-0687 DESCRIPTION: GNU C...

9.8CVSS9.6AI score0.81422EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:34 a.m.57 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS9.7AI score0.17673EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:34 a.m.26 views

Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management have been delivered in a HotFix for 2.3 FP9 Vulnerability Details CVEID:CVE-2024-6600 DESCRIPTION: Mozilla Firefox could allow a remote attacker to gain unauthorized access to the system, caused by a memory corruption in...

9.8CVSS10AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:32 a.m.196 views

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-6597 DESCRIPTION: Python could provide weaker than expected security, caused by an issue with tempfile.TemporaryDirectory fails removing...

8.6CVSS10AI score0.02945EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:31 a.m.41 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

9.8CVSS9.8AI score0.3197EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:30 a.m.19 views

Security Bulletin: Vulnerabilities in linux-firmware (CVE-2022-46329, CVE-2023-20592) affect Power HMC.

Summary The linux-firmware library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-46329 DESCRIPTION: Intel PROSet/Wireless WiFi and Killer WiFi products could allow a local authenticated attacker to gain elevated...

8.2CVSS6.6AI score0.01018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:30 a.m.49 views

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)

Summary Vulnerabilities contained within libcurl a 3rd party component were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Realtime Action and Base Modules. Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote...

6.5CVSS8AI score0.01685EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:29 a.m.36 views

Security Bulletin: IBM Security Verify Governance - Identity Manager virtual appliance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in IBM Security Verify Governance - Identity Manager virtual appliance. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resour...

7.8CVSS9.3AI score0.05794EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:29 a.m.38 views

Security Bulletin: IBM Security Guardium is affected by multiple Kernel vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-0443 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the blkgs destruction path in block/blk-cgroup.c. A local authenticated attacker could...

9.1CVSS9AI score0.01401EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35661