Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:36 p.m.•10 views

Security Bulletin: IBM Sterling File Gateway is Vulnerable to Information Disclosure (CVE-2024-47109)

Summary IBM Sterling File Gateway has addressed the information disclosure security vulnerability Vulnerability Details CVEID:CVE-2024-47109 DESCRIPTION: IBM Sterling File Gateway UI could disclosure the installation path of the server which could aid in further attacks against the system...

5.3CVSS6.6AI score0.00263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:34 p.m.•7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1

Summary Pip is used by the DataStage on Cloud Pak for Data px-runtime microservice as part of package installation. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial...

5.5CVSS5.6AI score0.00476EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:33 p.m.•11 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Denial of Service in Amazon Ion (CVE-2024-21634)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability from Amazon Ion Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a...

7.5CVSS7.9AI score0.0082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:31 p.m.•15 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds writes due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client HBase API. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Use...

7.3CVSS6.1AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:28 p.m.•10 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to LDAP injection due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-25613 DESCRIPTION: Apache Kerby could allow a remote attacker to conduct an LDAP injection, caused by a flaw in LdapIdentityBackend. By sending a request with ...

9.8CVSS9.2AI score0.01491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:24 p.m.•6 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to buffer overflow due to the nsdc package

Summary Ncsd is used by DataStage on Cloud Pak for Data as part of the name service lookup. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a...

8.1CVSS6.6AI score0.0131EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:21 p.m.•19 views

Security Bulletin: Multiple Security Vulnerabilities in Google Guava Affects IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from Google Guava Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and...

7.1CVSS5.8AI score0.05119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:20 p.m.•30 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to the SnakeYAML package (CVE-2022-38751, CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38752, CVE-2022-25857, CVE-2022-41854, CVE-2022-1471)

Summary SnakeYAML is used by DataStage on Cloud Pak for Data as part of the YAML serialization functionality. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a...

9.8CVSS7.6AI score0.99615EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:17 p.m.•26 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to jackson-databind package

Summary jackson-databind is used by the DataStage on Cloud Pak for Data ds-runtime service as part of JSON content handling. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secure...

7.5CVSS7.9AI score0.17611EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 3:3 p.m.•7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to remote security bypass due to Node.js package

Summary Node.js is used by the DataStage on Cloud Pak for Data ds-canvas service as part of Javascript processing. Vulnerability Details CVEID:CVE-2023-39331 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file...

7.7CVSS7.7AI score0.01325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 2:45 p.m.•15 views

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Netezza nz-linux-amd64 0.7.1

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-29923 DESCRIPTION: Golang Go could allow a...

9.1CVSS8.8AI score0.05416EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 2:32 p.m.•9 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypte...

7.5CVSS7.8AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 8:22 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tornado-6.3.3-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2024-52804

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tornado-6.3.3-cp38-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl CVE-2024-52804. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

7.5CVSS7AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/10 7:3 a.m.•15 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Nimbus-JOSE-JWT

Summary A vulnerability has been identified in Nimbus-JOSE-JWT-7.9, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id...

7.5CVSS8AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 5:20 p.m.•16 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in path-to-regexp

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can ...

8.7CVSS6.4AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 5:17 p.m.•23 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-core

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of tomcat-embed-core Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensiti...

9.8CVSS7AI score0.43663EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 5:16 p.m.•4 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in cookie-encrypter

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of cookie-encrypter Vulnerability Details CVEID:CVE-2024-53441 DESCRIPTION: An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack...

9.1CVSS7.1AI score0.00279EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 5:16 p.m.•11 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Target Blank Vulnerability (CVE-2024-39727)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Target Blank Vulnerability CVE-2024-39727. Vulnerability Details CVEID:CVE-2024-39727 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to...

9.8CVSS6.9AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 4:44 p.m.•11 views

Security Bulletin: IBM Sterling Control Center is vulnerable to External Service Interaction (DNS)

Summary External Service Interaction DNS Vulnerability are impacting IBM Sterling control center v6.3.1 and v6.2.1 Vulnerability Details CVEID:CVE-2023-43052 DESCRIPTION: IBM Sterling Control Center is vulnerable to an external service interaction attack, caused by improper validation of...

5.3CVSS6.9AI score0.00338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 4:40 p.m.•10 views

Security Bulletin: IBM Sterling Control Center is vulnerable to HTTP Host Header Injection Vulnerability

Summary HTTP Host Header Injection Vulnerability is affecting Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-35894 DESCRIPTION: IBM Sterling Control Center is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow ...

6.1CVSS6.7AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 4:9 p.m.•17 views

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of...

8.7CVSS7.6AI score0.02772EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 3:14 p.m.•40 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker to traverse directories on the system, caused by a flaw when installing package via a...

8.8CVSS10AI score0.03028EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/07 4:26 a.m.•13 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server (CVE-2024-40094)

Summary Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

5.3CVSS6.8AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 10:37 p.m.•21 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in Python.

Summary IBM Virtualization Engine TS7700 is susceptible to four denial-of-service conditions due to the use of Python CVE-2024-7592, CVE-2024-8088, CVE-2024-0450, CVE-2024-6232, one elevation of privilege CVE-2024-6345, two tampering CVE-2024-4032, CVE-2024-6923, one information disclosure...

8.8CVSS8.9AI score0.02303EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 10:9 p.m.•11 views

Security Bulletin: AIX is affected by a denial of service (CVE-2024-50602) due to Python

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service CVE-2024-50602. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-50602 DESCRIPTION: An issue was discovered in libexpat before 2.6.4. There is a cras...

5.9CVSS7AI score0.0104EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 9:15 p.m.•6 views

Security Bulletin: IBM Virtualization Engine TS7700 is vulnerable to Spoofing due to IBM WebSphere Application Server Liberty (CVE-2023-50314).

Summary IBM Virtualization Engine TS7700 is susceptible to spoofing due to IBM WebSphere Application Server Liberty vulnerability CVE-2023-50314. TS7700 uses IBM WebSphere Application Server Liberty to provide the management interface. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM...

7.5CVSS6.5AI score0.00254EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 9:11 p.m.•15 views

Security Bulletin: Vulnerabilities in Java affect IBM Voice Gateway

Summary Security Vulnerabilities in Java affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...

5.3CVSS6.1AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 8:38 p.m.•11 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in axios

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of axios Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...

9.8CVSS7AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 8:36 p.m.•29 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows...

5.3CVSS5.7AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 8:33 p.m.•14 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in gRPC

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of gRPC Vulnerability Details CVEID:CVE-2024-7246 DESCRIPTION: Google gRPC is vulnerable to a denial of service, caused by HPACK table poisoning between the proxy and the backend. By sending a specially crafted...

6.3CVSS6.8AI score0.00224EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 8:21 p.m.•5 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessive...

4.3CVSS6.7AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 8:20 p.m.•12 views

Security Bulletin: IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in go-retryablehttp has been identified that affectsIBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...

6CVSS6.3AI score0.00358EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 5:57 p.m.•20 views

Security Bulletin: libxml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-25062)

Summary The libxml2 used by Identity Insight has a vulnerability in its XMLReader API call. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

7.5CVSS7AI score0.01364EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 2:12 p.m.•14 views

Security Bulletin: IBM Concert Software Standard Edition is vulnerable to login brute force attack

Summary IBM Concert Software Standard Edition is the non-OpenShift Container Platform OCP lightweight product form factor deployed to virtual machine. IBM Concert Software Standard Edition 1.0.5 is vulnerable to login brute force attack due to inadequate account lockout settings and weak password...

7.5CVSS7.4AI score0.00398EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 2:9 p.m.•11 views

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service in Fasterxml jackson-databind [CVE-2023-35116]

Summary IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service in Fasterxml jackson-databind CVE-2023-35116. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml...

4.7CVSS6.8AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 2:5 p.m.•15 views

Security Bulletin: Vulnerabilities in commons-compress-1.21.jar affects IBM SPSS Collaboration and Deployment Services (CVE-2024-25710, CVE-2024-26308)

Summary There are vulnerabilities in commons-compress-1.21.jar used by IBM SPSS Collaboration and Deployment Services CVE-2024-25710, CVE-2024-26308. These vulnerabilitiies have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION:...

8.1CVSS6.7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 1:38 p.m.•26 views

Security Bulletin: Security vulnerabilities may affect IBM SDK, Java Technology Edition shipped with IBM TXSeries for Multiplatforms.

Summary Security vulnerabilities may affect IBM SDK, Java Technology Edition shipped with IBM TXSeries for Multiplatforms. Updates to IBM TXSeries for Multiplatforms have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java ...

5.3CVSS6.1AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 1:33 p.m.•18 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-52798, CVE-2024-47764)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings int...

8.7CVSS7AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/06 1:32 p.m.•13 views

Security Bulletin: Vulnerability with NTP 4.2.8p15 affect IBM Cloud Object Storage Systems (March 2025)

Summary Vulnerability with NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554 . This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2023-26552 DESCRIPTION: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when...

5.6CVSS6.6AI score0.00703EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/05 5:20 p.m.•10 views

Security Bulletin: Oracle Outside In Technology (OIT) Security Vulnerabilities - July 2024

Summary Oracle Outside In Technology OIT Security Vulnerabilities CVE-2023-45853 and CVE-2023-52425 - Resolved in July 2024 Oracle OIT v8.5.7 BP3 p36705510 Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer...

9.8CVSS7.5AI score0.02918EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/05 4:40 p.m.•7 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-47535)

Summary There is potentially a denial of service in Netty used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous...

5.5CVSS6.6AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/05 4:17 p.m.•15 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to backtracking (CVE-2024-52798)

Summary There is a vulnerability in path-to-regexp used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a...

8.7CVSS6.5AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/05 2:15 p.m.•21 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

5.3CVSS5.8AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/05 1:58 p.m.•8 views

Security Bulletin: Due to use of Apache Commons IO, IBM MobileFirst Foundation is vulnerable to Uncontrolled Resource Consumption (CVE-2024-47554)

Summary Apache Commons IO is used by IBM MobileFirst Foundation as part of file handling operations. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively...

4.3CVSS6.7AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/05 1:49 p.m.•18 views

Security Bulletin: Snowflake JDBC driver affects watsonx.data

Summary Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect...

5.9CVSS6.8AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 8:44 p.m.•6 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 5:5 p.m.•30 views

Security Bulletin: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the GUI affect IBM Storage Virtualize products and could allow authentication bypass and arbitrary code execution. The CLI is unaffected. CVE-2025-0159 CVE-2025-0160. Vulnerability Details CVEID:CVE-2025-0160 DESCRIPTION: IBM FlashSystems could allow a remote attacker...

9.8CVSS8.6AI score0.00796EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 2:45 p.m.•14 views

Security Bulletin: Vulnerability in logback affects IBM Storage Insights

Summary logback is vulnerable to forging requests, arbitrary code execution, These vulnerabilities affect IBM Storage Insights. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 ...

5.9CVSS7.2AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 2:26 p.m.•20 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2024-4741, CVE-2024-2511, CVE-2024-5535, CVE-2024-4603, CVE-2024-6119 Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute...

9.1CVSS8.2AI score0.66594EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 2:25 p.m.•12 views

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2023-52426 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-52426 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an XML entity expansion flaw if XMLDT...

5.5CVSS6.3AI score0.00373EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35665