Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 10:33 p.m.•55 views

Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...

10CVSS9.9AI score0.93274EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 9:49 p.m.•39 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated...

5.3CVSS4.9AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 9:9 p.m.•21 views

Security Bulletin: IBM MQ Console is affected by a command injection vulnerability (CVE-2025-0975)

Summary IBM MQ has addressed a command injection vulnerability in the MQ Console Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper Neutralization of...

8.8CVSS6.8AI score0.00104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:59 p.m.•11 views

Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2025-23225)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. CWE:CWE-230: Improper Handling of Missin...

6.5CVSS6.2AI score0.00184EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:54 p.m.•19 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-54173)

Summary IBM MQ Console has addressed a password disclosure vulnerability Vulnerability Details CVEID:CVE-2024-54173 DESCRIPTION: IBM MQ reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. CWE:CWE-1323: Improper Management o...

4.7CVSS5.6AI score0.0005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:39 p.m.•22 views

Security Bulletin: IBM MQ affected by denial of service vulnerability (CVE-2024-54175)

Summary IBM MQ has addressed a denial of service vulnerability Vulnerability Details CVEID:CVE-2024-54175 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. CWE:CWE-754: Improper Check for Unusual or Exceptiona...

5.5CVSS6.1AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:38 p.m.•24 views

Security Bulletin: IBM MQ Appliance Console is affected by code injection vulnerability (CVE-2025-0975)

Summary IBM MQ Appliance has addressed a code injection vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper...

8.8CVSS6.9AI score0.00104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:38 p.m.•28 views

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2024-10197, CVE-2024-21208 and CVE-2024-21217)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

5.3CVSS4.8AI score0.00303EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:38 p.m.•12 views

Security Bulletin: IBM MQ Appliance is affected by Linux kernel vulnerabilities (CVE-2024-53088 and CVE-2024-53122)

Summary IBM MQ Appliance has addressed Linux kernel vulnerabilities. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e...

5.5CVSS6.9AI score0.00015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:38 p.m.•13 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2025-23225)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. CWE:CWE-230: Improper Handling...

6.5CVSS6.5AI score0.00184EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:38 p.m.•15 views

Security Bulletin: IBM MQ Appliance affected by a denial of service vulnerability (CVE-2024-54175)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-54175 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. CWE:CWE-754: Improper Check for Unusual or...

5.5CVSS6.4AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 8:38 p.m.•19 views

Security Bulletin: IBM MQ Appliance Console is affected by a sensitive information disclosure vulnerability (CVE-2024-54173)

Summary IBM MQ Appliance has addressed a sensitive information disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-54173 DESCRIPTION: IBM MQ reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enable...

4.7CVSS5.7AI score0.0005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 7:51 p.m.•23 views

Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software

Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Cross-Site Scripting XSS Vulnerability: Addressed an issue that could allow an attacker to inject malicious...

9.3CVSS9.2AI score0.25071EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:35 p.m.•16 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go [CVE-2024-45337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go, caused by misuse of ServerConfig.PublicKeyCallback in x/crypto/ssh CVE-2024-45337. Golang Go is used by our Speech Utilities. This vulnerabilitiy has been addressed. Please read the details f...

9.1CVSS6.8AI score0.3863EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:29 p.m.•21 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in golang-jwt [CVE-2024-51744]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in golang-jwt, caused by improper error handling in ParseWithClaims CVE-2024-51744. Golang-jwt is used in our Watson Speech Utilities. This vulnerabilitiy has been addressed. Please read the details for...

3.1CVSS6AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:23 p.m.•35 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in PostgreSQL [CVE-2023-39418]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in PostgreSQL, caused by failing to enforce UPDATE or SELECT row security policies in MERGE command CVE-2023-39418. PostgreSQL is used in our Watson Speech Utilities. This vulnerabilitiy has been addresse...

4.3CVSS6.3AI score0.00468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:20 p.m.•19 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git [CVE-2025-21614]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git, due to a weakness in Git server allowing crafted responses which may cause resource exhaustion CVE-2025-21614. Go-Git is used in our watson-speech-catalog images. This vulnerabilitiy has been addressed...

7.5CVSS6.4AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:16 p.m.•12 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]

Summary IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git, allowing the setting of arbitrary values to git-upload-pack flags when file transport protocol is used CVE-2025-21613. Go-git is used in our watson-speech-catalog images. This vulnerabilit...

9.8CVSS7AI score0.03834EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:12 p.m.•18 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in QOS.CH logback [CVE-2024-12801]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in QOS.CH logback, caused by a flaw in the SaxEventRecorder CVE-2024-12801. QOS.CH logback is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for remediati...

2.4CVSS6.4AI score0.00062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:7 p.m.•12 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic, caused by a flaw in the JaninoEventEvaluator extension CVE-2024-12798. Logback-classic is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for...

5.9CVSS7.6AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:3 p.m.•14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Spring Framework [CVE-2024-38809]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Spring Framework, caused by improper input validation CVE-2024-38809. Spring Framework is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for remediation below...

5.3CVSS6.8AI score0.0014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 5:3 p.m.•29 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Local File Inclusion vulnerabilities. For more information about the vulnerability impact, refer ...

9.8CVSS9.8AI score0.9408EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 4:58 p.m.•18 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security weakness in Spring Framework [CVE-2024-38820]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security weakness in Spring Framework, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive CVE-2024-38820. Spring Framework is used by our Speech Microservices. This vulnerabilitiy has been...

5.3CVSS6.2AI score0.01473EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 4:55 p.m.•15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Spring Security [CVE-2024-38827]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Spring Security, caused by a locale dependent exceptions issue in the useage of String.toLowerCase and String.toUpperCase fimctopms CVE-2024-38827. VMware Tanzu Spring Security is used by our Speech...

4.8CVSS6.2AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 4:52 p.m.•18 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal in Spring Framework [CVE-2024-38819]

Summary IBM Watson Speech Services Cartridge is vulnerable to a directory traversal in Spring Framework, caused by improper validation of user request by the functional web frameworks WebMvc.fn or WebFlux.fn CVE-2024-38819. Spring Framework is used by our Speech Microservices. This vulnerabilitiy...

7.5CVSS6.5AI score0.93507EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 4:39 p.m.•15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU Race Condition vulnerability in Apache Tomcat [CVE-2024-50379]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, caused by JSP compilation on case-insensitive file systems when the default servlet is enabled for writing CVE-2024-50379. Apache Tomcat is used by our...

9.8CVSS9.7AI score0.84587EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 4:8 p.m.•13 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23085, CVE-2025-23084 & CVE-2025-22150)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. Vulnerability Details CVEID:CVE-2025-23085 DESCRIPTION: A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header wa...

6.8CVSS9.2AI score0.01289EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 3:56 p.m.•22 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime

Summary Multiple vulnerabilities were identified with IBM Semeru Runtime which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network...

5.3CVSS6.6AI score0.00883EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 3:6 p.m.•15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, caused by JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. CVE-2024-56337. Apache Tomcat is used by our...

9.8CVSS9.8AI score0.1286EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 3:4 p.m.•8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in urllib3 [CVE-2024-37891]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in urllib3, caused by the failure to strip the Proxy-Authorization header during cross-origin redirects CVE-2024-37891. Urllib3 is used by our Speech Runtime images. This vulnerabilitiy has been...

6.5CVSS5.9AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 3:0 p.m.•7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Psf Requests [CVE-2024-35195]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Psf Requests, caused by an incorrect control flow implementation vulnerability CVE-2024-35195. Psf Requests is used by our Speech Runtime images. This vulnerabilitiy has been addressed. Please read the...

5.6CVSS6.2AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 2:58 p.m.•6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site scripting in Twisted [CVE-2024-41810]

Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site scripting in Twisted, caused by improper validation of user-supplied input by the HTTP redirect body CVE-2024-41810. Twisted is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for...

6.1CVSS6.2AI score0.67844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 2:56 p.m.•7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in Twisted [CVE-2024-41671]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in Twisted, caused by a flaw in HTTP 1.0 and 1.1 server CVE-2024-41671. Twisted is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...

8.3CVSS5.8AI score0.00108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 2:48 p.m.•7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja [CVE-2024-56326]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja , caused by a sandbox breakout flaw CVE-2024-56326. Jinja is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability...

8.8CVSS7.4AI score0.00573EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 2:45 p.m.•5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in PostgreSQL [CVE-2024-4317]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure, caused by missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs CVE-2024-4317. PostgreSQL is used by our Speech Utilities. This vulnerabilitiy has been addressed. Please rea...

4.3CVSS6.2AI score0.00263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 2:41 p.m.•4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Golang net [CVE-2024-45338]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Golang net, caused by slow non-linear processing in Parse functions CVE-2024-45338. Golang net is used by our Speech Utilities. This vulnerabilitiy has been addressed. Please read the details for remediation belo...

5.3CVSS6.7AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:56 p.m.•27 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Please refer to the Related Information section below for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IB...

9.8CVSS9AI score0.03014EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:29 p.m.•7 views

Security Bulletin:Vulnerability in Apache Druid affects watsonx.data

Summary Apache Druid could allow a remote attacker to bypass security restrictions. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45384 DESCRIPTION: Apache Druid could allow a remote attacker to bypass security restrictions, caused by a flaw in the druid-pac4j extension. B...

6.5CVSS6.3AI score0.00323EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:28 p.m.•20 views

Security Bulletin:Vulnerabiilties in swagger-ui and Bootstrap affect watsonx.data

Summary swagger-ui is vulnerable to conduct spoofing attacks. Bootstrap is vulnerable to cross-site scripting. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...

6.1CVSS6.3AI score0.8042EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:27 p.m.•19 views

Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data

Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration, which could affect watsonx.data. Vulnerability Details...

9.8CVSS9.8AI score0.84587EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:26 p.m.•14 views

Security Bulletin: Vulnerability in Spring WebFlux affects watsonx.data

Summary Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security...

9.1CVSS6.2AI score0.1309EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:22 p.m.•20 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect watsonx.data

Summary Apache Tomcat is vulnerable to an unchecked error condition attack and to incorrect object re-cycling and re-use attack. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-52316 DESCRIPTION: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured...

9.8CVSS6.8AI score0.21066EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:21 p.m.•13 views

Security Bulletin: Vulnerability in Psf Requests affects watsonx.data

Summary Psf Requests is vulnerable to bypass security restrictions, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

8.7CVSS9.4AI score0.00293EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:14 p.m.•6 views

Security Bulletin: Vulnerability in Apache Lucene affects watsonx.data

Summary Apache Lucene is vulnerable to a denial of service attack and could affect watsonx.data. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 1:13 p.m.•6 views

Security Bulletin: Vulnerability in Cross-Spawn affects watsonx.data

Summary Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS . This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denia...

8.7CVSS9.3AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 12:45 p.m.•5 views

Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6221]

Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6221. Vulnerability Details CVEID:CVE-2024-6221 DESCRIPTION: Flask-CORS could allow a remote attacker to obtain sensitive information, caused ...

7.5CVSS6.1AI score0.00637EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 12:37 p.m.•13 views

Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]

Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...

5.9CVSS6.4AI score0.51662EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 12:33 p.m.•8 views

Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2023-46136]

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-46136 Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsin...

8CVSS6.3AI score0.00877EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 12:33 p.m.•15 views

Security Bulletin: Vulnerabilities in VMware Tanzu Spring Framework affect watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attacks and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-22950 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

6.5CVSS6.9AI score0.02461EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/02/27 12:21 p.m.•12 views

Security Bulletin: Vulnerability in tornado affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-28370]

Summary The tornado package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-28370 Vulnerability Details CVEID:CVE-2023-28370 DESCRIPTION: Tornado could allow a remote attacker to conduct phishing attacks, caused by an open...

6.1CVSS6.4AI score0.005EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059