Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 9:33 p.m.8 views

Security Bulletin: This Power System update is being released to address CVE-2025-0986

Summary A Linux partition in Power10 processor compatibility mode can cause undetected data loss or error when performing gzip compression using hardware acceleration during a specific hardware state window. Vulnerability Details CVEID:CVE-2025-0986 DESCRIPTION: IBM PowerVM could allow a local...

4.5CVSS6.2AI score0.0012EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 8:43 p.m.12 views

Security Bulletin: IBM Planning Analytics Cartridge has addressed security vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Planning Analytics Cartridge. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of third-par...

9.1CVSS7.1AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 8:25 p.m.25 views

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM® Java™ Version 8, IBM® Semeru Runtime and IBM® Websphere Application Server Liberty

Summary There are vulnerabilities in IBM® Java™ Version 8 , IBM® Semeru Runtime and IBM® WebSphere Application Server Liberty used by IBM Planning Analytics and IBM Planning Analytics Workspace. Please refer to the Related Information section below for vulnerability impact. Vulnerability Details...

8.7CVSS7.5AI score0.02772EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 4:26 p.m.30 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...

9.8CVSS8.8AI score0.54862EPSS
Exploits8Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 4:18 p.m.65 views

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: When deserializing untrusted...

10CVSS9.9AI score0.9378EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:50 p.m.11 views

Security Bulletin: There is a vulnerability in Python wheel package for the setuptools library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the setuptools library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow...

8.8CVSS8.6AI score0.01939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:49 p.m.7 views

Security Bulletin: There is a vulnerability in wheel package for urllib3 library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the wheel package for urllib3 library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticat...

6.5CVSS5.2AI score0.01141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:47 p.m.10 views

Security Bulletin: There is a vulnerability in Findings in glib2 library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Findings in glib2 library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-32636 DESCRIPTION: GNOME GLib is vulnerable to a denial of service,...

7.5CVSS6.4AI score0.0078EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:45 p.m.17 views

Security Bulletin: There is a vulnerability in Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server...

7.5CVSS7.5AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:42 p.m.16 views

Security Bulletin: There is a vulnerability in Python wheel package for the aiohttp library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the aiohttp library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-52304 DESCRIPTION: aiohttp could allow a remote...

7.5CVSS6.5AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:39 p.m.17 views

Security Bulletin: There is a vulnerability in Python wheel package for the Hugging Face Transformers library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the Hugging Face Transformers library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-11394 DESCRIPTION: Hugging Fac...

8.8CVSS8.9AI score0.06898EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:37 p.m.11 views

Security Bulletin: There is a vulnerability in the wheel package for the Virtualenv library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the wheel package for the Virtualenv library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-53899 DESCRIPTION: virtualenv before 20.26.6 allows...

8.4CVSS8.2AI score0.01557EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:33 p.m.9 views

Security Bulletin: There is a vulnerability in the wheel package for Jinja2 affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the wheel package for Jinja2 affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to...

8.8CVSS7.9AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:17 p.m.15 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to unauthroized access to other services (CVE-2024-56469)

Summary IBM UrbanCode Deploy UCD / IBM DevOps Deploy could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. Vulnerability Details CVEID:CVE-2024-56469 DESCRIPTION: IBM UrbanCode Deploy UCD / IBM DevOps...

6.3CVSS7AI score0.00246EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:5 p.m.10 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2024-9143 is identified as a potential risk for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netcool System Service...

4.3CVSS5.4AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 11:52 a.m.6 views

Security Bulletin: IBM Maximo Application Suite Predict Component vulnerable to arbitrary code execution

Summary Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how th...

8.8CVSS7.9AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 11:31 a.m.14 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-47554 detected in commons-io-2.11.0.jar (Publicly disclosed vulnerability found by Mend) which is vulnerable to CVE-2024-47554

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-47554 detected in commons-io-2.11.0.jar Publicly disclosed vulnerability found by Mend which is vulnerable to CVE-2024-47554. This bulletin contains information regarding the vulnerability and its fixture...

4.3CVSS4.8AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 1:51 a.m.14 views

Security Bulletin: IBM Cloud Pak System cli is vulnerable to sensitive information exposure

Summary IBM Cloud Pak System cli is vulnerable to sensitive information exposure. CVE-2023-37405, CVE-2023-38272 Vulnerability Details CVEID:CVE-2023-37405 DESCRIPTION: IBM Cloud Pak System stores sensitive data in memory, that could be obtained by an unauthorized user. CWE:CWE-311: Missing...

6.5CVSS6.2AI score0.00326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 12:19 a.m.14 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to HTML injection vulnerability (CVE-2025-1997)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2025-1997 DESCRIPTION: IBM DevOps Deploy /...

5.4CVSS6.7AI score0.00259EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 12:18 a.m.23 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Denial of Service vulnerability in Json-smart (CVE-2024-57699)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to rDenial of Service vulnerability in Json-smart. A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of '', a stack exhaustion can be...

7.5CVSS7.7AI score0.00566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 12:16 a.m.17 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Denial of Service vulnerability in Netty (CVE-2025-25193)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to resource consumption vulnerability in Netty. Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could...

5.5CVSS5.9AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 10:25 p.m.19 views

Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities

Summary IBM Data Product Hub has a dependencies on IBM WebSphere Application Server Liberty and Node.js DOMPurify module, which are vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify...

6.1CVSS6.1AI score0.00559EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 9:54 p.m.21 views

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to Client-Side Desync CSD CVE-2022-39163. Please refer to the table in the Related Information section for...

7.5CVSS6.7AI score0.00943EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 6:21 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.9.0 Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by...

9.8CVSS10AI score0.62474EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 6:2 p.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate insufficiently strong keystore passwords [CVE-2025-1827]

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate keystores on startup for storing keys and certificates. These are generated with an insufficiently strong password. This bulletin provides patch information to address the reported...

6.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 6:0 p.m.19 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.10 LTS and 12.10.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

8.7CVSS7.5AI score0.02357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:31 p.m.12 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.5CVSS6.9AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:28 p.m.19 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.5CVSS6.9AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:26 p.m.19 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

5.5CVSS6.9AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:55 p.m.14 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of...

7.5CVSS6.8AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 1:16 p.m.19 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2024-21235, CVE-2024-21210, CVE-2024-21217, CVE-2024-21208, CVE-2024-10917, CVE-2024-9143. This has been addressed in the remediation section. Vulnerability Details Refer to...

5.3CVSS6.9AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 7:22 a.m.12 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to arbitrary code execution

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Security Bulletin: IBM Maximo Application Suite Predict Component may be vulnerable to arbitrary code execution of Python code through the use of Jinja. This bulletin contains information regarding the vulnerability and i...

8.8CVSS7.6AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 7:20 a.m.16 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component may be vulnerable to PyTorch arbitrary code execution of Python code through the use of torch. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48063...

9.8CVSS8AI score0.01584EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 7:19 a.m.27 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file. This bulletin contains information regarding the...

9.8CVSS6.8AI score0.43663EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:12 a.m.37 views

Security Bulletin: IBM Sterling Control Center is vulnerable to directory traversal (CVE-2023-35020)

Summary IBM Sterling Control Center is vulnerable to unauthorized directory traversal. Vulnerability Details CVEID:CVE-2023-35020 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request...

5.4CVSS5.3AI score0.00537EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:12 a.m.52 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary LibTIFF is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Core and Watson NLP CVE-2022-48281, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, . ncurses is used by IBM Robotic Process Automation for Cloud Pak as part of base container...

7.8CVSS8.7AI score0.69494EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:11 a.m.34 views

Security Bulletin: CVE-2023-50164 affects Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION:...

9.8CVSS9.7AI score0.80819EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:11 a.m.62 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-10977 DESCRIPTION: PostgreSQL could provide weaker than expected security,...

9.5CVSS9.7AI score0.78198EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:10 a.m.47 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation...

9.8CVSS7.9AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:10 a.m.76 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...

9.8CVSS9.9AI score0.91327EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:9 a.m.44 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2023-34054 DESCRIPTION: VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending specially...

9.1CVSS9.2AI score0.04322EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:8 a.m.35 views

Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Golang Go and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as described by the CVEs ...

9.8CVSS9.7AI score0.01837EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:8 a.m.113 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

9.8CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:7 a.m.89 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Open URL Redirection and Link Manipulation vulnerabilities. For more information abou...

8.6CVSS10AI score0.36081EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:6 a.m.82 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.3.0 Vulnerability Details CVEID:CVE-2022-28948 DESCRIPTION: Go-Yaml is vulnerable to a denial of service, caused by a flaw in the Unmarshal function. By sending a specially-crafted input, a remote attacker could...

8.8CVSS9.8AI score0.035EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:6 a.m.57 views

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...

9.1CVSS6.1AI score0.00975EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:5 a.m.52 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2018-17336 DESCRIPTION: UDisks could allow a local attacker to obtain sensitive information, caused by a format string vulnerability in udiskslog in udiskslogging.c. By using a...

8.6CVSS9.4AI score0.11334EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:4 a.m.61 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.15014EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:4 a.m.64 views

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...

9.8CVSS9.5AI score0.17673EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:3 a.m.54 views

Security Bulletin: IBM Security Guardium is affected by multiple OS level vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple...

7.8CVSS8.9AI score0.05794EPSS
Exploits5Affected Software1
Total number of security vulnerabilities35661