Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 5:52 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201

Summary IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

8.8CVSS9.4AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/25 5:52 a.m.•10 views

Security Bulletin:IBM Maximo Application Suite - IoT Component uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2024-47535

Summary IBM Maximo Application Suite - IoT Component uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2024-47535 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous...

5.5CVSS6.3AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/24 11:40 p.m.•18 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and unauthorized data access attacks due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for Unix in product configuration and management. IBM Sterling Connect:Direct for Unix is impacted by denial of service and unauthorized data access attacks due to IBM Java 8. IBM Sterling Connect:Direct for Unix has upgraded IBM Java 8 to...

5.3CVSS5.6AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/24 11:37 p.m.•21 views

Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, SQL injection, and others. The vulnerabilities have been addressed. CVE-2023-52425, CVE-2024-53908, CVE-2024-53907, CVE-2023-52426, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2024-21626,...

9.8CVSS9.2AI score0.18087EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/22 8:6 p.m.•28 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and arbitrary code execution attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for Unix in product configuration and management. IBM Sterling Connect:Direct for Unix is impacted by denial of service and arbitrary code execution attacks due to IBM Java 17. IBM Sterling Connect:Direct for Unix has upgraded IBM Java 17...

5.3CVSS6.1AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/22 2:32 p.m.•7 views

Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].

Summary IBM i is vulnerable to a user with the capability to compile or restore a program to gain elevated priviliges due to an unqualified library call as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

8.5CVSS8.5AI score0.00412EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/21 11:4 p.m.•29 views

Security Bulletin: This Power System update is being released to address CVE-2023-52881

Summary This affects the BMC's network transmission control protocol TCP interface which affects aspects of interfaces that use TCP including the BMC's secure shell SSH, HTTPS interfaces including the BMC's webserver, REST APIs, and ASMi web application, and event and subscriptions services. An...

5.5CVSS6.4AI score0.00227EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/21 8:18 p.m.•12 views

Security Bulletin: Vulnerability in IBM Cloud Pak for Multicloud Management

Summary A vulnerability in IBM Cloud Pak for Multicloud Management has been delivered in a HotFix for 2.3 FP9 Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...

9.8CVSS9.9AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 6:9 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java CVE-2024-40094

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java CVE-2024-40094. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

5.3CVSS6.6AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 6:8 a.m.•12 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-52304 (Low) detected in aiohttp-3.9.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-52304

Summary IBM Maximo Application Suite Predict Component uses CVE-2024-52304 Low detected in aiohttp-3.9.2-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-52304. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.4AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 6:2 a.m.•13 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798, CVE-2024-12801

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798, CVE-2024-12801. This bulletin contains information regarding the vulnerability and its fixture...

5.9CVSS7AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 6:1 a.m.•17 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl Publicly disclosed vulnerability found by Mend CVE-2024-47874. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.7CVSS6.3AI score0.00658EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 6:0 a.m.•18 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...

5.9CVSS6.9AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 6:0 a.m.•24 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52798 path-to-regexp-0.1.10.tgz (Publicly disclosed vulnerability found by Mend) CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52798 path-to-regexp-0.1.10.tgz Publicly disclosed vulnerability found by Mend CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.7CVSS6.2AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 5:59 a.m.•23 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-56337

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar Publicly disclosed vulnerability found by Mend CVE-2024-56337. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

9.8CVSS6.8AI score0.08856EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 5:58 a.m.•17 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38827...

4.8CVSS6.4AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 5:58 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-53981 python_multipart-0.0.17-py3-none-any.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-53981

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-53981 pythonmultipart-0.0.17-py3-none-any.whl Publicly disclosed vulnerability found by Mend CVE-2024-53981. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

7.5CVSS6.4AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/20 3:40 a.m.•20 views

Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions

Summary bash, curl are used by Execution Engine for Apache Hadoop in all the components. CVE-2022-3715, CVE-2022-32221, CVE-2022-32207, CVE-2023-38545, CVE-2022-22576, CVE-2022-27781, CVE-2021-22926, CVE-2021-22946, CVE-2022-27782, CVE-2023-28319, CVE-2022-32206, CVE-2021-22922, CVE-2023-23916,...

9.8CVSS10AI score0.78483EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/19 4:0 p.m.•24 views

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Apache Mina SSHD package (CVE-2023-48795)

Summary The Apache Mina SSHD package is used by the z/TPF system as part of the z/TPF secure file transfer support. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS7.5AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/19 3:55 p.m.•11 views

Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability

Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-13176. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computatio...

4.1CVSS6AI score0.00601EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/19 10:54 a.m.•21 views

Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause denial of service. CVE-2023-52881. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we nev...

5.5CVSS7AI score0.00227EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/19 10:44 a.m.•15 views

Security Bulletin: Vulnerability in python-dns affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in python-dns affects IBM Storage Virtualize products and could cause denial of service. CVE-2023-29483. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service, caused by a flaw in stub resolver when a bad-in-some-way respons...

7CVSS7.1AI score0.01857EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/19 10:41 a.m.•24 views

Security Bulletin: Vulnerabilities in bind affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in bind affect IBM Storage Virtualize products and could cause denial of service. CVE-2024-1737 CVE-2024-1975. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in...

7.5CVSS7.8AI score0.02114EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/19 10:31 a.m.•20 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka nodes are vulnerable to privilege escalation [CVE-2024-31141]

Summary The Apache Kafka client is used by IBM App Connect Enterprise Certified Container for the Kafka client nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run toolkit flows containing Kafka nodes are vulnerable to privilege...

6.5CVSS6AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 7:33 p.m.•12 views

Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Directory (CVE-2024-45650)

Summary A Security Vulnerability was addressed in IBM Security Verify Directory. Vulnerability Details CVEID:CVE-2024-45650 DESCRIPTION: IBM Security Verify Directory 10.0 is vulnerable to a denial of service when sending an LDAP extended operation. CWE:CWE-754: Improper Check for Unusual or...

7.5CVSS7.5AI score0.00386EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 7:32 p.m.•20 views

Security Bulletin: A Security Vulnerability discovered in IBM Security Verify Directory (CVE-2022-2068) has been addressed.

Summary A Security Vulnerability discovered in IBM Security Verify Directory Server containers has been addressed Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplie...

10CVSS9.8AI score0.95764EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 11:49 a.m.•15 views

Security Bulletin: Vulnerability in openssl library (CVE-2024-5535) affects Power HMC.

Summary The openssl library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-5535 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the SSLselectnextproto API function when...

9.1CVSS7.1AI score0.05582EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 11:49 a.m.•11 views

Security Bulletin: Vulnerability in bzip library (CVE-2019-12900) affects Power HMC.

Summary The bzip library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: bzip2 is vulnerable to a denial of service, caused by an out-of-bounds write flaw when there are many selectors in the...

9.8CVSS6.7AI score0.08042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 11:43 a.m.•20 views

Security Bulletin: Vulnerability in expact library (CVE-2024-50602) affects Power HMC.

Summary The expat library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-50602 DESCRIPTION: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser ca...

5.9CVSS6.7AI score0.0104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 11:41 a.m.•22 views

Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-52317) affects Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52317 DESCRIPTION: Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response...

6.5CVSS6.7AI score0.02008EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 11:38 a.m.•15 views

Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-52318) affects Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52318 DESCRIPTION: Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31,...

6.1CVSS6.6AI score0.01676EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 11:34 a.m.•36 views

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-21217, CVE-2024-21208, CVE-2024-10917) affect Power HMC.

Summary The IBM Java SDK library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker...

5.3CVSS5.9AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/18 8:47 a.m.•18 views

Security Bulletin: IBM Db2 used by IBM Security Verify Governance - Container has multiple vulnerabilities

Summary IBM Security Verify Governance ISVG - Container uses IBM Db2. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS6.9AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/17 9:56 p.m.•9 views

Security Bulletin: R statistical programming language - deserialization of untrusted leading to arbitrary code execution

Summary Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system when...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/17 3:42 p.m.•30 views

Security Bulletin: Multiple Vulnerabilities affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability ...

5.3CVSS7.5AI score0.05966EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/17 3:16 p.m.•34 views

Security Bulletin: Security vulnerability found in package openssl shipped with IBM CICS TX Advanced.

Summary Security vulnerability found in package openssl shipped with IBM CICS TX Advanced. The versions of the packages have been updated. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-fr...

9.1CVSS8.6AI score0.54026EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/15 9:54 a.m.•31 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2024-52798

Summary path-to-regexp-0.1.10.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to...

8.7CVSS7.4AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/14 6:34 a.m.•9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl (CVE-2024-56326, CVE-2024-56201)

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56326, CVE-2024-56201. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible...

8.8CVSS7.1AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/14 5:58 a.m.•20 views

Security Bulletin: IBM Operational Decision Manager for Jan 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-51504...

9.1CVSS7.9AI score0.01726EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/13 3:10 p.m.•33 views

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI. The Command Line Interface is unaffected. CVE-2024-21235 CVE-2024-21217 CVE-2024-21210 CVE-2024-21208 CVE-2024-10917 . Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION:...

5.3CVSS4.5AI score0.01157EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/13 2:44 p.m.•17 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-40094, CVE-2024-7254, CVE-2023-50314 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

8.7CVSS6.8AI score0.02772EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/13 10:18 a.m.•25 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high...

7.4CVSS6.1AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/13 10:16 a.m.•13 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

7.4CVSS6.1AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/13 9:52 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to virtualenv-20.17.1-py3-none-any.whl CVE-2024-53899

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to virtualenv-20.17.1-py3-none-any.whl CVE-2024-53899. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-53899 DESCRIPTION: virtualenv before 20.26.6 allows command...

8.4CVSS7.4AI score0.01557EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/13 9:35 a.m.•9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to bootstrap-4.6.2 CVE-2024-6531

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to bootstrap-4.6.2 CVE-2024-6531. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6531 DESCRIPTION: Node.js Bootstrap module is vulnerable to cross-site scripting...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/13 7:14 a.m.•6 views

Security Bulletin: Denial of Service vulnerability in jackson-core may affect IBM Business Automation Workflow - IBM X-Force ID: 220938

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 220938 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by an out of memory error when writing big decimal when the WRITEBIGDECIMALASPLAIN...

7AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/12 12:49 p.m.•22 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution [CVE-2024-21534]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON configuration. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...

9.8CVSS9.8AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/12 12:29 p.m.•15 views

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2024-52365

Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-52365 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2...

6.4CVSS6AI score0.00215EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/12 2:43 a.m.•24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows...

5.3CVSS6.2AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/11 7:35 p.m.•18 views

Security Bulletin: Older Versions of Statistics Include an R Runtime with a Vulnerability in Zlib

Summary The version of zlib contained in the R language runtime that ships with IBM SPSS Statistics version 29 and lower contains a vulnerability related to a heap-based buffer over-read or buffer overflow in inflate. IBM SPSS Statistics is not directly affected, but is offering an upgrade for th...

7.5CVSS8.1AI score0.51733EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35665