Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS7.2AI score0.01392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools [CVE-2024-6345]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in pypa/setuptools , caused by an error in the packageindex module. CVE-2024-6345. pypa/setuptools is used by our Speech Service runtimes. This vulnerabilitiy has been addressed...

8.8CVSS9.5AI score0.09639EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS is vulnerable to a denial of service due to OpenSSL(CVE-2024-6119)

Summary The DataDirect ODBC driver shipped with IBM App Connect Enterprise and IBM Integration Bus for z/OS is vulnerable to a denial of service due to OpenSSL. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing...

7.5CVSS6.7AI score0.10778EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields. (CVE-2024-40094)

Summary IBM PowerVM Novalink is vulnerable because GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service. By using introspection queries, a remote attacker could exploi...

5.3CVSS7.1AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-3.1.3-py3-none which is vulnerable to CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by...

5.4CVSS6.5AI score0.0123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.38 views

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager ITNCM IP Edition v6.4.2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

5.9CVSS5.7AI score0.00442EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.11 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. (CVE-2024-7254)

Summary IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with...

8.7CVSS6.9AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.(CVE-2024-21147)

Summary IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java ...

7.4CVSS6.9AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: Maximo Application Suite - spring-security-config-6.3.1.jar package is vulnerable to CVE-2024-38810 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses spring-security-config-6.3.1.jar package which is vulnerable to CVE-2024-38810. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38810 DESCRIPTION: VMware Tanzu Spring...

7.5CVSS6.5AI score0.00968EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816

Summary Security Bulletin:IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION:...

7.5CVSS6.1AI score0.9389EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.17 views

Security Bulletin: A vulnerability in Microsoft .NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-38095).

Summary A vulnerability in Microsoft .NET affects IBM Robotic Process Automation and may lead to a denial of service. Microsoft .NET is used as the development framework for IBM Robotic Process Automaion. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerabili...

7.5CVSS6.7AI score0.02007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.15 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45073)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

4.8CVSS6.2AI score0.00241EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33663

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pythonjose-3.3.0-py2.py3-none-any.whl CVE-2024-33663. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote...

6.5CVSS6.6AI score0.00925EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting,...

5.4CVSS6.5AI score0.0123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.12 views

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2024-23444)

Summary IBM Security SOAR uses an older version of ElasticSearch that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.4.0 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-23444 DESCRIPTION:...

7.5CVSS6AI score0.01483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated...

7.5CVSS7.2AI score0.00378EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to CVE-2024-39008

Summary IBM Security QRadar Log Management AQL Plugin is vulnerable to CVE-2024-39008. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2024-39008 DESCRIPTION: robinweser fast-loops could allow a remote attacker to execute arbitrary code on the system, caused b...

10CVSS7.8AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.11 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-22365)

Summary This vulnerablility may affect database access, and DataPower Virtual Edition. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by a flaw in pamnamespace.so. By sending a specially crafted request, a local attacker could exploi...

5.5CVSS6.5AI score0.00085EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33664

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pythonjose-3.3.0-py2.py3-none-any.whl CVE-2024-33664. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial ...

5.3CVSS6.5AI score0.00254EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused ...

7.5CVSS6.7AI score0.00541EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of...

5.3CVSS6.7AI score0.00171EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.11.jar CVE-2024-38819

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.11.jar CVE-2024-38819. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the...

7.5CVSS6.5AI score0.93507EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.19 views

Security Bulletin: A vulnerability in nginx affects IBM Robotic Process Automatin for Cloud Pak and may result in a denial of service (CVE-2024-7347)

Summary A vulnerability in nginx affects IBM Robotic Process Automatin for Cloud Pak and may result in a denial of service. nginx is used by IBM Robotic Process Automation as part of it's container deployment. This bulletin identifies the security fix to apply to address the vulnerability...

5.7CVSS7.2AI score0.00197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM Maximo Application Suite uses body-parser-1.20.2.tgz which is vulnerable to CVE-2024-45590.

Summary IBM Maximo Application Suite uses body-parser-1.20.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of servic...

7.5CVSS6.5AI score0.01535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.21 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to allowing a privileged user to obtain JMS credentials. (CVE-2024-49338).

Summary IBM App Connect Enterprise is vulnerable to allowing a privileged user to obtain JMS credentials. CVE-2024-49338. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-49338 DESCRIPTION: IBM App Connect Enterprise under certain...

4.9CVSS6.2AI score0.00095EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35148 DESCRIPTION: IBM Maximo Application Suite - Monit...

8.8CVSS7.8AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.24 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2024-39338).

Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery. Axios is used by IBM Robotic Process Automation as part of the Carbon UI framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability...

7.5CVSS6.4AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.24 views

Security Bulletin: Maximo Application Suite - braces-3.0.2.tgz package is vulnerable to CVE-2024-4068 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses braces-3.0.2.tgz package which is vulnerable to CVE-2024-4068. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...

7.5CVSS6.4AI score0.00305EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.7CVSS6.9AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.26 views

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection (XXE) attack when processing XML data (CVE-2024-22354).

Summary A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection XXE attack when processing XML data. WebSphere Application Server is used as the application server layer for IBM Robotic Process Automation...

7CVSS6.7AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 10:8 p.m.23 views

Security Bulletin: IBM Asset Data Dictionary Component uses zipp-3.15.0-py3-none-any.whl and urllib3-2.0.7-py3-none-any.whl which is vulnerable to CVE-2024-5569 and CVE-2024-37891

Summary IBM Asset Data Dictionary Component uses zipp-3.15.0-py3-none-any.whl and urllib3-2.0.7-py3-none-any.whl which is vulnerable to CVE-2024-5569 and CVE-2024-37891. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569...

6.5CVSS7AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.15 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2024-40094).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-40094. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

5.3CVSS7AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.22 views

Security Bulletin: A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation and may lead to a denial of service (CVE-2024-7254)

Summary A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation and may lead to a denial of service CVE-2024-7254. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifie...

8.7CVSS7.6AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.14 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to non-integer values mishandles due to nanoid (CVE-2024-55565)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to non-integer value mishandles due to nanoid. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano I...

4.3CVSS6.2AI score0.00107EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.11 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52303

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl Publicly disclosed vulnerability found by Mend CVE-2024-52303. This bulletin contains information regarding the vulnerability and its...

8.7CVSS6.5AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.14 views

Security Bulletin: Vulnerability in Elastic Elasticsearch ( CVE-2024-23444) affects IBM Watson CP4D Data Stores

Summary A potential information disclosure vulnerability CVE-2024-23444 has been identified related to Elastic Elasticsearch that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23444...

7.5CVSS6AI score0.01483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.22 views

Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-53677)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI WebGUI as part of its web client component. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...

9.8CVSS7.1AI score0.93161EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.13 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Protocol Buffers protobuf-go denial of service vulnerabilitiy( CVE-2024-24786)

Summary A potential denial of service vulnerability CVE-2024-24786 has been identified related to Protocol Buffers protobuf-go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24786...

7.5CVSS6.9AI score0.00393EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.12 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45086)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

5.5CVSS6.9AI score0.00038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.18 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 (Medium) detected in netty-common-4.1.114.Final.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-47535

Summary ISecurity Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 Medium detected in netty-common-4.1.114.Final.jar Publicly disclosed vulnerability found by Mend CVE-2024-47535. This bulletin contains information regarding the vulnerability and its fixture...

5.5CVSS6.2AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.14 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy( CVE-2024-34158)

Summary A potential Golang Go denial of service vulnerability CVE-2024-34158 has been identified that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34158 DESCRIPTION: Golang Go is...

7.5CVSS7AI score0.00163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.15 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-40094).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-40094. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

5.3CVSS7AI score0.1753EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.16 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary There is a vulnerability in the Google Protocol Buffers protobuf library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in...

8.7CVSS6.4AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.14 views

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

7.5CVSS7.1AI score0.69905EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.11 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-47764)

Summary IBM Security SOAR uses an older version of the jshttp cookie UI component that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.4.1 or later of IBM Security SOAR. Vulnerability Details...

6.9CVSS6.9AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.14 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-34155).

Summary A potential denial of service vulnerabilityCVE-2024-34155 has been identified related to Golang Go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34155 DESCRIPTION: Golang ...

4.3CVSS7.1AI score0.00081EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.14 views

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2024-21208, CVE-2024-27267)

Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2024-27267 DESCRIPTION: The Object Request Broker ORB in IBM SDK, Java Technology Edition 7.1.0.0 through...

5.9CVSS6AI score0.00054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypassing security restrictions [CVE-2024-47764]

Summary Node.js module cookie is used by IBM App Connect Enterprise Certified Container for parsing HTTP cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability ...

6.9CVSS6.8AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.11 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-5206 (Medium) detected in scikit_learn-1.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206

Summary IBM Maximo Application Suite Predict Component uses CVE-2024-5206 Medium detected in scikitlearn-1.1.3-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

4.7CVSS5.9AI score0.00037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.15 views

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

5.3CVSS6.7AI score0.1753EPSS
Exploits2Affected Software1
Total number of security vulnerabilities35059