Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 2:16 p.m.26 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in its dependencies (CVE-2022-45688, CVE-2023-28439, CVE-2023-33201, CVE-2023-41900, CVE-2023-36479, CVE-2023-40167, CVE-2023-36478, )

Summary Multiple vulnerabilities over HuTool, JSON-java, CKEditor4, Bouncy Castle and Eclipse Jetty is affecting IBM Sterling Control Center v6.2.1.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is...

7.5CVSS8.2AI score0.03754EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 11:11 a.m.22 views

Security Bulletin: Multiple Vulnerabilities in glibc affect Cloud Pak System [CVE-2024-33600, CVE-2024-33601]

Summary Vulnerabilities in glibc affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-33600 DESCRIPTION: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result...

7.3CVSS6.7AI score0.01216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 10:20 a.m.22 views

Security Bulletin: Vulnerability in Apache Kafka Clients affects watsonx.data

Summary Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS6.7AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 9:43 a.m.14 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server (CVE-2023-38737)

Summary Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server CVE-2023-38737. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerab...

7.5CVSS6.8AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 9:33 a.m.17 views

Security Bulletin: Vulnerability in Bootstrap (CVE-2024-6531) affects Power HMC.

Summary The Bootstrap library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-6531 DESCRIPTION: Node.js Bootstrap module is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

6.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 6:45 a.m.30 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.0.5 Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the net/http package. By sending a specially crafted HTTP...

8.1CVSS8.9AI score0.91969EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 6:45 a.m.21 views

Security Bulletin: IBM Automation Decision Services for Sept 2024 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2023-45288...

7.5CVSS8.6AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 6:42 p.m.16 views

Security Bulletin: Rational Test Virtualization Server and Rational Test Workbench are vulnerable to denial of service due to Spring MVC (CVE-2024-38828)

Summary Rational Test Control Panel RTCP component of Rational Test Virtualization Server and Rational Test Workbench uses Spring MVC which is vulnerable to a denial of service attack CVE-2024-38828. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an...

5.3CVSS8.3AI score0.00729EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 4:35 p.m.7 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-53088)

Summary IBM DataPower Gateway uses the ethernet driver on hardware platforms. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the...

5.5CVSS7.2AI score0.00199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 12:56 p.m.21 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor CVE-2019-20916, CVE-2021-37714, CVE-2016-2175, CVE-2025-26791, CVE-2025-1470, CVE-2025-1471. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a...

7.8CVSS7.8AI score0.06873EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 12:55 p.m.21 views

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2025-26791, CVE-2025-1470, CVE-2025-1471. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression,...

7.8CVSS6AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 6:43 a.m.14 views

Security Bulletin: After deploying IBM Storage Virtualize vSphere Remote Plug-in, credentials used for vSphere admin and registration with IBM Storage Virtualize products may be exposed in the plugin support package (CVE-2023-43029)

Summary The credentials-encrypted key is not unique across all IBM Storage Virtualize vSphere Remote Plugin virtual machine instances deployed from a Fix Central via OVA. It is possible that the credentials for IBM FlashSystem, IBM SAN Volume Controller, IBM Storwize, vSphere admin, and...

7.5CVSS6AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 6:40 a.m.58 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVE's and this bulletin contains information regarding the vulnerability and its fixture Vulnerability Details CVEID:CVE-2019-10082 DESCRIPTION: Apache HTTP Server could allow a remote...

9.8CVSS10AI score0.99999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 10:58 p.m.13 views

Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)

Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:52 p.m.28 views

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by confidentiality vulnerability (CVE-2015-7399)

Summary WebSphere Message Broker and IBM Integration Bus could allow a potential attacker to identify the technology used to handle incoming HTTP requests Vulnerability Details CVEID: CVE-2015-7399 DESCRIPTION: IBM Integration Bus could allow a potential attacker to identify the technology used t...

5.3CVSS5.4AI score0.01869EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:35 p.m.10 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML Jackson (IBM X-Force ID: 256137)

Summary IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML Jackson, caused by improper input validation by the StreamReadConstraints value field Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:8 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...

7.5CVSS10AI score0.99298EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 4:49 p.m.19 views

Security Bulletin: Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration

Summary Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not...

9.8CVSS6.8AI score0.01931EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 4:37 p.m.22 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...

8.8CVSS8.3AI score0.01249EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 7:11 a.m.24 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update affecting IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory...

5.3CVSS6.2AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/19 4:1 p.m.8 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (Nov 2024)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/19 3:18 p.m.14 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to the improper handling of permissions (CVE-2024-51459)

Summary A vulnerability due to the improper handling of permissions in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51459 DESCRIPTION: IBM InfoSphere Information could allow a local user to execute privileged commands due to the improper handling of...

8.4CVSS6.7AI score0.00131EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/19 3:11 p.m.14 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Axis, CKEditor4 & IBM MQ (CVE-2014-3596, CVE-2018-8032, CVE-2019-0227, CVE-2012-5784, CVE-2021-38986, CVE-2022-22321, CVE-2023-28439)

Summary IBM Sterling Control Center is affected by vulnerabilities in on Apache Axis, CKEditor4 & IBM MQ. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2014-3596 DESCRIPTION: Apache Axis and Axis2 could allow a remote attacker to condu...

7.5CVSS7.5AI score0.86503EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/19 11:56 a.m.8 views

Security Bulletin: IBM Security QRadar EDR could allow Unauthorized File Retrieval via SMB (CVE-2024-45644)

Summary IBM Security QRadar EDR allows SMB file downloads, restricted to Administrator and Responder accounts. This behavior follows Windows OS defaults, and documentation will be updated to recommend NTLM restrictions and least privilege access controls. Vulnerability Details CVEID:CVE-2024-4564...

4.7CVSS6.5AI score0.00257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/18 2:59 p.m.27 views

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...

9.8CVSS9.5AI score0.18891EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/18 9:50 a.m.45 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be...

9.8CVSS8.4AI score0.01157EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/18 6:12 a.m.7 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283

Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...

7.5CVSS6.2AI score0.00715EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 10:11 p.m.34 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2025-26466) and a machine-in-the-middle attack (CVE-2025-26465) due to OpenSSH

Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to cause a denial of service CVE-2025-26466 or a machine-in-the-middle attack CVE-2025-26465. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2025-26466 DESCRIPTION: A flaw was found in the OpenSSH...

6.8CVSS6.6AI score0.38474EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:54 p.m.14 views

Security Bulletin: Vulnerability in Buildah affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Buildah has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.8CVSS6.8AI score0.00392EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:53 p.m.11 views

Security Bulletin: Vulnerability in GNU Wget affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in GNU Wget has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.1CVSS6.4AI score0.00672EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:51 p.m.12 views

Security Bulletin: Vulnerability in Flatpak affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Flatpak has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability...

10CVSS6.7AI score0.01283EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:50 p.m.20 views

Security Bulletin: Vulnerability in Natural Language Toolkit (NLTK) affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Natural Language Toolkit NLTK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional...

9.8CVSS7.5AI score0.01346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:47 p.m.4 views

Security Bulletin: StackOverflow Vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

8.7CVSS6.3AI score0.02772EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:44 p.m.10 views

Security Bulletin: Multiple OS vulnerabilities affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential Multiple OS vulnerabilities has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS10AI score0.21044EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:42 p.m.7 views

Security Bulletin: StackOverflow vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

8.7CVSS6.3AI score0.02772EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:40 p.m.14 views

Security Bulletin: Vulnerabilities in Google Chrome affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Google Chrome has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...

8.8CVSS8.5AI score0.00653EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 2:39 p.m.4 views

Security Bulletin: Vulnerability in Certifi affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Certifi has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.e . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS6.9AI score0.00468EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 1:48 p.m.24 views

Security Bulletin: QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to server-side request forgery (CVE-2024-49822)

Summary QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to to server-side request forgery which may allow an authenticated attacker to send unauthorized requests. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2024-49822 DESCRIPTION: IBM QRadar...

4.1CVSS6.5AI score0.00272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 1:46 p.m.26 views

Security Bulletin: QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. QRadar Advisor With Watson for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could...

8.8CVSS9.3AI score0.02996EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 10:56 a.m.47 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.291 Vulnerability Details CVEID:CVE-2021-20293 DESCRIPTION: RESTEasy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit thi...

7.5CVSS9.2AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 10:8 a.m.18 views

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2024-27268]

Summary Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Patterns. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused ...

7.5CVSS6.5AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 8:22 a.m.14 views

Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1681]

Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1681. Vulnerability Details CVEID:CVE-2024-1681 DESCRIPTION: Flask-CORS could allow a remote attacker to bypass security restrictions, caused ...

5.3CVSS6.7AI score0.00574EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 7:49 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux_2_28_x86_64.whl CVE-2024-28219

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux228x8664.whl CVE-2024-28219. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28219 DESCRIPTION: Pillow is vulnerable to a buff...

6.7CVSS7.8AI score0.00989EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 7:48 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network...

5.5CVSS6.4AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 7:47 a.m.12 views

Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a vulnerability in Cassandra Reaper

Summary Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...

9.8CVSS9.7AI score0.01533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 7:47 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-40094...

5.3CVSS6.7AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 7:46 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45230

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-28219. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45230 DESCRIPTION: Django is vulnerable to a denial of service,...

7.5CVSS7AI score0.25327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/15 10:43 a.m.37 views

Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by multiple Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 291 CVE-2024-45337, CVE-2024-41110, CVE-2024-3596 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...

9.9CVSS7.3AI score0.16496EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/15 10:38 a.m.29 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 291 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...

7.5CVSS7.2AI score0.54862EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/15 12:18 a.m.113 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2 Vulnerability Details CVEID:CVE-2024-21236 DESCRIPTION: Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated...

8.9CVSS9.7AI score0.91969EPSS
Exploits58Affected Software1
Total number of security vulnerabilities35661