Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...

9.8CVSS7.2AI score0.92707EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...

7.5CVSS6.6AI score0.93507EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.61 views

Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.1CVSS6.5AI score0.25097EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.10 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-45072)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

5.5CVSS6.5AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.28 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590 This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of...

7.5CVSS6.6AI score0.01535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting,...

5CVSS6.6AI score0.0012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-31573 DESCRIPTION: XMLUnit for Java could allow an attacker to execute...

4CVSS7.6AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denia...

5.3CVSS6.8AI score0.0014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: VMware Tanzu Spring Security could allow a remote...

7.5CVSS6.3AI score0.9389EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2024-40974).

Summary A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. RedHat UBI images are used by IBM Robotic Process Automation base containers. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerabilit...

7.8CVSS6.9AI score0.00011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.15 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45085

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS6.5AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.15 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45071)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

5.5CVSS6AI score0.00302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM Maximo Application Suite - Ai-Broker Component component uses nltk-3.8.1-py3-none-any.whl which is vulnerable to this CVE-2024-39705

Summary Security Bulletin: IBM Maximo Application Suite - Ai-Broker Component component uses nltk-3.8.1-py3-none-any.whl which is vulnerable to this CVE-2024-39705 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute...

9.8CVSS7.5AI score0.10792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.24 views

Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Access (CVE-2024-45678)

Summary A Security Vulnerability was addressed in IBM Security Verify Access regarding Yubico Yubikey 5 Series. Vulnerability Details CVEID:CVE-2024-45678 DESCRIPTION: Yubico YubiKey 5 Series, Security Key Series and YubiHSM 2 could allow a physical attacker to obtain sensitive information, cause...

4.2CVSS6.3AI score0.00245EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168

Summary IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: gRPC on Node.js is vulnerable to a denial of service, caused ...

5.3CVSS6.7AI score0.00283EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.27 views

Security Bulletin: PVR0501342 [Express - CVE-2024-29041 (Publicly disclosed vulnerability) ]

Summary This Security Bulletin is created to reflect the remedian done for PVR0501342 Express - CVE-2024-29041 Publicly disclosed vulnerability. The 'express' has been upgraded in PowerHA GUI Rel 7.2.9 from version 4.16.4 to version 4.19.2 in order to resolve this PVR. Vulnerability Details...

6.1CVSS6.8AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin:cryptography-42.0.7-cp39-abi3-manylinux_2_28_x86_64.whl Vulnerability Affects IBM Data Observability by Databand (CVE-2024-6119)

Summary A vulnerability in cryptography-42.0.7-cp39-abi3-manylinux228x8664.whl was addressed in IBM Data Observability by Databand Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g.,...

7.5CVSS6.6AI score0.10778EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-43800 CVE-2024-43799 CVE-2024-6119.

Summary IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-43800, CVE-2024-43799 and CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS8.1AI score0.10778EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-2961]

Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-2961 Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system,...

7.3CVSS7.8AI score0.91924EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.23 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Commons Compress component (CVE-2024-25710, CVE-2024-26308).

Summary IBM Event Streams is vulnerable to a denial of service due to the Apache Commons Compress component. Commons Compress is a library that creates a standard interface for the most widely used compression and archiving formats. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache...

8.1CVSS6.7AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.21 views

Security Bulletin: IBM Data Product Hub is vulnerable with IBM Semeru Runtime Quarterly CPU - Jul 2024 (CVE-2024-21131, CVE-2024-21144)

Summary IBM Data Product Hub has a dependency on IBM Semeru Runtime which is vulnerable CVE-2024-21131, CVE-2024-21144. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE...

3.7CVSS7AI score0.00442EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.29 views

Security Bulletin: IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689

Summary IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi...

7.5CVSS6.5AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi [CVE-2024-39689]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi, caused by the use of GLOBALTRUST root certificate CVE-2024-39689. Certifi python-certifi is used by our Speech Service runtimes. This vulnerabilitiy has been...

7.5CVSS6.1AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.28 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, contains a vulnerability in the Google Protocol Buffers protobuf library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

8.7CVSS6.1AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: Vulnerability in idna  ( CVE-2024-3651) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-3651 has been identified related to idna that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3651...

7.5CVSS6.2AI score0.00675EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345

Summary IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...

8.8CVSS7.8AI score0.09639EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: Vulnerability in libexpat affects IBM Cloud Pak System[CVE-2024-45490]

Summary Vulnerability in libexpat affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide weaker than expected security, caused by the failure to reject a negative length for XMLParseBuffer. By providing a negative length value to the...

7.5CVSS6.5AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.18 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-46696, CVE-2024-46697]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-46696, CVE-2024-46697 Vulnerability Details CVEID:CVE-2024-46696 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a...

7.8CVSS6.2AI score0.00054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM InfoSphere Information Server is affected by an XXE vulnerability in IBM WebSphere Application Server Liberty (CVE-2024-22354)

Summary An XML External Entity Injection XXE vulnerability in IBM WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application...

7CVSS6.6AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service attack originating in IBM WebSphere Application Server Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service. This vulnerability is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Product...

7.5CVSS6.3AI score0.00021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy( CVE-2024-24783)

Summary Potential Golang Go denial of service vulnerabilitiy CVE-2024-24783 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24783 DESCRIPTION: Golang Go is...

5.9CVSS7.8AI score0.00602EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class (CVE-2024-47554)

Summary Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw...

4.3CVSS6.3AI score0.00127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.36 views

Security Bulletin: IBM WebSphere Application Server Liberty , which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6.1AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.12 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat [CVE-2024-34750]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by a flaw when processing an HTTP/2 stream CVE-2024-34750. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read t...

7.5CVSS6.7AI score0.21539EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: XML External Entity Injection attack in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-22354).

Summary IBM Storage Protect Operations Center may be affected by loss of confidentiality, availability and integrity of host system caused by XML External Entity Injection XXE attack in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere...

7CVSS6.5AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.21 views

Security Bulletin: Multiple vulnerabilities may affect IBM Decision Optimization for Cloud Pak for Data (CVE-2024-42459, CVE-2024-42460 and CVE-2024-42461)

Summary There are multiple vulnerabilities in Node.js Elliptic used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module coul...

9.1CVSS6.6AI score0.02898EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-21536]

Summary Node.js module http-proxy-middleware is used by IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring components, which are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

7.5CVSS6.5AI score0.00354EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-45085)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. It is vulnerable to a denial of service attack. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.5CVSS6.4AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.30 views

Security Bulletin: IBM Data Product Hub uses Node.js axios & elliptic modules which are vulnerable (CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461)

Summary IBM Data Product Hub has dependencies on Node.js axios & elliptic modules which are vulnerable CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2024-42461...

9.1CVSS6.5AI score0.02898EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution [CVE-2024-47175]

Summary OpenPrinting libppd is present as a Red Hat package in the IBM App Connect Enterprise Certified Container images used by the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin...

9.8CVSS7.5AI score0.36228EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-51471)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-51471 DESCRIPTION: IBM MQ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the...

5.3CVSS6.5AI score0.00183EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to a denial of service (CVE-2024-45085).

Summary The security issue described in CVE-2024-45085 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS6.5AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM MQ Console is affected by a denial of service vulnerability (CVE-2024-51471)

Summary IBM MQ has addressed a denial of service vulnerability in the IBM MQ console Vulnerability Details CVEID:CVE-2024-51471 DESCRIPTION: IBM MQ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside...

5.3CVSS6.3AI score0.00183EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.18 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-5535]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-5535 Vulnerability Details CVEID:CVE-2024-5535 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the...

9.1CVSS6.9AI score0.06702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.29 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-9143]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused b...

4.3CVSS7.4AI score0.00883EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.31 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38477) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By...

7.5CVSS6.7AI score0.01464EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Storage Protect Server is susceptible to multiple authentication related vulnerabilities due to coreDNS (CVE-2022-2837, CVE-2022-2835, CVE-2024-0874).

Summary The IBM Storage Protect Server is susceptible to authentication-related vulnerabilities linked to coreDNS. These vulnerabilities may allow authenticated attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-2837 DESCRIPTION: coreDNS could allow a remote...

6.1CVSS6.4AI score0.003EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.34 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38473) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

8.1CVSS6.7AI score0.89144EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)

Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...

5CVSS6.8AI score0.00919EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.4AI score0.00115EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059