Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/11 4:24 p.m.•25 views

Security Bulletin: Vulnerabilities in the jquery-1.10.0.js package affect Data Replication on Cloud Pak for Data

Summary Multiple vulnerabilities in the jquery-1.10.0.js package used in Data Replication on Cloud Pak for Data were addressed. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing option elements from...

6.9CVSS7.5AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/11 4:23 p.m.•19 views

Security Bulletin: InfoSphere Data Replication is affected by Snappy-Java vulnerabilities

Summary InfoSphere Data Replication uses Snappy-Java. This bulletin identifies the steps to take to address the vulnerability in that package. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle...

7.5CVSS7.8AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/11 6:38 a.m.•13 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM Installation Manager shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2021-34428, CVE-2022-2047, CVE-2023-36479)

Summary IBM Installation Manager is shipped as a package manager for IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Installation Manager has been published in a security bulletin. Vulnerability Details Refer to the security...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 8:42 p.m.•33 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an authenticated or local authenticated attacker could exploit these vulnerabilities to gain elevated privileges on the system, to cause a denial of service condition, to cause the...

7.8CVSS8.1AI score0.00861EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 8:25 p.m.•27 views

Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable with IBM Semeru Runtime Quarterly CPU - Jan 2024

Summary IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361 and affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

7.5CVSS6.5AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 4:54 p.m.•19 views

Security Bulletin: Vulnerability in Jsonpath-plus affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Jsonpath-plus has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow...

9.8CVSS9.9AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 2:33 p.m.•26 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js...

9.1CVSS9.2AI score0.03273EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 1:2 p.m.•12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial o...

8CVSS8.4AI score0.03397EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 12:59 p.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer...

4.3CVSS4.6AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 12:59 p.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protoco...

8.7CVSS9.2AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 12:59 p.m.•10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...

8.7CVSS7.4AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 12:58 p.m.•16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.5.0.tgz CVE-2024-47764

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.5.0.tgz CVE-2024-47764. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attacker to bypass...

6.9CVSS6AI score0.00749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 12:58 p.m.•13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.7-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.7-cp37-abi3-manylinux228x8664.whl CVE-2024-6119. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a...

7.5CVSS7.5AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 12:58 p.m.•14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.4.0.tgz CVE-2024-47764

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.4.0.tgz CVE-2024-47764. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attacker to bypass...

6.9CVSS6.1AI score0.00749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 12:57 p.m.•5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attack...

8.8CVSS7.4AI score0.01939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 10:36 a.m.•24 views

Security Bulletin: Vulnerability in Apache Avro Java SDK affects watsonx.data

Summary Apache Avro Java SDK is vulnerable to a denial of service attack, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK is vulnerable to a denial of service, caused by an unsafe deserialization flaw. By sending specially crafted...

7.5CVSS7.5AI score0.01772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 10:33 a.m.•40 views

Security Bulletin: Vulnerability in Spring Core affect watsonx.data

Summary Spring Core is vulnerable to security restriction bypass attacks, to denial of service attacks, and to arbritrary code excution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-1199 DESCRIPTION: Pivotal Spring Security and Spring Framework could allow a remot...

5.3CVSS9.8AI score0.02857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 10:30 a.m.•21 views

Security Bulletin: Vulnerability in Apache Zookeeper affects watsonx.data

Summary Apache ZooKeeper is vulnerable to a remote attack bypassing security restrictions which could allow the attacker to bypass authentication. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-51504 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass securit...

9.1CVSS9.1AI score0.00924EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 10:26 a.m.•29 views

Security Bulletin: Vulnerability in Pivota Spring Framework affects watsonx.data

Summary Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by...

9.8CVSS9.8AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/10 10:24 a.m.•28 views

Security Bulletin: Vulnerabilities in Spring Web affect watsonx.data

Summary Spring Web is vulnerable to open re-direct attacks, to phishing attacks, to denial of service attack, to elevation of privilege attacks to reflected file download attacks, to security restrictions bypass attacks, to arbitrary code execution attacks, and to security restrictions bypass...

9.8CVSS8.6AI score0.32257EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 7:28 p.m.•20 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to object recycling and reuse vulnerability in Apache Tomcat (CVE-2024-52318)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Vulnerability Details CVEID:CVE-2024-52318 DESCRIPTION: Incorrect object recycling and reuse...

6.1CVSS6.2AI score0.01676EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 6:48 p.m.•26 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for Junuary 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...

9.2CVSS9AI score0.14718EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 6:32 p.m.•24 views

Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2®

Summary IBM has released the following fix for IBM Db2® Warehouse in response to multiple vulnerabilities found in IBM Db2®. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional...

9.8CVSS10AI score0.07059EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 5:12 p.m.•31 views

Security Bulletin: Multiple vulnerabilities in spring packaged with CMIS affect IBM Business Automation Workflow - CVE-2024-22262, CVE-2024-38809

Summary IBM Business Automation Workflow is vulnerable repackages a FileNet Content Manager's CMIS interface, which in turn repackages parts of a version of the Spring framework. Vulnerabilities have been reported for spring. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...

8.1CVSS7.2AI score0.01191EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 4:59 p.m.•9 views

Security Bulletin: XML External Entity Injection vulnerability affect IBM Business Automation Workflow - CVE-2024-28168

Summary IBM Business Automation Workflow is vulnerable to a XML External Entity Injection attack. Vulnerability Details CVEID:CVE-2024-28168 DESCRIPTION: Apache XML Graphics FOP is vulnerable to an XML External Entity Injection XXE attack when processing XML data. By sending specially crafted XML...

7.5CVSS6.6AI score0.01003EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 4:55 p.m.•14 views

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow - CVE-2024-52364

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID:CVE-2024-52364 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2...

5.4CVSS6AI score0.00218EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 4:37 p.m.•14 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-21538

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attack...

8.7CVSS6.3AI score0.00873EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 4:32 p.m.•20 views

Security Bulletin: Denial of Service in Spring vulnerability affect IBM Business Automation Workflow - CVE-2024-38808

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression...

4.3CVSS6.6AI score0.00536EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 4:31 p.m.•19 views

Security Bulletin: Weak authorization IBM Business Automation Workflow - CVE-2024-49348

Summary IBM Business Automation Workflow is vulnerable may return sensitive information in unexpected scenarios. Vulnerability Details CVEID:CVE-2024-49348 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2,...

6.5CVSS6.2AI score0.00247EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 4:27 p.m.•20 views

Security Bulletin: Server Side Request Forgery vulnerability affect IBM Business Automation Workflow - CVE-2024-39338

Summary IBM Business Automation Workflow is vulnerable to a Server Side Request Forgery SSRF attack. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative...

7.5CVSS6.3AI score0.01414EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 4:25 p.m.•18 views

Security Bulletin: Denial of Service vulnerability in Apache Commons IO affects IBM Business Automation Workflow - CVE-2024-47554

Summary IBM Business Automation Workflow packages a vulnerable version of Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the...

4.3CVSS4.8AI score0.01249EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 11:30 a.m.•9 views

Security Bulletin: Vulnerability in protobuf-java affects watsonx.data

Summary protobuf-java is vulnerable to stack overflow attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by...

8.7CVSS6.9AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 11:3 a.m.•7 views

Security Bulletin: Due to the use of Apache Commons IO, IBM WebSphere eXtreme Scale Liberty Deployment is vulnerable to an Uncontrolled Resource Consumption vulnerability

Summary YAJSW service is used for registering XSLD services with operating system. commons-io-2.11.0.jar bundled in YAJSW is vulnerable to CVE-2024-47554. This is fixed in yajsw-stable-13.13. Applying ifix PH65060 will upgrade YAJSW to 13.13 version. Vulnerability Details CVEID:CVE-2024-47554...

4.3CVSS4.4AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:56 a.m.•9 views

Security Bulletin: Vulnerability in pypa/setuptools affects watsonx.data

Summary pypa/setuptools is vulnerable to arbitrary code execution attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. ...

8.8CVSS7.9AI score0.01939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:53 a.m.•17 views

Security Bulletin:Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request,...

7.5CVSS6.6AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:50 a.m.•33 views

Security Bulletin: Vulnerabilities in Apache Kafke affect watsonx.data

Summary Apache Kafka is vulnerable to denial of service attacks and to arbitrary code executed on the system attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By...

8.8CVSS7.7AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:48 a.m.•17 views

Security Bulletin: Vulnerabilities in WebMvc.fn and WebFlux.fn affect watsonx.data

Summary The functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are...

7.5CVSS6.2AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:45 a.m.•15 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314

Summary Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

7.5CVSS6.1AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:44 a.m.•11 views

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sending a...

7.5CVSS6.6AI score0.01762EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:39 a.m.•23 views

Security Bulletin: Vulnerability in json-path affects watsonx.data

Summary json-path is vulnerable to a stack-based buffer overflow allowing an attacker to cause an uncontrolled recursion which results in a denial of service condition. This affects watsonx.data. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of servic...

5.3CVSS7.1AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:34 a.m.•24 views

Security Bulletin: Vulnerabilities in Apache Solr affect watsonx.data

Summary Apache Solr is vulnerable to upload of arbritrary files attacks and to exposure of sensitive information attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Apache Solr could allow a remote attacker to upload arbitrary files, caused by the...

8.8CVSS7.4AI score0.8384EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:27 a.m.•20 views

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34454 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By sending a specially crafted...

7.5CVSS6.9AI score0.01469EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:25 a.m.•23 views

Security Bulletin: Vulnerability in SpringBoot affects watsonx.data

Summary Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-27772 DESCRIPTION: Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system, cause...

7.8CVSS6.3AI score0.00583EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:21 a.m.•53 views

Security Bulletin: Vulnerabilities in JetBrains Kotlin affects watsonx.data

Summary jetBrains Kotlin is vulnerable to sensitive data disclosure and to weaker than expected security. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: JetBrains Kotlin could allow a local authenticated attacker to obtain sensitive information, caused by...

5.3CVSS5.9AI score0.02572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:6 a.m.•18 views

Security Bulletin: Vulnerabilities in SnakeYAML affects wtsonx.data

Summary SnakeYAML is vulnerable to a denial of service attacks and to execute arbitrary code on the system attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML...

9.8CVSS8.4AI score0.99615EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 10:3 a.m.•19 views

Security Bulletin: Vulnerability in Spring WebMvc affects watsonx.data

Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functiona...

7.5CVSS6.5AI score0.54862EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 9:35 a.m.•18 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION:...

5.3CVSS6AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/07 6:27 a.m.•14 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology, version 17. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts. CVSS Source: IBM...

7.3CVSS6.7AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:54 p.m.•25 views

Security Bulletin: IBM Technical Support Appliance - possible excessive use of CPU

Summary HTTPS protocol is used during web session by a TSA user as well as data transfers from TSA to IBM. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps...

5.3CVSS6.6AI score0.8496EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:52 p.m.•14 views

Security Bulletin: IBM B2B Sterling Integrator is vunerable to Denial of Service attack due to Netty

Summary IBM B2B Sterling Integrator is affected by a Denial of Service vulnerability in Netty. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

5.3CVSS6.4AI score0.0138EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35665