Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:28 a.m.82 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-30203 DESCRIPTION: GNU Emacs could provide weaker than expected security,...

9.8CVSS9.9AI score0.01323EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:27 a.m.75 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2019-13224 DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by ...

9.8CVSS9.6AI score0.27095EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:24 a.m.67 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

7.5CVSS10AI score0.46836EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:23 a.m.74 views

Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...

9CVSS9.9AI score0.03796EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:23 a.m.22 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by ...

9.8CVSS9.4AI score0.19193EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:22 a.m.46 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081

Summary IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS7.1AI score0.76875EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:22 a.m.29 views

Security Bulletin: Multiple vulnerabilities in Samba may affect IBM Storage Scale SMB protocol access method (CVE-2023-4091, CVE-2023-42669, CVE-2023-3961, CVE-2023-42670)

Summary Multiple samba vulnerabilities may affect IBM Storage Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code or denial of the service on the system. Vulnerability Details CVEID:CVE-2023-4091 DESCRIPTION: Samba could allow a remote...

9.8CVSS8.3AI score0.02409EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:22 a.m.50 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2020-19909 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by an integer overflow in...

9.8CVSS9.6AI score0.78483EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:21 a.m.56 views

Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA

Summary There are multiple vulnerabilities in PowerSC and PowerSC MFA. Vulnerability Details CVEID:CVE-2023-50939 DESCRIPTION: IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...

9.8CVSS7AI score0.00663EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:20 a.m.73 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...

9.8CVSS9.5AI score0.07269EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:19 a.m.25 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Dashboards on Cloud Pak. IBM Cognos Dashboards on Cloud Pak has addressed these vulnerabilities by upgrading IBM® Java™. There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards ...

9.8CVSS9.7AI score0.03821EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:18 a.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java. The flaws can lead to denial of service, sensitive information exposure, memory resource...

7.5CVSS8.1AI score0.06208EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:18 a.m.74 views

Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-34054...

9.8CVSS8.5AI score0.764EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:17 a.m.79 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions,...

9.8CVSS9.7AI score0.9378EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:16 a.m.42 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-38263 DESCRIPTION: IBM SOAR QRadar Plugin App could allow an...

9.8CVSS7.6AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:13 a.m.15 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Plugin Framework for Java (PF4J)

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Plugin Framework for Java PF4J. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40828 DESCRIPTION: Plugin Framework for Java PF4J coul...

7.5CVSS7.9AI score0.01492EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:12 a.m.66 views

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2023-1387)

Summary Grafana is used by IBM Storage Ceph in the dashboard. CVE-2023-1387 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1387 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive informatio...

7.5CVSS5.4AI score0.01504EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 8:25 p.m.18 views

Security Bulletin: A security vulnerability has been identified in open source tomcat library used in IBM Quantum Safe Explorer (Mac and Windows Service)

Summary A security vulnerability has been identified in open source tomcat librarytomcat-embed-core-10.1.34 used in IBM Quantum Safe Explorer Mac and Windows Service Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution...

10CVSS8.1AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 8:23 p.m.15 views

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-39689]

Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2024-39689 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the...

7.5CVSS9.2AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 8:20 p.m.11 views

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-37920]

Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-37920 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the...

9.8CVSS9AI score0.00468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 6:39 p.m.26 views

Security Bulletin: IBM Maximo Application Suite is vulnerable to Unrestricted File Upload (CVE-2025-1500)

Summary IBM Maximo Application Suite is vulnerable to Unrestricted File Upload which could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened CVE-2025-1500. Vulnerability Details CVEID:CVE-2025-1500 DESCRIPTION: IBM Maximo Applicatio...

8CVSS6.3AI score0.00242EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 5:53 p.m.19 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to an authorization bypass (CVE-2024-45337).

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to an authorization bypass CVE-2024-45337. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix required to resolve the...

9.1CVSS9.7AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 3:17 p.m.41 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in ingress-nginx

Summary Multiple vulnerabilities in ingress-nginx that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-1097 DESCRIPTION: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingre...

9.8CVSS8.6AI score0.99098EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 2:59 p.m.14 views

Security Bulletin: Vulnerabilities in dependencies affect IBM Voice Gateway

Summary Security Vulnerabilities in dependencies affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and...

8.1CVSS7.2AI score0.01966EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 1:15 p.m.9 views

Security Bulletin: A vulnerability exists in the IBM Robotic Process Automation Control Center where user sessions are not invalidate after logout

Summary A vulnerability exists in IBM Robotic Process Automation Control Center where user sessions are not invalidate after logout. This bulletin identifies the fixes or remediations available to resolve this vulnerability. Vulnerability Details CVEID:CVE-2024-49825 DESCRIPTION: IBM Robotic...

6.3CVSS6.6AI score0.00196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 1:14 p.m.10 views

Security Bulletin: A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections (CVE-2025-24010).

Summary A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections CVE-2025-24010. Vite is used by IBM Robotic Process Automation as part of it's user interface. This bulletin identifies the fixes required to resolve the...

6.5CVSS6.6AI score0.00283EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 10:55 a.m.33 views

Security Bulletin: IBM Asset Data Dictionary uses jackson-mapper-asl-1.9.2.jar which is vulnerable to CVE-2019-10172, CVE-2019-10202.

Summary IBM Asset Data Dictionary uses jackson-mapper-asl-1.9.2.jar which is vulnerable to CVE-2019-10172, CVE-2019-10202. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remot...

9.8CVSS7.5AI score0.17044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 10:52 a.m.26 views

Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763.

Summary IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable,...

5.3CVSS6.6AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 10:25 a.m.34 views

Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system.. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.1CVSS7.6AI score0.01384EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 10:22 a.m.24 views

Security Bulletin: Vulnerability in Apache Solr (lucene), Apache ZooKeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-9823, CVE-2024-47554)

Summary There is a potential denial of service with Apache Commons IO, Eclipse Jetty that affect Apache Solr lucene, Apache ZooKeeper and Logstash used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty'...

7.5CVSS6.8AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 9:38 a.m.11 views

Security Bulletin: IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565.

Summary IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values...

4.3CVSS6.6AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 9:36 a.m.14 views

Security Bulletin: IBM Maximo Application Suite uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195.

Summary IBM Maximo Application Suite uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated...

5.6CVSS6.2AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 9:27 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195.

Summary IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS6.2AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 8:34 a.m.20 views

Security Bulletin: Vulnerabilities in Apache Solr (lucene) affect IBM Operations Analytics - Log Analysis (CVE-2025-24814, CVE-2024-52012)

Summary There are vulnerabilities in privilege escalation and arbitrary filepath write-access that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2025-24814 DESCRIPTION: Core creation allows users to replace "trusted" configset files with...

5.5CVSS7.9AI score0.47207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 8:13 a.m.23 views

Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2023-50386, CVE-2023-50298, CVE-2023-50292, CVE-2023-50291)

Summary There are vulnerabilities in backup/restore APIs, Solr streaming expressions, and Apache Solr schema designer that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Improper Control of Dynamically-Managed Code...

8.8CVSS7.5AI score0.8384EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 6:52 a.m.33 views

Security Bulletin: Vulnerability in PHP might affect IBM Storage Sentinel Anomaly Scan Engine.

Summary Vulnerabilities in PHP might affect IBM Storage Sentinel Anomaly Scan Engine. A remote attacker can execute arbitrary OS commands, obtain sensitive information, bypass security restrictions, and cause denial of service as described by the CVEs in the "Vulnerability Details" section...

9.4CVSS9.5AI score0.3786EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 6:13 a.m.11 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importi...

7.5CVSS7.7AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/13 8:17 p.m.17 views

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2022-23491]

Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2022-23491 Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that...

7.5CVSS6.5AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/11 11:13 p.m.18 views

Security Bulletin: IBM i is vulnerable to an out-of-bounds write in NTP services due to multiple vulnerabilities.

Summary IBM i is vulnerable to an out-of-bounds write due to a flaw in mstolfp.c in NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, and CVE-2023-26554 as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in t...

5.6CVSS6.7AI score0.00703EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/11 6:13 p.m.19 views

Security Bulletin: IBM Aspera Faspex 5 is vulnerable to cross-site scripting (CVE-2025-3423)

Summary IBM Aspera Faspex 5 is vulnerable to DOM-based cross-site scripting. Attackers could use this vulnerability to trick users into opening malicious URLs, allowing client-side scripts to process and execute at the user's browser. Vulnerability Details CVEID:CVE-2025-3423 DESCRIPTION: IBM...

5.4CVSS6.2AI score0.00241EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/11 5:58 p.m.45 views

Security Bulletin: IBM Aspera Desktop App has multiple vulnerabilities related to Open Source dependencies (CVE-2025-27789 and CVE-2025-24010 )

Summary IBM Aspera Desktop App is affected by inefficient regular expression complexity which can cause excessive CPU cycles and lack of validation on the Origin header which could cause an unauthorized access to any functionality accessible to the communication source. These vulnerabilities have...

6.5CVSS9.4AI score0.00478EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/11 4:51 p.m.20 views

Security Bulletin: IBM Sterling Connect:Direct Web Services 6.1 is affected by PostgreSQL vulnerability.

Summary IBM Connect:Direct Web Services uses PostgreSQL and is vulnerable to CVE-2025-1094. Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn...

8.1CVSS7.9AI score0.89472EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/11 2:35 p.m.15 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.1

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.1 Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding'...

8.8CVSS8AI score0.02357EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 5:24 p.m.74 views

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)

Summary UPDATED 4/10: The included README was updated for clarity. Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2024-56346, CVE-2024-56347. Vulnerability Details CVEID:CVE-2024-56346 DESCRIPTION: IBM AIX nimesis NIM master service could allow a remote...

10CVSS9.9AI score0.01058EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 5:22 p.m.17 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel...

6.2CVSS7AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 5:18 p.m.14 views

Security Bulletin: IBM QRadar Wincollect agent is vulnerable to denial of service ( CVE-2024-51461)

Summary IBM QRadar Wincollect agent is vulnerable to denial of service. The vulnerability have been addressed in the latest update. Vulnerability Details CVEID:CVE-2024-51461 DESCRIPTION: IBM QRadar WinCollect Agent could allow a remote attacker to cause a denial of service by interrupting an HTT...

6.5CVSS6.9AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 5:6 p.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

7.8CVSS8.1AI score0.00171EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 2:32 p.m.13 views

Security Bulletin: IBM Sterling Control Center is affected by sensitive information within URLs may be logged (CVE-2023-43035)

Summary Sensitive information may be logged Session token is passing in the URL within URLs is affecting IBM Sterling Control Center v6.2.1.0, v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2023-43035 DESCRIPTION:...

4CVSS4AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 2:25 p.m.11 views

Security Bulletin: IBM Sterling Control Center is affected by improper input validation (CVE-2023-42007)

Summary Improper input validation is impacting IBM Sterling Control Center v6.4.0.0, v6.3.1.0 and v6.2.1.0. User supplied input is getting reflected as it is in the response without being validated at sever end. Customers must upgrade to latest patch below to address this vulnerability...

5.4CVSS5.4AI score0.00202EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 2:14 p.m.23 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)

Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...

6.5CVSS5.8AI score0.01037EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35661