Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 3:1 p.m.•17 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a special...

5.3CVSS5.5AI score0.0014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:59 p.m.•10 views

Security Bulletin: Vulnerability in GNU Wget affects watsonx.data

Summary GNU Wget could allow a remote authenticated attacker to bypass security restrictions, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38428 DESCRIPTION: GNU Wget could allow a remote authenticated attacker to bypass security restrictions, caused by the mishandling...

9.1CVSS6.2AI score0.00197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:56 p.m.•12 views

Security Bulletin: Vulnerability in Microsoft Azure Identity Libraries and Microsoft Authentication Library affects watsonx.data

Summary Microsoft Azure Identity Libraries and Microsoft Authentication Library is vulnerable to elevation of privileges attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-35255 DESCRIPTION: Microsoft Azure Identity Libraries and Microsoft Authentication Library could...

5.5CVSS5.7AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:53 p.m.•13 views

Security Bulletin: Vulnerability in jshttp cookie affects watsonx.data

Summary jshttp cookie could allow a remote attacker to bypass security restrictions, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attacker to bypass security restrictions, caused by improper input validation by the...

6.9CVSS8.6AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:32 p.m.•10 views

Security Bulletin: Vulnerability in Apache Commons IO affects watsonx.data

Summary Apache Commons IO is vulnerable to a denial of service attack. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the...

4.3CVSS4.8AI score0.00127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:27 p.m.•9 views

Security Bulletin: Vulnerability in Apache commons-compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a...

8.1CVSS7.9AI score0.00018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:24 p.m.•21 views

Security Bulletin: Vulnerability in path-to-regexp affects watsonx.data

Summary path-to-regexp is vulnerable to denial of service attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

7.5CVSS7.4AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:23 p.m.•16 views

Security Bulletin: The B2B API of IBM Sterling B2B Integrator is Vulnerable to Denial of Service (CVE-2024-32007)

Summary IBM Sterling B2B Integrator has addressed the denial of service vulnerability Vulnerability Details CVEID:CVE-2024-32007 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper input validation by the p2c parameter. By sending a specially crafted request, a remote...

7.5CVSS6.6AI score0.00258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:20 p.m.•12 views

Security Bulletin: Vulnerability in go-retryablehttp affects watsonx.data

Summary go-retryablehttp could allow a local authenticated attacker to obtain sensitive information. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-6104 DESCRIPTION: go-retryablehttp could allow a local authenticated attacker to obtain sensitive information, caused by the...

6CVSS6.6AI score0.00045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:17 p.m.•13 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

4.3CVSS5.7AI score0.00809EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:3 p.m.•19 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Denial of Service (CVE-2024-31919, CVE-2024-35116)

Summary IBM Sterling B2B Integrator has addressed the denial of service vulnerability Vulnerability Details CVEID:CVE-2024-31919 DESCRIPTION: IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing...

7.5CVSS6.3AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:3 p.m.•13 views

Security Bulletin: Vulnerability in Elasticsearch affects watsonx.data

Summary Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-23444 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information,...

7.5CVSS4.9AI score0.01483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 2:0 p.m.•25 views

Security Bulletin: Vulnerabiity in pillarjs send affects watsonx.data

Summary pillarjs send is vulnerable to cross-site scripting, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

5CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 1:58 p.m.•11 views

Security Bulletin: Vulnerability in urllib3 affects watsonx.data

Summary urllib3 could allow a remote authenticated attacker to obtain sensitive information. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip...

6.5CVSS5.7AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 1:55 p.m.•17 views

Security Bulletin: Vulnerability in Eclipse EE4J Jakarta Expression Language affects watsonx.data

Summary Eclipse EE4J Jakarta Expression Language is vulnerable to bypass security restrictions attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions,...

5.3CVSS6.4AI score0.00115EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 1:41 p.m.•20 views

Security Bulletin: Vulnerability in Express.js affects watsonx.data

Summary Express.js Express is vulnerable to conduct phishing attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

6.1CVSS6.2AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 1:38 p.m.•53 views

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2021-29425)

Summary Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation in the FileNameUtils.normalize method. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories...

5.8CVSS6.6AI score0.00606EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 1:31 p.m.•24 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-4032 DESCRIPTION: An unspecified error with ipaddress considers some not...

9.8CVSS9AI score0.06702EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 12:55 p.m.•6 views

Security Bulletin: Vulnerability in Apache commons-compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a...

5.5CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 12:46 p.m.•11 views

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package for Java affects watsonx.data

Summary The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service attack. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the...

7.5CVSS7.4AI score0.00091EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 12:42 p.m.•17 views

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request,...

7.5CVSS6.8AI score0.01503EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 12:0 p.m.•13 views

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution on the system due to the Apache Avro component (CVE-2024-47561).

Summary IBM Event Streams is vulnerable to arbitrary code execution on the system. Apache Avro is commonly used in event streams like Apache Kafka to serialize and deserialize event data, providing a structured, efficient, and schema-based format for transmitting messages between producers and...

9.2CVSS7.5AI score0.00747EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 11:29 a.m.•19 views

Security Bulletin: Vulnerability in expressjs serve-static affects watsonx.data

Summary expressjs serve-static is vulnerable to cross-site scripting, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

5CVSS6.1AI score0.00919EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 11:26 a.m.•7 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Security affects watsonx.data

Summary VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38810 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by missin...

7.5CVSS6.3AI score0.00968EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 11:11 a.m.•8 views

Security Bulletin: Vulnerability in Psf Requests affects watsonx.data

Summary Psf Requests is vulnerable to bypass security restrictions, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...

5.6CVSS6.2AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 11:8 a.m.•29 views

Security Bulletin: Vulnerabilities in jQuery affect watsonx.data

Summary jQuery is vulnerable to cross site scripting attacks and to untrusted code execution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...

6.9CVSS6.9AI score0.34098EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 11:4 a.m.•8 views

Security Bulletin: Vulnerabiity in Async Http Client affects watsonx.data

Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2017-14063 DESCRIPTION: Async Http Client aka async-http-client could allow a remote attacker to bypass security...

7.5CVSS6.5AI score0.02826EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 7:9 a.m.•13 views

Security Bulletin: Vulnerability in OpenSSH affects watsonx.data

Summary The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks . This could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain...

5.9CVSS7.1AI score0.51662EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/30 7:2 a.m.•12 views

Security Bulletin: Vulnerability in zipp affects watsonx.data

Summary zipp is vulnerable to a denial of service attack, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker...

6.2CVSS6.2AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 9:9 p.m.•59 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

8.1CVSS9.6AI score0.9439EPSS
Exploits23Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 9:6 p.m.•25 views

Security Bulletin: Security vulnerability found in libxml2 package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in libxml2 package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using th...

7.5CVSS7.9AI score0.00165EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 9:6 p.m.•84 views

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2024-25062. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. Whe...

7.5CVSS7.7AI score0.00165EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 9:5 p.m.•55 views

Security Bulletin: Operations Dashboard is vulnerable to denial of service due to Go (CVE-2023-24534)

Summary Operations Dashboard is vulnerable to denial of service due to Go CVE-2023-24534 with details below. Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial o...

7.5CVSS8.4AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 9:4 p.m.•32 views

Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Golang Go ( CVE-2023-24534 )

Summary Golang Go is used by IBM Storage Protect Server and may be affected by vulnerability CVE-2023-24534. Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial o...

7.5CVSS8.5AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 9:0 p.m.•23 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2023-24534]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2023-24534 Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME...

7.5CVSS8.5AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 8:23 p.m.•25 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to GNOME libxml2 denial of service vulnerability [ CVE-2024-25062]

Summary Potential GNOME libxml2 denial of service vulnerability CVE-2024-25062 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-25062...

7.5CVSS7.8AI score0.00165EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 8:21 p.m.•34 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to obtain sensitive information, to cause a denial of service condition and to cause a segmentation fault, ...

7.8CVSS8.3AI score0.00034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 8:16 p.m.•39 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to obtain sensitive information, to cause a denial of service condition and to cause a segmentation fault, ...

8CVSS7.5AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 8:13 p.m.•36 views

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2019-19012 DESCRIPTION: Oniguruma is vulnerable to a denial of service, caused by an integer...

9.8CVSS9.6AI score0.4471EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 7:23 p.m.•6 views

Security Bulletin: Vulnerability in pypa/setuptools affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in pypa/setuptools has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could...

8.8CVSS9AI score0.09639EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 7:22 p.m.•10 views

Security Bulletin: Vulnerabilities in ISC BIND affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerabilities in ISC BIND has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to...

7.5CVSS7.9AI score0.00282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 7:19 p.m.•46 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open-Source Software (OSS) components

Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Workspace by upgrading or removing the vulnerable libraries. Please refer to the table in the Related...

9.1CVSS9AI score0.75933EPSS
Exploits5Affected Software4
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 6:45 p.m.•16 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to stored cross-site scripting.

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.9AI score0.0009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 5:38 p.m.•20 views

Security Bulletin: Vulnerabilities in zlib can affect watsonx.data

Summary zlib is vulnerable to denial of service attacks. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2016-9842 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an undefined left shift of negative number. By persuading a victim to open a specially crafted documen...

8.8CVSS9.3AI score0.1138EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 5:24 p.m.•47 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in xstream-1.4.9.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of xstream-1.4.9.jar Vulnerability Details CVEID:CVE-2021-21344 DESCRIPTION: XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshallin...

9.8CVSS9.9AI score0.9368EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 3:35 p.m.•30 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2024-47535)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid...

5.5CVSS8.2AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 2:32 p.m.•19 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.2 Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

5CVSS6AI score0.00919EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 12:57 p.m.•68 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to the...

7.5CVSS10AI score0.01255EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 10:56 a.m.•13 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-52798]

Summary node.js module path-to-regexp is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in node.js module...

8.7CVSS6.2AI score0.00293EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/29 10:54 a.m.•13 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...

6.8CVSS6.3AI score0.0082EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059