Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:49 p.m.•11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Pydantic

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Pydantic. Vulnerability Details CVEID:CVE-2024-3772 DESCRIPTION: Regular expression denial of service in Pydanic 2.4.0, 1.10.13 allows remote attackers to cause denial of service via a crafted email string. CWE:CWE-1333:...

7.5CVSS5.5AI score0.00949EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:49 p.m.•6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of ssh: Prefix truncation attack on Binary Packet Protocol BPP Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products...

5.9CVSS6.7AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:47 p.m.•7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability Requests

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Psf Requests Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation vulnerability...

5.6CVSS5.5AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:47 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a...

4.8CVSS5AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:47 p.m.•10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Async

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Async Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By sending a...

7.5CVSS6.6AI score0.00812EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:46 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in JWT

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky...

6.8CVSS6.4AI score0.00776EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:46 p.m.•17 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic module Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by a flaw with BER-encoded signatures are allowed. By...

9.1CVSS6AI score0.00617EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:46 p.m.•11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial of service, caused by a flaw in the decode function. By sending a specially crafted JSON Web Encryption JWE token...

5.3CVSS5.3AI score0.00783EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:46 p.m.•8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in source-map-support

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of source-map-support. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function. CWE:CWE-22: Improper...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:46 p.m.•11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic. Vulnerability Details CVEID:CVE-2024-48949 DESCRIPTION: The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg"...

9.1CVSS9.1AI score0.00507EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:46 p.m.•11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending...

7.5CVSS6.6AI score0.01009EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:45 p.m.•14 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in fast-xml-parser

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of fast-xml-parser. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

7.5CVSS7.4AI score0.00828EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:45 p.m.•28 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moment

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moment. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker...

7.5CVSS6.7AI score0.04923EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:44 p.m.•12 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Protocol Buffers protobuf-go

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Protocol Buffers protobuf-go. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function wh...

7.5CVSS7.6AI score0.01262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:44 p.m.•10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in pypa/setuptools

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of pypa/setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. By persuading a...

8.8CVSS9AI score0.01939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:44 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Bouncy Castle Crypto Package For Java

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Bouncy Castle Crypto Package For Java Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importin...

7.5CVSS7.5AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:44 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...

6.5CVSS6.6AI score0.00307EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:44 p.m.•18 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in HTTP/2 protocol

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of HTTP/2 protocol Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...

7.5CVSS7.3AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:43 p.m.•14 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Gunicorn

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Gunicorn Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...

7.5CVSS7.5AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:43 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Joda.org Joda-Time

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Joda.org Joda-Time Vulnerability Details CVEID:CVE-2024-23080 DESCRIPTION: Joda.org Joda-Time is vulnerable to a denial of service, caused by a NullPointerException flaw in the...

9.1CVSS6.7AI score0.00986EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:43 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Socket.IO

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Socket.IO Vulnerability Details CVEID:CVE-2024-38355 DESCRIPTION: Socket.IO is vulnerable to a denial of service. By sending a specially crafted Socket.IO packet, a remote attacker could exploit this vulnerability to trigg...

7.3CVSS9.1AI score0.0069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:43 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Node.js jose module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Node.js jose module Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a specially crafted reques...

5.9CVSS5.3AI score0.02085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:42 p.m.•7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Certifi python-certifi

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Certifi python-certifi Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS...

7.5CVSS7.4AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:42 p.m.•11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aio-libs aiohttp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aio-libs aiohttp Vulnerability Details CVEID:CVE-2024-30251 DESCRIPTION: aio-libs aiohttp is vulnerable to a denial of service, caused by an infinite loop flaw. By sending specially crafted POST requests, a remote attacker...

7.5CVSS7.5AI score0.01085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:42 p.m.•9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in tqdm

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of tqdm Vulnerability Details CVEID:CVE-2024-34062 DESCRIPTION: tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially crafted...

4.8CVSS5.6AI score0.00432EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:42 p.m.•14 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Natural Language Toolkit (NLTK)

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Natural Language Toolkit NLTK Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted...

9.8CVSS9.8AI score0.01346EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:41 p.m.•19 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Moby

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Moby. Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine,...

9.9CVSS9.5AI score0.16496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:41 p.m.•18 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in medikoo es5-ext

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of medikoo es5-ext. Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or...

5.5CVSS6.2AI score0.00535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 6:40 p.m.•15 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...

9.8CVSS9.8AI score0.01422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 4:22 p.m.•40 views

Security Bulletin: There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms (CVE-2023-22045 and CVE-2023-22049).

Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms CVE-2023-22045 and CVE-2023-22049. An update to CICS Transaction Gateway for Multiplatforms has been released to address these vulnerabilities...

3.7CVSS5.8AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 3:47 p.m.•17 views

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could allow arbitrary code execution or denial of service. CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-5178 CVE-2023-45871 . Vulnerability Details CVEID:CVE-2023-6356 DESCRIPTION: Linux Kernel is...

8.8CVSS8.7AI score0.09141EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 3:47 p.m.•35 views

Security Bulletin: Vulnerabilities in bind and dnsmasq affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in bind and dnsmasq affect IBM Storage Virtualize products and could denial of service. CVE-2022-2795 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 CVE-2023-4408 CVE-2023-5517 CVE-5679 CVE-2023-6516 CVE-2023-50387 CVE-2023-50868 . Vulnerability Details CVEID:CVE-2022-2795...

7.5CVSS8.2AI score0.99995EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 3:42 p.m.•12 views

Security Bulletin: Vulnerability in nghttp2 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in nghttp2 affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-28182. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to versio...

5.3CVSS5.5AI score0.8496EPSS
Exploits1Affected Software8
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 3:36 p.m.•16 views

Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause side-channel leakage. CVE-2023-6240. Vulnerability Details CVEID:CVE-2023-6240 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a Marvin...

6.5CVSS6.6AI score0.00969EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 3:35 p.m.•3 views

Security Bulletin: Vulnerability in python3 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". Due to this issue, it is possible that values will not be returned in accordance with the latest information...

7.5CVSS7.6AI score0.01034EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 12:39 p.m.•9 views

Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-32681]

Summary The requests package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-32681 Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking...

6.1CVSS6.2AI score0.02782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 12:19 p.m.•14 views

Security Bulletin: Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms

Summary Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms. The Apache Derby package version has been updated. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security...

9.8CVSS9.4AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 11:49 a.m.•15 views

Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-43804]

Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-43804 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information,...

8.1CVSS7.9AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 11:8 a.m.•5 views

Security Bulletin: Vulnerability in idna affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-3651]

Summary The idna package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-3651. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted...

7.5CVSS7.3AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 10:23 a.m.•11 views

Security Bulletin: Vulnerability in zipp affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-5569]

Summary The zipp package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-5569. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path...

6.2CVSS6.2AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/26 9:23 a.m.•35 views

Security Bulletin: Multiple Vulnerabilities in containers of IBM Workload Scheduler component of IBM Workload Automation

Summary Multiple vulnerabilities, that impacts containers only, were addressed in IBM Workload Scheduler component of IBM Workload Automation 10.1.0.5 and 10.2.3 Vulnerability Details CVEID:CVE-2022-48564 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the readints...

8.1CVSS9.4AI score0.8833EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 8:34 p.m.•34 views

Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328)

Summary There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure. Vulnerability Details CVEID:CVE-2024-22328 DESCRIPTION: IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to travers...

7.5CVSS7.6AI score0.00843EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 6:9 p.m.•19 views

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw ...

7.5CVSS5.8AI score0.00946EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 6:7 p.m.•30 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.00946EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 5:5 p.m.•20 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management due to Apache Kafka Client(CVE-2024-31141)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management, allowing external parties access to files or directories due to Apache Kafka Client. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to...

6.5CVSS6.5AI score0.01129EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 4:21 p.m.•18 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Netty (CVE-2024-47535)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.5CVSS5.4AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 4:20 p.m.•18 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Netty (CVE-2024-47535)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.5CVSS6.5AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 1:3 p.m.•12 views

Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1135]

Summary The gunicorn package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...

7.5CVSS5.6AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 9:52 a.m.•8 views

Security Bulletin: IBM JRS (Jazz Reporting Service) uses a web link with untrusted references to an external site.

Summary IBM JRS Jazz Reporting Service uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application produces links to untrusted...

9.8CVSS6.4AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 9:51 a.m.•19 views

Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)

Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...

6.5CVSS6.6AI score0.01129EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35665