Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•26 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-35145. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35145...

7.5CVSS6.8AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•10 views

Security Bulletin: A vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-45073)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a stored cross-site scripting vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

4.8CVSS5.6AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service,...

7.5CVSS6.4AI score0.00305EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•28 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated...

6.5CVSS6.3AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused ...

6.2CVSS6.2AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated...

6.5CVSS6.2AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•21 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMwa...

9.1CVSS6.4AI score0.1309EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS7.9AI score0.00326EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•11 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-45073)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

4.8CVSS5.6AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

7.5CVSS7.5AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp (CVE-2024-45296).

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial...

7.5CVSS7.4AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: A vulnerability in react affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45296).

Summary A vulnerability in React affects IBM Robotic Process Automation and may result in a denial of service. React is used by IBM Robotic Process Automation as part of it's UI Framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details...

7.5CVSS7.1AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: This Power System update is being released to address CVE-2024-41007

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-41007, by upgrading PowerVM and thus addressing the exposure ...

3.3CVSS6.4AI score0.0002EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•11 views

Security Bulletin: Vulnerability in Certifi python-certifi ( CVE-2024-39689) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability CVE-2024-39689 has been identified related to Certifi python-certifi that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-39689...

7.5CVSS6.3AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•40 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Tomcat (CVE-2024-50379)

Summary IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Tomcat Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems...

9.8CVSS6.7AI score0.84587EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•45 views

Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...

9.1CVSS6.7AI score0.93858EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service vulnerability in gRPC on Node.js [CVE-2024-37168]

Summary Potential denial of service vulnerability in gRPC on Node.js CVE-2024-37168 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3716...

5.3CVSS6.5AI score0.00283EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•12 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in GNU Emacs [CVE-2024-39331]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in GNU Emacs, caused by a code injection flaw in org-link-expand-abbrev in lisp/ol.el CVE-2024-39331. GNU Emacs is used by our Speech Service runtimes. This vulnerabilitiy has been...

9.8CVSS7.8AI score0.00379EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•31 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-38808,CVE-2024-38809).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-38808,CVE-2024-38809. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service,...

5.3CVSS7AI score0.00809EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•21 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-21131, CVE-2024-21144 and CVE-2024-21145)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Versions 11 and 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An...

4.8CVSS6.6AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. ( CVE-2024-47554)

Summary IBM PowerVM Novalink is vulnerable because Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this...

4.3CVSS7AI score0.00127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Ruby REXML denial of service vulnerability [ CVE-2024-35176]

Summary Potential Ruby REXML denial of service vulnerability CVE-2024-35176 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-35176...

5.3CVSS5.8AI score0.08428EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•29 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy Proxy Envoy denial of service vulnerabilitiy.(CVEID: CVE-2024-27919)

Summary PotentialEnvoy Proxy Envoy denial of service vulnerabilitiy.CVEID: CVE-2024-27919 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27919 DESCRIPTION:...

7.5CVSS6.8AI score0.23884EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM Master Data Management is vulnerable to stored cross-site scripting from vulnerability found in IBM WebSphere Application Server (CVE-2024-45073)

Summary IBM Master Data Management Server 11.6, 12.0, and 14.0 are vulnerable from IBM WebSphere Application Server with vulnerability in stored cross-site scripting. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged...

4.8CVSS6AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

5.5CVSS5.7AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•26 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System [CVE-2023-50312, CVE-2024-22329]

Summary Vulnerability in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

6.5CVSS6.6AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: Multiple Vulnerabilities in docker affect Cloud Pak System[CVE-2024-24557, CVE-2024-29018]

Summary Vulnerabilities in Open Source docker affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending a specially crafted request, a remot...

7.8CVSS6.3AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•30 views

Security Bulletin: IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863

Summary IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863. This bulletin contains information regarding the vulnerability and its...

9.8CVSS9.1AI score0.69905EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•21 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to XMLUnit for Java arbitrary code execution vulnerability [CVE-2024-31573]

Summary Potential XMLUnit for Java arbitrary code execution vulnerability CVE-2024-31573 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

4CVSS8AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in OpenSSL [CVE-2024-6119]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in OpenSSL, caused by an error when performing certificate name checks CVE-2024-6119. OpenSSL is used in our Speech Service runtimes and Speech Microservices. This vulnerabilitiy has been...

7.5CVSS6.6AI score0.10778EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•27 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Express.js Express open redirect vulnerability [ CVE-2024-29041]

Summary Potential open redirect vulnerability in Express.js Express CVE-2024-29041 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-29041...

6.1CVSS6.7AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses idna-2.8-py2.py3-none-any.whl which is vulnerable to CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encod...

7.5CVSS6.4AI score0.00675EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•7 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45086, CVE-2024-45087)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

5.5CVSS6.5AI score0.00353EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•9 views

Security Bulletin: A vulnerability in IBM Robotic Process Automation may result in privilege escalation (CVE-2024-49824).

Summary IBM Robotic Process Automation could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. This bulletin identifies the fixes required to address the vulnerability. Vulnerability Details...

6.5CVSS7AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7.5CVSS7.2AI score0.00149EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•26 views

Security Bulletin: Vulnerability in libxml2 (CVE-2024-25062) affects Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...

7.5CVSS6.7AI score0.00165EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•33 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

8.1CVSS6.7AI score0.89144EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•12 views

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities (CVE-2024-45099, CVE-2024-45642)

Summary IBM Security ReaQta is vulnerable to exposing sensitive information and also vulnerable to cross-site scripting. These vulnerabilities have been addressed in the latest update. Vulnerability Details CVEID:CVE-2024-45099 DESCRIPTION: IBM Security ReaQta is vulnerable to cross-site scriptin...

5.3CVSS6.2AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-36020)

Summary IBM MQ Appliance has addressed a kernel denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-36020 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the Ethernet Controller XL710 family driver. A remote authenticated attacker...

5.5CVSS6.8AI score0.00013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service vulnerability in Node.js ws module [ CVE-2024-37890]

Summary Potential denial of service vulnerability in Node.js ws module CVE-2024-37890 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS7.5AI score0.00541EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js braces module denial of service vulnerability [ CVE-2024-4068]

Summary Potential Node.js braces module denial of service vulnerability CVE-2024-4068 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40...

7.5CVSS7.4AI score0.00305EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-45073

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.8CVSS5.8AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•60 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-40898, CVE-2024-40725]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-40898, CVE-2024-40725 Vulnerability Details Refer to the security bulletins listed in the...

9.1CVSS6.5AI score0.25097EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

7.5CVSS7.5AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•10 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45087)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

4.8CVSS7.5AI score0.00353EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: IBM Storage Protect Server is susceptible to multiple vulnerabilities due to Golang Go ( CVE-2024-24787, CVE-2024-24788 ).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-24787 DESCRIPTION: Golang Go could allo...

6.4CVSS8.6AI score0.03204EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin: IBM Security QRadar EDR Software contains a vulnerability (CVE-2024-6345)

Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework libraries that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attack...

8.8CVSS7.3AI score0.09639EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp i...

7.5CVSS6.7AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: A vulnerability in the IBM Robotic Process Automation windows installer could result in privilege escalation (CVE-2024-51448).

Summary IBM Robotic Process Automation could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server...

6.7CVSS7.1AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: Vulnerability in nghttp2 (CVE-2024-28182) affects Power HMC.

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0...

5.3CVSS6.7AI score0.24971EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35059