Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/01 3:39 a.m.•24 views

Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-40094).

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by failure to consider ExecutableNormalizedFields in Open-source GraphQL Java library used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java ak...

5.3CVSS6.9AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/01 3:38 a.m.•13 views

Security Bulletin: IBM Storage Protect Server may be vulnerable to denial-of-service attack due to Golang Go (CVE-2024-45338)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is vulnerable to a denial-of-service DoS attack due to inefficient regular expression complexity in golang.org/x/net. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...

5.3CVSS7AI score0.00856EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/01 3:37 a.m.•14 views

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-34158, CVE-2024-34155, CVE-2024-34156).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is affected by multiple vulnerabilities that could lead to a denial-of-service DoS attack on the host system. This bulletin provides the necessary steps to mitigate these vulnerabilities. Vulnerability Details...

7.5CVSS7.2AI score0.01127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/01 3:36 a.m.•14 views

Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-9823)

Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to deial-of-service attack due to issues with OutofMemory errors related with DosFilter. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty's DosFilter which can be...

7.5CVSS7.1AI score0.00946EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/01 3:34 a.m.•18 views

Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-6763)

Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to an open redirect attack due to issues with HttpURI parsing and validation checks. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servle...

5.3CVSS6.9AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/04/01 3:33 a.m.•11 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server ( CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071)

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, loss of confidentiality, integrity or availability. CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071. This bulletin identifies the...

7.5CVSS7.3AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/31 1:43 p.m.•21 views

Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot

Summary There is a vulnerable library tomcat-embed-core, in version 10.1.34, transitively used in BAMOE 9, linked from the Spring Boot version used by BAMOE libraries, has been fixed in BAMOE 9.2.0, along with more CVE fixes published in the Security Bulletin 7229574. Vulnerability Details...

10CVSS8AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/31 1:20 p.m.•23 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0. Vulnerability Details CVEID:CVE-2023-51079 DESCRIPTION: MVEL is vulnerable to a denial of service, caused by a TimeOut error...

6.9CVSS9.3AI score0.8383EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/30 1:58 p.m.•18 views

Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-3596...

9CVSS8.2AI score0.14859EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/29 3:40 p.m.•21 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit...

5.3CVSS6.1AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 10:48 p.m.•18 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Snowflake JDBC driver

Summary Multiple vulnerabilities in the Snowflake JDBC driver that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote...

7.8CVSS7.3AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 10:35 p.m.•11 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Python

Summary Multiple vulnerabilities in Python that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-9287 DESCRIPTION: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not...

7.8CVSS7.5AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 10:29 p.m.•12 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jinja

Summary Multiple vulnerabilities in Jinja that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format...

8.8CVSS7.4AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 10:12 p.m.•10 views

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-55895)

Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-55895 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is...

5.3CVSS6.3AI score0.00333EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 10:0 p.m.•6 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes kubelet (CVE-2024-10220)

Summary A vulnerability in Kubernetes kubelet that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-10220 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper...

8.1CVSS7.4AI score0.03001EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 9:54 p.m.•10 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2024-31141)

Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect privilege manageme...

6.5CVSS6.7AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 9:44 p.m.•11 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Netty (CVE-2024-47535)

Summary A vulnerability in Netty that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

5.5CVSS6.8AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 9:23 p.m.•12 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in XStream (CVE-2024-47072)

Summary A vulnerability in XStream that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted binar...

7.5CVSS7.7AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 9:16 p.m.•9 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to an observable response discrepancy (CVE-2024-51477)

Summary An observable response discrepancy vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51477 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated to obtain sensitive username information due to an observable respons...

6.5CVSS6.1AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 8:45 p.m.•15 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2024-38827)

Summary A vulnerability in VMware Tanzu Spring Security that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a locale dependent...

4.8CVSS6.8AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 8:28 p.m.•6 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

5.3CVSS6.7AI score0.00485EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 8:27 p.m.•8 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. This bulletin contains information regarding the vulnerability and its fixture...

6.4CVSS6.6AI score0.00179EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 8:23 p.m.•21 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty . This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

5.5CVSS6.7AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 8:22 p.m.•14 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.4CVSS6.6AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 8:20 p.m.•7 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Open Container Initiative runc (CVE-2024-45310)

Summary A vulnerability in Open Container Initiative runc that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by a race condition...

3.6CVSS6.9AI score0.00317EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 7:59 p.m.•18 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to...

5.3CVSS7.3AI score0.00852EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 7:51 p.m.•9 views

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-7577)

Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7577 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive user credentials from log files during new installation of the product. CWE:CWE-532...

7.5CVSS6.2AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 7:14 p.m.•8 views

Security Bulletin: IBM InfoSphere Information Server may be affected by an information disclosure vulnerability (CVE-2024-43186)

Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-43186 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information that is stored locally under certain...

6.5CVSS5.7AI score0.00251EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 6:51 p.m.•15 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-4741)

Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the SSLfreebuffers API function. By...

7.5CVSS7.3AI score0.02945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 6:46 p.m.•18 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server...

9.1CVSS6AI score0.54026EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 6:5 p.m.•30 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Eclipse SDK affect IBM SPSS Collaboration and Deployment Services CVE-2024-8184, CVE-2024-6763, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2021-28170, CVE-2023-48795, CVE-2023-33201, CVE-2023-33202, CVE-2023-4218, CVE-2023-36478,...

7.5CVSS7.8AI score0.9378EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 5:52 p.m.•27 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Axis

Summary Multiple vulnerabilities in Apache Axis that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2010-1632 DESCRIPTION: Apache Axis2/Java is vulnerable to a denial of service, caused by an error when handling XML DTD Document Type Declaration data. A...

7.5CVSS7.9AI score0.86503EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 5:38 p.m.•35 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

8.7CVSS10AI score0.25939EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 5:7 p.m.•9 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons IO (CVE-2024-47554)

Summary A denial of service vulnerability in Apache Commons IO that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the...

4.3CVSS5.2AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 4:42 p.m.•19 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-6119)

Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking server certificate...

7.5CVSS6.7AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:54 p.m.•7 views

Security Bulletin: Vulnerability in Golang Go affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Golang Go has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

4.3CVSS7.1AI score0.00839EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:54 p.m.•11 views

Security Bulletin: Vulnerability in libexpat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in libexpat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

5.9CVSS6.7AI score0.0104EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:53 p.m.•11 views

Security Bulletin: Vulnerability in Oracle Java affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Oracle Java has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

4.8CVSS6.2AI score0.00971EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:53 p.m.•17 views

Security Bulletin: Vulnerability in Python CPython affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Python CPython has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.7CVSS7AI score0.02203EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:53 p.m.•7 views

Security Bulletin: Vulnerability in archive/zip affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in archive/zip has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

5.5CVSS5.6AI score0.00446EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:53 p.m.•10 views

Security Bulletin: Vulnerability in PAM affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in PAM has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

4.7CVSS6.6AI score0.00265EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:52 p.m.•11 views

Security Bulletin: Vulnerability in golang.org/x/net/http2 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in golang.org/x/net/http2 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

7.5CVSS7.6AI score0.91969EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:52 p.m.•14 views

Security Bulletin: Vulnerability in Apache ZooKeeper affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache ZooKeeper has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

5.3CVSS5.2AI score0.00246EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 3:52 p.m.•7 views

Security Bulletin: Vulnerability in Versions of the package cross-spawn before 7.0.5 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Versions of the package cross-spawn before 7.0.5 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to detail...

8.7CVSS6.9AI score0.00873EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 2:47 p.m.•14 views

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws in JAVA. : An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts, as described in the "Vulnerability Details...

7.4CVSS6.9AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 12:42 p.m.•17 views

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws in JAVA. : An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts, as described in the "Vulnerability Details...

7.5CVSS4.6AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 10:43 a.m.•28 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2025-26791]

Summary IBM Security SOAR uses an older version of DOMpurify that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack 51.0.5.1 . Vulnerability Details CVEID:CVE-2025-26791...

6.1CVSS6.5AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 10:38 a.m.•14 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-12797)

Summary IBM Security SOAR uses an older version of the Python cryptography/openssl library which has a known vulnerability. An update has been released which address this issue. It is recommended upgrading to Version 51.0.5.1 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-127...

6.3CVSS6.8AI score0.02357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 7:25 a.m.•19 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: The function X509VERIFYPARAMadd0policy is...

5.3CVSS6AI score0.01625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/28 7:15 a.m.•18 views

Security Bulletin: Mulltiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing based side channel exists in the...

7.5CVSS7.1AI score0.59501EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35661