Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 2:25 p.m.•18 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2024-7264, CVE-2024-9681 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an...

6.5CVSS6.8AI score0.16212EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 11:48 a.m.•10 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...

9.8CVSS7.9AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 9:58 a.m.•32 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.5.0 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.3.2 or...

5.3CVSS4.3AI score0.01157EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 9:55 a.m.•28 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for February 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF001 and IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management...

7.5CVSS8.7AI score0.01157EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 9:52 a.m.•23 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard.

Summary There are multiple vulnerabilities in the Java SE version that is shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot...

5.3CVSS4.6AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 9:51 a.m.•18 views

Security Bulletin: Security vulnerabilities in Java SE shipped with  IBM CICS TX Advanced.

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult...

5.3CVSS4.6AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 9:4 a.m.•20 views

Security Bulletin: Vulnerability in Flask affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2023-30861]

Summary The Flask package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by...

7.5CVSS6.1AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/04 5:22 a.m.•16 views

Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.

Summary go-git is used by IBM Instana Observability CVE-2025-21613, CVE-2025-21614 Vulnerability Details CVEID:CVE-2025-21613 DESCRIPTION: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to...

9.8CVSS8.5AI score0.0124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 8:28 p.m.•17 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated Vulnerability Details CVEID:CVE-2024-45086 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML external...

5.5CVSS6.3AI score0.0044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 5:30 p.m.•18 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-40094

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow Process Federation Server and User Management Service. IBM WebSphere Application Server Liberty is also the foundation of many images in IBM Business Automation Workflow on Containers. I...

5.3CVSS6.7AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 5:21 p.m.•20 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary IBM Event Processing was affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop...

9.8CVSS4.8AI score0.03884EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 5:20 p.m.•8 views

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2024-7254

Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty, too. A security vulnerability has been reported for...

8.7CVSS6.7AI score0.02772EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 4:46 p.m.•15 views

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service...

8.7CVSS7.6AI score0.01966EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 4:41 p.m.•19 views

Security Bulletin: There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service (CVE-2021-23926)

Summary There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service CVE-2021-23926 Vulnerability Details CVEID:CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML...

9.1CVSS6.7AI score0.06215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 2:36 p.m.•58 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-9169 DESCRIPTION: GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buff...

10CVSS9.7AI score0.95764EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 1:35 p.m.•10 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message (CVE-2024-39725)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message CVE-2024-39725. Vulnerability Details CVEID:CVE-2024-39725 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacke...

5.3CVSS5.3AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 1:31 p.m.•7 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...

7.5CVSS6.7AI score0.00442EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 1:29 p.m.•15 views

Security Bulletin: Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services (CVE-2023-20863)

Summary Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services CVE-2023-20863 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially...

6.5CVSS6.1AI score0.01122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 1:24 p.m.•8 views

Security Bulletin: Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services [CVE-2022-46337]

Summary Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services CVE-2022-46337 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in...

9.8CVSS6.4AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 1:24 p.m.•10 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server affect IBM Cloud Pak System [CVE-2024-26026]

Summary Vulnerability in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...

9.8CVSS6.7AI score0.07163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 11:20 a.m.•13 views

Security Bulletin: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass affects watsonx.data

Summary Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate...

9.1CVSS6.7AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 11:19 a.m.•23 views

Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data

Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from...

9.8CVSS7.2AI score0.08856EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 10:4 a.m.•17 views

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow Advanced - CVE-2024-54179

Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-54179 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript co...

5.4CVSS6.2AI score0.00266EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/03 9:44 a.m.•23 views

Security Bulletin: Multiple Vulnerabilities in IBM Events Operator

Summary Multiple vulnerabilities were addressed in IBM Events Operator version 5.1.0 Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By...

7.5CVSS7.5AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/02 12:47 p.m.•16 views

Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-25577, CVE-2023-23934]

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-25577, CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by ...

7.5CVSS6.9AI score0.0142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/02 2:2 a.m.•26 views

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a debug protection vulnerability has been addressed. Please refer to the table in the...

9.1CVSS7.4AI score0.00617EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/03/02 1:55 a.m.•15 views

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a vulnerability related to Source Code Obfuscation has been addressed. Please refer to...

9.1CVSS7.2AI score0.00617EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/28 3:44 p.m.•10 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Xml Entity Injection (CVE-2024-39726)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Xml Entity Injection CVE-2024-39726. Vulnerability Details CVEID:CVE-2024-39726 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection...

8.2CVSS7AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/28 3:15 p.m.•32 views

Security Bulletin: ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager (FNCM) Content Search Services (CSS)

Summary ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By...

7.5CVSS7.8AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/28 10:6 a.m.•13 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By...

7.5CVSS7.2AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/28 10:3 a.m.•23 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

7.4CVSS6.3AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/28 9:11 a.m.•24 views

Security Bulletin: Multiple security vulnerabilities in Cloud Pak foundational services are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001

Summary IBM Cloud Pak for Business Automation 24.0.1-IF001 updates the version of IBM Cloud Pak foundational services to address multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper...

8.8CVSS8.4AI score0.66594EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/28 7:34 a.m.•15 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to golang.org/x/net/html, libxml2 and openssl

Summary golang.org/x/net/html, libxml2, openssl, IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service by crafting an input to the Parse functions, and providing weaker than expected security which might allow an attacker to access potentially...

8.8CVSS8.2AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 10:33 p.m.•57 views

Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...

10CVSS9.9AI score0.97655EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 9:49 p.m.•39 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated...

5.3CVSS4.9AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 9:9 p.m.•24 views

Security Bulletin: IBM MQ Console is affected by a command injection vulnerability (CVE-2025-0975)

Summary IBM MQ has addressed a command injection vulnerability in the MQ Console Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper Neutralization of...

8.8CVSS6.8AI score0.00621EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:59 p.m.•11 views

Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2025-23225)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. CWE:CWE-230: Improper Handling of Missin...

6.5CVSS6.2AI score0.00408EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:54 p.m.•21 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-54173)

Summary IBM MQ Console has addressed a password disclosure vulnerability Vulnerability Details CVEID:CVE-2024-54173 DESCRIPTION: IBM MQ reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. CWE:CWE-1323: Improper Management o...

4.7CVSS5.6AI score0.00119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:39 p.m.•22 views

Security Bulletin: IBM MQ affected by denial of service vulnerability (CVE-2024-54175)

Summary IBM MQ has addressed a denial of service vulnerability Vulnerability Details CVEID:CVE-2024-54175 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. CWE:CWE-754: Improper Check for Unusual or Exceptiona...

5.5CVSS6.1AI score0.00133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:38 p.m.•24 views

Security Bulletin: IBM MQ Appliance Console is affected by code injection vulnerability (CVE-2025-0975)

Summary IBM MQ Appliance has addressed a code injection vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper...

8.8CVSS6.9AI score0.00621EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:38 p.m.•29 views

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2024-10197, CVE-2024-21208 and CVE-2024-21217)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

5.3CVSS4.8AI score0.01157EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:38 p.m.•14 views

Security Bulletin: IBM MQ Appliance is affected by Linux kernel vulnerabilities (CVE-2024-53088 and CVE-2024-53122)

Summary IBM MQ Appliance has addressed Linux kernel vulnerabilities. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e...

5.5CVSS6.9AI score0.00199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:38 p.m.•13 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2025-23225)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. CWE:CWE-230: Improper Handling...

6.5CVSS6.5AI score0.00408EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:38 p.m.•15 views

Security Bulletin: IBM MQ Appliance affected by a denial of service vulnerability (CVE-2024-54175)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-54175 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. CWE:CWE-754: Improper Check for Unusual or...

5.5CVSS6.4AI score0.00133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 8:38 p.m.•19 views

Security Bulletin: IBM MQ Appliance Console is affected by a sensitive information disclosure vulnerability (CVE-2024-54173)

Summary IBM MQ Appliance has addressed a sensitive information disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-54173 DESCRIPTION: IBM MQ reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enable...

4.7CVSS5.7AI score0.00119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 7:51 p.m.•23 views

Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software

Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Cross-Site Scripting XSS Vulnerability: Addressed an issue that could allow an attacker to inject malicious...

9.3CVSS9.2AI score0.06307EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 5:35 p.m.•17 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go [CVE-2024-45337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go, caused by misuse of ServerConfig.PublicKeyCallback in x/crypto/ssh CVE-2024-45337. Golang Go is used by our Speech Utilities. This vulnerabilitiy has been addressed. Please read the details f...

9.1CVSS6.8AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 5:29 p.m.•22 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in golang-jwt [CVE-2024-51744]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in golang-jwt, caused by improper error handling in ParseWithClaims CVE-2024-51744. Golang-jwt is used in our Watson Speech Utilities. This vulnerabilitiy has been addressed. Please read the details for...

3.1CVSS6AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 5:23 p.m.•37 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in PostgreSQL [CVE-2023-39418]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in PostgreSQL, caused by failing to enforce UPDATE or SELECT row security policies in MERGE command CVE-2023-39418. PostgreSQL is used in our Watson Speech Utilities. This vulnerabilitiy has been addresse...

4.3CVSS6.3AI score0.00956EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/27 5:20 p.m.•19 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git [CVE-2025-21614]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git, due to a weakness in Git server allowing crafted responses which may cause resource exhaustion CVE-2025-21614. Go-Git is used in our watson-speech-catalog images. This vulnerabilitiy has been addressed...

7.5CVSS6.4AI score0.00696EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35665