Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 11:8 a.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|---...

5.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 10:3 a.m.26 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2024 CPU (CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by 4.1.0.4 to 4.1.1.1 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Oct 2024. Vulnerability Details Refer to the security bulletin...

5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 9:34 a.m.26 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.289 Vulnerability Details CVEID:CVE-2023-45283 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a ??\ prefix...

8.8CVSS9.5AI score0.69905EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 6:7 a.m.7 views

Security Bulletin: IBM Observability with Instana is vulnerable to Authorization bypass in golang.org/x/crypto

Summary golang.org/x/crypto is used by IBM Instana Observability as part of the instana-agent-operator CVE-2024-45337. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...

9.1CVSS9.6AI score0.3863EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 5:6 a.m.13 views

Security Bulletin: Apache Derby vulnerability addressed in IBM JRS (Jazz Reporting Service) [CVE-2022-46337]

Summary Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDAP injection vulnerability in the authenticator. This vulnerability affects IBM Jazz Reporting Service. This bulletin identifies the steps to take to mitigate the vulnerability. Vulnerability Details...

9.8CVSS9.4AI score0.00047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 3:53 a.m.24 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to PAM, go-git and Golang.org/X/Crypto

Summary PAM, go-git, Golang.org/X/Crypto and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, spoofing attacks, and providing weaker than expected security which might allow an attacker to execute arbitrary co...

9.8CVSS9.5AI score0.3863EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 3:31 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway Interface w...

7.5CVSS7.3AI score0.01392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 3:25 a.m.4 views

Security Bulletin: IBM Event Processing is vulnerable to Regular Expression Denial of Service (ReDoS) due to the cross-spawn package (CVE-2024-21538).

Summary Operator of IBM Event Processing is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of cross-spawn package. The cross-spawn npm package is a cross-platform solution for spawning child processes in Node.js. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION:...

8.7CVSS7.4AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/27 3:24 a.m.8 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a Directory Traversal (or path traversal) attack (CVE-2024-21540).

Summary Operator of IBM Event Endpoint Management is vulnerable to a Directory Traversal or path traversal attack due to the source-map-support library. It helps to show original source code in error stack traces for better debugging. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:52 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in follow-redirects

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of follow-redirects Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials whe...

7.3CVSS6.8AI score0.01077EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:52 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Bouncy Castle Crypto Package For Java

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Bouncy Castle Crypto Package For Java Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by...

5.9CVSS5.5AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:52 p.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in moby: classic builder cache poisoning

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of moby: classic builder cache poisoning Vulnerability Details CVEID:CVE-2024-24557 DESCRIPTION: Moby could provide weaker than expected security, caused by improper cache validation in the classic builder cache system. By...

7.8CVSS7.5AI score0.00083EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:52 p.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Bouncy Castle Crypto Package For Java

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Bouncy Castle Crypto Package For Java Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...

7.5CVSS7.4AI score0.00091EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:52 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in zipp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of zipp. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker could...

6.2CVSS6.2AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:50 p.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in urllib3

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of urllib3. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header during...

6.5CVSS4.7AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:50 p.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-27306 DESCRIPTION: aio-libs aiohttp is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerabili...

6.1CVSS6.3AI score0.00749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:49 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in sanitize-html

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of sanitize-html. Vulnerability Details CVEID:CVE-2024-21501 DESCRIPTION: Node.js sanitize-html module could allow a remote attacker to obtain sensitive information, caused by an error when used on the backend and with the...

5.3CVSS6.2AI score0.01807EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:49 p.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Pydantic

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Pydantic. Vulnerability Details CVEID:CVE-2024-3772 DESCRIPTION: Regular expression denial of service in Pydanic 2.4.0, 1.10.13 allows remote attackers to cause denial of service via a crafted email string. CWE:CWE-1333:...

7.5CVSS5.5AI score0.0028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:49 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of ssh: Prefix truncation attack on Binary Packet Protocol BPP Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products...

5.9CVSS6.7AI score0.51662EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:47 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability Requests

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Psf Requests Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation vulnerability...

5.6CVSS5.5AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:47 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a...

4.8CVSS5AI score0.0024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:47 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Async

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Async Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By sending a...

7.5CVSS6.6AI score0.00161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:46 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in JWT

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky...

6.8CVSS6.4AI score0.00391EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:46 p.m.16 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic module Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by a flaw with BER-encoded signatures are allowed. By...

9.1CVSS6AI score0.02898EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:46 p.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial of service, caused by a flaw in the decode function. By sending a specially crafted JSON Web Encryption JWE token...

5.3CVSS5.3AI score0.00254EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:46 p.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in source-map-support

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of source-map-support. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function. CWE:CWE-22: Improper...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:46 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic. Vulnerability Details CVEID:CVE-2024-48949 DESCRIPTION: The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg"...

9.1CVSS9.1AI score0.00292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:46 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending...

7.5CVSS6.6AI score0.00354EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:45 p.m.13 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in fast-xml-parser

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of fast-xml-parser. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

7.5CVSS7.4AI score0.00885EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:45 p.m.27 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moment

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moment. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker...

7.5CVSS6.7AI score0.03173EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:44 p.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Protocol Buffers protobuf-go

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Protocol Buffers protobuf-go. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function wh...

7.5CVSS7.6AI score0.00393EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:44 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in pypa/setuptools

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of pypa/setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. By persuading a...

8.8CVSS9AI score0.09639EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:44 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Bouncy Castle Crypto Package For Java

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Bouncy Castle Crypto Package For Java Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importin...

7.5CVSS7.5AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:44 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...

6.5CVSS6.6AI score0.00925EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:44 p.m.17 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in HTTP/2 protocol

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of HTTP/2 protocol Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...

7.5CVSS7.3AI score0.9439EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:43 p.m.14 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Gunicorn

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Gunicorn Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...

7.5CVSS7.5AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:43 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Joda.org Joda-Time

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Joda.org Joda-Time Vulnerability Details CVEID:CVE-2024-23080 DESCRIPTION: Joda.org Joda-Time is vulnerable to a denial of service, caused by a NullPointerException flaw in the...

9.1CVSS6.7AI score0.00158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:43 p.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Socket.IO

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Socket.IO Vulnerability Details CVEID:CVE-2024-38355 DESCRIPTION: Socket.IO is vulnerable to a denial of service. By sending a specially crafted Socket.IO packet, a remote attacker could exploit this vulnerability to trigg...

7.3CVSS9.1AI score0.00136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:43 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Node.js jose module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Node.js jose module Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a specially crafted reques...

5.9CVSS5.3AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:42 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Certifi python-certifi

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Certifi python-certifi Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS...

7.5CVSS7.4AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:42 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aio-libs aiohttp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aio-libs aiohttp Vulnerability Details CVEID:CVE-2024-30251 DESCRIPTION: aio-libs aiohttp is vulnerable to a denial of service, caused by an infinite loop flaw. By sending specially crafted POST requests, a remote attacker...

7.5CVSS7.5AI score0.00331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:42 p.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in tqdm

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of tqdm Vulnerability Details CVEID:CVE-2024-34062 DESCRIPTION: tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially crafted...

4.8CVSS5.6AI score0.00108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:42 p.m.14 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Natural Language Toolkit (NLTK)

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Natural Language Toolkit NLTK Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted...

9.8CVSS9.8AI score0.10792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:41 p.m.17 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moby

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moby. Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine,...

9.9CVSS9.5AI score0.03345EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:41 p.m.16 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in medikoo es5-ext

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of medikoo es5-ext. Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or...

5.5CVSS6.2AI score0.02005EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 6:40 p.m.15 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...

9.8CVSS9.8AI score0.00888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 4:22 p.m.40 views

Security Bulletin: There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms (CVE-2023-22045 and CVE-2023-22049).

Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms CVE-2023-22045 and CVE-2023-22049. An update to CICS Transaction Gateway for Multiplatforms has been released to address these vulnerabilities...

3.7CVSS5.8AI score0.00141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 3:47 p.m.17 views

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could allow arbitrary code execution or denial of service. CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-5178 CVE-2023-45871 . Vulnerability Details CVEID:CVE-2023-6356 DESCRIPTION: Linux Kernel is...

8.8CVSS8.7AI score0.08105EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 3:47 p.m.33 views

Security Bulletin: Vulnerabilities in bind and dnsmasq affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in bind and dnsmasq affect IBM Storage Virtualize products and could denial of service. CVE-2022-2795 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 CVE-2023-4408 CVE-2023-5517 CVE-5679 CVE-2023-6516 CVE-2023-50387 CVE-2023-50868 . Vulnerability Details CVEID:CVE-2022-2795...

7.5CVSS8.2AI score0.43215EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/26 3:42 p.m.12 views

Security Bulletin: Vulnerability in nghttp2 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in nghttp2 affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-28182. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to versio...

5.3CVSS5.5AI score0.24971EPSS
Exploits1Affected Software8
Total number of security vulnerabilities35059