Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/29 10:11 a.m.16 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45087)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

4.8CVSS5.8AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/29 4:50 a.m.15 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 21 4.2.0.21 Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceedin...

9.8CVSS9.5AI score0.23878EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/29 3:19 a.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10979

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect...

8.8CVSS7.1AI score0.06356EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/29 3:17 a.m.24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10976

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of...

5.4CVSS6.5AI score0.01099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/29 3:15 a.m.10 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10977

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could provide weaker than expected security, caused by a flaw with retaining an error message from man-in-the-middle. A remote attacker could exploit this vulnerability to launch further attacks on the system. Vulnerability...

3.7CVSS6.4AI score0.00345EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/29 3:14 a.m.7 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10978

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could allow a remote authenticated attacker to bypass security restrictions, caused by an incorrect privilege assignment Vulnerability Details CVEID:CVE-2024-10978 DESCRIPTION: PostgreSQL could allow a remote authenticated...

4.2CVSS6.5AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/29 2:15 a.m.11 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime impact IBM SPSS Modeler

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime impact IBM SPSS Modeler CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850, CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131,...

7.5CVSS5.3AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM MQ Appliance Console is affected by a password disclosure vulnerability (CVE-2024-52896)

Summary IBM MQ Appliance has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...

6.2CVSS6.3AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in expressjs body-parser (CVE-2024-45590)

Summary A vulnerability in expressjs body-parser that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially...

7.5CVSS6.6AI score0.01535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2024-48948)

Summary There is a vulnerability in elliptic used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: Elliptic could allow a remote attacker to bypas...

4.8CVSS6.8AI score0.00162EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.23 views

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application CVE-2024-40094 Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

5.3CVSS7AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-45296)

Summary There is a vulnerability in pillarjs Path-to-RegExp used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is...

7.5CVSS7.1AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is vulnerable to HTML injection (CVE-2024-51472)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-51472 DESCRIPTION: IBM DevOps Deploy /...

3.1CVSS6.4AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.24 views

Security Bulletin: Due to use of Node.js IBM DataPower Gateway vulnerable to denial of service (CVE-2024-45590)

Summary Node.js is used by IBM DataPower Gateway as part of the user interface. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...

7.5CVSS6.5AI score0.01535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to server-side request (CVE-2024-39338)

Summary There is a vulnerability in Axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery...

7.5CVSS6.4AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.10 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43796)

Summary There is a vulnerability in expressjs express used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to...

5CVSS6.8AI score0.0012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2024-38808)

Summary A vulnerability in VMware Tanzu Spring Framework that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

4.3CVSS6.7AI score0.00809EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

4.8CVSS6.2AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-21145, CVE-2024-21131) affect Power HMC.

Summary The IBM Java SDK library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low...

4.8CVSS5.9AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.17 views

Security Bulletin: Financial Transaction Manager v4 is impacted by a denial of service(DoS) vulnerability in WebSphere Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty is bundled with Financial Transaction Manager. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...

7.5CVSS6.5AI score0.00021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.33 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to OpenSSH arbitrary code execution vulnerability (CVE-2024-6387)

Summary Potential OpenSSH arbitrary code execution vulnerabilitiy CVE-2024-6387 has been identified that could affect IBM Watson CP4D Data Stores. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH coul...

8.1CVSS8.4AI score0.65792EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.43 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused...

5.3CVSS6.7AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: Denial of service in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-27268).

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by specially crafted request in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

7.5CVSS5.8AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.18 views

Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Apache Tomcat (CVE-2024-38286)

Summary Apache Tomcat is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of its web interface. Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of the TLS handshake process under certain configurations. By sending specially crafted requests, a remot...

8.6CVSS6.3AI score0.00401EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a possible race condition [CVE-2024-49353]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a possible race condition, due to a failure to properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. CVE-2024-49353. This issue,...

7.5CVSS6.5AI score0.00047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.31 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus (CVE-2024-21534) and cookie (CVE-2024-47764)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus CVE-2024-21534 and cookie CVE-2024-47764. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package...

9.8CVSS7.6AI score0.92707EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS6.3AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.23 views

Security Bulletin: IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172

Summary IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-41172 DESCRIPTION: Apache CXF is vulnerable to a...

7.5CVSS6.7AI score0.01187EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: Maximo Asset Management- A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45072)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

5.5CVSS5.7AI score0.0004EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.31 views

Security Bulletin: IBM MQ is vulnerable to a denial of service (CVE-2024-40680)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-40680 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. CVSS Base score: 6.2 CVSS Temporal Score: See:...

5.5CVSS5.5AI score0.00045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]

Summary Node.js module elliptic is used by IBM App Connect Enterprise Certified Container for signature validation. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to denial of service and security restrictions bypass. This bulletin provide...

9.1CVSS6.5AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution [CVE-2024-51465]

Summary IBM App Connect Enterprise Certified Container operator allows arbitrary code execution by an IntegrationRuntime or IntegrationServer due to insufficient checks on the operands configuration. This bulletin provides patch information to address the reported vulnerability in IBM App Connect...

8.8CVSS7.9AI score0.00264EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.29 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)

Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...

7.5CVSS6.5AI score0.01535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Kubernetes kubelet [CVE-2024-5321]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Kubernetes kubelet, caused by incorrect permissions on Windows containers logs CVE-2024-5321. Kubernetes kubelet is used by our Speech Service utilities. This vulnerabilitiy has been addressed. Please...

6.1CVSS6AI score0.00071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52896)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...

6.2CVSS6.3AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.31 views

Security Bulletin: This Power System update is being released to address CVE-2024-26665

Summary When the BMC is configured to use IPv6, it is vulnerable to an attacker per CVE-2024-26665. Vulnerability Details CVEID:CVE-2024-26665 DESCRIPTION: Linux Kernel is vulnerable to a denial of service caused by out-of-bounds access when building IPv6 PMTU. By sending a specially crafted...

7.1CVSS6.7AI score0.00011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.28 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...

7.5CVSS6.6AI score0.01464EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-39490]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-39490 Vulnerability Details CVEID:CVE-2024-39490 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missi...

6.2CVSS6.3AI score0.00117EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2024-1975]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-1975 Vulnerability Details CVEID:CVE-2024-1975 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error if a server hosts a zone...

7.5CVSS6.8AI score0.00238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Master Data Management is vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server (CVE-2024-45072)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user coul...

5.5CVSS6.3AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: Vulnerability in Elastic Elasticsearch ( CVE-2024-23444) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential sensitive information disclosure vulnerability CVE-2024-23444 has been identified related to Elastic Elasticsearch that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

7.5CVSS6AI score0.01483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.11 views

Security Bulletin: IBM Master Data Management vulnerable to denial of service due to IBM WebSphere Application Server under certain configurations (CVE-2024-45085)

Summary IBM Master Data Management 11.6 is vulnerable to a denial of service from a specailly crafted request through IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted...

7.5CVSS7AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to MongoDB sensitive information disclosure vulnerability [ CVE-2024-5629]

Summary Potential sensitive information disclosure vulnerability in MongoDB CVE-2024-5629 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

8.1CVSS7.9AI score0.0017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.41 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to remote code execution due to the use of OpenSSH (CVE-2024-6387)

Summary IBM Virtualization Engine TS7700 is susceptible to remote code execution due to the use of OpenSSH CVE-2024-6387. OpenSSH is used by TS7700 to allow access from the TSSC Console by IBM authorized service personnel. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow...

8.1CVSS8.7AI score0.65792EPSS
Exploits68Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.30 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in VMware Tanzu Spring [CVE-2024-38816]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in VMware Tanzu Spring, caused by a path traversal attack in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn CVE-2024-38816. VMware Tanzu Spring is us...

7.5CVSS6AI score0.9389EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

9.8CVSS7.8AI score0.0037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.9 views

Security Bulletin: Vulnerability in Python Software Foundation Black ( CVE-2024-21503) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-21503 has been identified related to Python Software Foundation Black that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

5.3CVSS6.5AI score0.00081EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31580]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has bee...

4CVSS7.1AI score0.00038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.12 views

Security Bulletin: Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788

Summary Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788 with details below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-43788 DESCRIPTION: Webpack and Rspack are...

6.4CVSS6.2AI score0.0152EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.26 views

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

7.5CVSS5.2AI score0.00152EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059